mirror of https://github.com/docker/cli.git
authZ: more fixes
- fix naming and formatting - provide more context when erroring auth - do not capitalize errors - fix wrong documentation - remove ugly remoteError{} Signed-off-by: Antonio Murdaca <runcom@redhat.com>
This commit is contained in:
parent
752b902123
commit
d00b518979
|
@ -104,9 +104,6 @@ Docker's authorization subsystem supports multiple `--authz-plugin` parameters.
|
||||||
|
|
||||||
### Calling authorized command (allow)
|
### Calling authorized command (allow)
|
||||||
|
|
||||||
Your plugin must support calling the `allow` command to authorize a command.
|
|
||||||
This call does not impact Docker's command line.
|
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
$ docker pull centos
|
$ docker pull centos
|
||||||
...
|
...
|
||||||
|
@ -116,22 +113,20 @@ f1b10cd84249: Pull complete
|
||||||
|
|
||||||
### Calling unauthorized command (deny)
|
### Calling unauthorized command (deny)
|
||||||
|
|
||||||
Your plugin must support calling the `deny` command to report on the outcome of
|
```bash
|
||||||
a plugin interaction. This call returns messages to Docker's command line informing
|
$ docker pull centos
|
||||||
the user of the outcome of each call.
|
...
|
||||||
|
docker: Error response from daemon: authorization denied by plugin PLUGIN_NAME: volumes are not allowed.
|
||||||
|
```
|
||||||
|
|
||||||
|
### Error from plugins
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
$ docker pull centos
|
$ docker pull centos
|
||||||
…
|
...
|
||||||
Authorization failed. Pull command for user 'john_doe' is
|
docker: Error response from daemon: plugin PLUGIN_NAME failed with error: AuthZPlugin.AuthZReq: Cannot connect to the Docker daemon. Is the docker daemon running on this host?.
|
||||||
denied by authorization plugin 'ACME' with message
|
|
||||||
‘[ACME] User 'john_doe' is not allowed to perform the pull
|
|
||||||
command’
|
|
||||||
```
|
```
|
||||||
|
|
||||||
Where multiple authorization plugins are installed, multiple messages are expected.
|
|
||||||
|
|
||||||
|
|
||||||
## API schema and implementation
|
## API schema and implementation
|
||||||
|
|
||||||
In addition to Docker's standard plugin registration method, each plugin
|
In addition to Docker's standard plugin registration method, each plugin
|
||||||
|
|
Loading…
Reference in New Issue