Commit Graph

9 Commits

Author SHA1 Message Date
Tibor Vass 7f6a7ed8d1 Rename authz to authorization for greater clarity
Signed-off-by: Tibor Vass <tibor@docker.com>
2017-06-02 00:07:23 +00:00
Antonio Murdaca e5b94ba3ef docs: extend: authorization.md: add a note about confidential stuff in Err
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:20 +00:00
Antonio Murdaca d00b518979 authZ: more fixes
- fix naming and formatting
- provide more context when erroring auth
- do not capitalize errors
- fix wrong documentation
- remove ugly remoteError{}

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:20 +00:00
Antonio Murdaca e79f2fcc21 pkg: authorization: add Err to tweak response status code
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-02 00:07:20 +00:00
Liron Levin 53c1cb81c0 Change authz plugin argument name
Signed-off-by: Liron Levin <liron@twistlock.com>
2017-06-02 00:07:20 +00:00
Dima Stopel a8a3c47ee5 Fixing documentation comments by @thaJeztah
Signed-off-by: Dima Stopel <dima@twistlock.com>
2017-06-02 00:07:20 +00:00
Dima Stopel 00962f362b Fixing documentation according to comments by @moxiegirl and @thaJeztah
Signed-off-by: Dima Stopel <dima@twistlock.com>
2017-06-02 00:07:20 +00:00
Liron Levin 67d3265c4b Docker authorization plug-in infrastructure enables extending the functionality of the Docker daemon with respect to user authorization. The infrastructure enables registering a set of external authorization plug-in. Each plug-in receives information about the user and the request and decides whether to allow or deny the request. Only in case all plug-ins allow accessing the resource the access is granted.
Each plug-in operates as a separate service, and registers with Docker
through general (plug-ins API)
[https://blog.docker.com/2015/06/extending-docker-with-plugins/]. No
Docker daemon recompilation is required in order to add / remove an
authentication plug-in. Each plug-in is notified twice for each
operation: 1) before the operation is performed and, 2) before the
response is returned to the client. The plug-ins can modify the response
that is returned to the client.

The authorization depends on the authorization effort that takes place
in parallel [https://github.com/docker/docker/issues/13697].

This is the official issue of the authorization effort:
https://github.com/docker/docker/issues/14674

(Here)[https://github.com/rhatdan/docker-rbac] you can find an open
document that discusses a default RBAC plug-in for Docker.

Signed-off-by: Liron Levin <liron@twistlock.com>
Added container create flow test and extended the verification for ps
2017-06-02 00:07:20 +00:00
Dima Stopel 87f1223216 Adding authorization subsystem documentation
Signed-off-by: Dima Stopel <dima@twistlock.com>
2017-06-02 00:07:20 +00:00