Signed-off-by: zhenghenghuo <zhenghenghuo@zju.edu.cn>
try to pass test
Signed-off-by: zhenghenghuo <zhenghenghuo@zju.edu.cn>
try to pass the test
Signed-off-by: zhenghenghuo <zhenghenghuo@zju.edu.cn>
Move plugins to shared distribution stack with images.
Create immutable plugin config that matches schema2 requirements.
Ensure data being pushed is same as pulled/created.
Store distribution artifacts in a blobstore.
Run init layer setup for every plugin start.
Fix breakouts from unsafe file accesses.
Add support for `docker plugin install --alias`
Uses normalized references for default names to avoid collisions when using default hosts/tags.
Some refactoring of the plugin manager to support the change, like removing the singleton manager and adding manager config struct.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Legacy plugins expect host-relative paths (such as for Volume.Mount).
However, a containerized plugin cannot respond with a host-relative
path. Therefore, this commit modifies new volume plugins' paths in Mount
and List to prepend the container's rootfs path.
This introduces a new PropagatedMount field in the Plugin Config.
When it is set for volume plugins, RootfsPropagation is set to rshared
and the path specified by PropagatedMount is bind-mounted with rshared
prior to launching the container. This is so that the daemon code can
access the paths returned by the plugin from the host mount namespace.
Signed-off-by: Tibor Vass <tibor@docker.com>
Some frontmatter such as the weights, menu stuff, etc is no longer used
'draft=true' becomes 'published: false'
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
Following #22729, enable to dynamically reload/remove the daemon
authorization plugins (via standard reloading mechanism).
https://docs.docker.com/engine/reference/commandline/daemon/#daemon-
configuration-file
Daemon must store a reference to the authorization middleware to refresh
the plugin on configuration changes.
Signed-off-by: Liron Levin <liron@twistlock.com>
These docs have AuthzPlugin with a lower case 'z'. What the plugin
api is actually looking for is AuthZPlugin with an upper case 'Z'.
See 46e3a249a1/pkg/authorization/api.go (L5-L8)
Signed-off-by: Everett Toews <everett.toews@rackspace.com>
Add a `--network` flag which replaces `--net` without deprecating it
yet. The `--net` flag remains hidden and supported.
Add a `--network-alias` flag which replaces `--net-alias` without deprecating
it yet. The `--net-alias` flag remains hidden and supported.
Signed-off-by: Arnaud Porterie (icecrime) <arnaud.porterie@docker.com>
This is similar to network scopes where a volume can either be `local`
or `global`. A `global` volume is one that exists across the entire
cluster where as a `local` volume exists on a single engine.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Add reference to https://github.com/vmware/docker-volume-vsphere to Docker's list of plugins.
This is an officially supported plugin from VMware.
Signed-off-by: Ritesh H Shukla <sritesh@vmware.com>
This generates an ID string for calls to Mount/Unmount, allowing drivers
to differentiate between two callers of `Mount` and `Unmount`.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
The `Status` field is a `map[string]interface{}` which allows the driver to pass
back low-level details about the underlying volume.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Following the discussion in #21556, adding a short description of the
default user authentication mechanism (without requiring authentication
plugins)
Signed-off-by: Liron Levin <liron@twistlock.com>
This fix updates the Plugin API docs to cover the case of remote
plugins which could be deployed on a host different from the
docker host, through spec or json files.
This fix closes#20188.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Fixing the links
Updating with Seb's comments
Adding weight
Fixing the engine aliases
Updating after Arun pushed
Removing empty file
Signed-off-by: Mary Anthony <mary@docker.com>
This commit includes the correct project link and also
includes a consolidated list of drivers that are supported.
Signed-off-by: Clinton Kitson <clintonskitson@gmail.com>
- fix naming and formatting
- provide more context when erroring auth
- do not capitalize errors
- fix wrong documentation
- remove ugly remoteError{}
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Each plug-in operates as a separate service, and registers with Docker
through general (plug-ins API)
[https://blog.docker.com/2015/06/extending-docker-with-plugins/]. No
Docker daemon recompilation is required in order to add / remove an
authentication plug-in. Each plug-in is notified twice for each
operation: 1) before the operation is performed and, 2) before the
response is returned to the client. The plug-ins can modify the response
that is returned to the client.
The authorization depends on the authorization effort that takes place
in parallel [https://github.com/docker/docker/issues/13697].
This is the official issue of the authorization effort:
https://github.com/docker/docker/issues/14674
(Here)[https://github.com/rhatdan/docker-rbac] you can find an open
document that discusses a default RBAC plug-in for Docker.
Signed-off-by: Liron Levin <liron@twistlock.com>
Added container create flow test and extended the verification for ps
Tibor Vass
Victor Vieux
Ovidio Mallo
zhenghenghuo
yuexiao-wang
Brian Goff
Tonis Tiigi
Hongbin Lu
lixiaobing10051267
Victor Vieux
Misty Stanley-Jones
Ben Firshman
Sebastiaan van Stijn
Riyaz Faizullabhoy
Gaetan de Villele
Ding Fei
John Mulhausen
Jeff Silberman
unclejack
Charles Smith
Liron Levin
Everett Toews
Yanqiang Miao
Arnaud Porterie (icecrime)
Vincent Demeester
Keith Hudgins
Sven Dowideit
Ahmet Alp Balkan
Kirill Kolyshkin
Ritesh H Shukla
Roland Kammerer
Jeremy Unruh
Yi EungJun
Lorenzo Fontana
Wen Cheng Ma
Jared Hocutt
Yi EungJun
Máximo Cuadros
Yong Tang
Antonio Murdaca
Linus Heckemann
Linus Heckemann
Cameron Spear
Muthukumar R
Mohammad Banikazemi
Felix Hupfeld
Mary Anthony
Joe Doliner
Clinton Kitson
Ilya Dmitrichenko
Ray Tsang
Dima Stopel
pidster
Gou Rao
rsmoorthy