Comments (3)
odg0318
commented on June 18, 2024
Addition
Empty Plugin
I implemented an empty authorization plugin and dumped request to check RequestBody and flow.
package main
import (
"fmt"
"github.com/docker/go-plugins-helpers/authorization"
)
type Plugin struct {
}
func (p Plugin) AuthZReq(req authorization.Request) authorization.Response {
fmt.Printf("%+v\n", req)
return authorization.Response{Allow: true}
}
func (p Plugin) AuthZRes(req authorization.Request) authorization.Response {
return authorization.Response{Allow: true}
}
func main() {
p := Plugin{}
h := authorization.NewHandler(p)
h.ServeTCP("0.0.0.0", ":9999", "", nil)
}{User:client UserAuthNMethod:TLS RequestMethod:GET RequestURI:/containers/json?all=1&filters=%7B%22name%22:%5B%22%5E%2Ftest$%22%5D%7D RequestBody:[] RequestHeaders:map[X-Forwarded-For:10.2.0.2 Accept:application/json, text/plain, */* Accept-Encoding:gzip, deflate, br Accept-Language:ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7 Cookie:_ga=GA1.1.734966946.1509693905; _gid=GA1.1.1988790202.1522732951; __lnkrntdmcvrd=-1 Referer:http://127.0.0.1:9000/ User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36] RequestPeerCertificates:[0xc420349b80] ResponseStatusCode:0 ResponseBody:[] ResponseHeaders:map[]}
{User:client UserAuthNMethod:TLS RequestMethod:POST RequestURI:/images/create?fromImage=alpine&tag=3.7 RequestBody:[] RequestHeaders:map[Content-Length:34 Content-Type:application/json;charset=UTF-8 Cookie:_ga=GA1.1.734966946.1509693905; _gid=GA1.1.1988790202.1522732951; __lnkrntdmcvrd=-1 Origin:http://127.0.0.1:9000 Referer:http://127.0.0.1:9000/ X-Forwarded-For:10.2.0.2 Accept-Encoding:gzip, deflate, br Accept-Language:ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7 User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 Accept:application/json, text/plain, */*] RequestPeerCertificates:[0xc42034b180] ResponseStatusCode:0 ResponseBody:[] ResponseHeaders:map[]}
{User:client UserAuthNMethod:TLS RequestMethod:POST RequestURI:/containers/create?name=test RequestBody:[] RequestHeaders:map[Accept-Encoding:gzip, deflate, br Content-Type:application/json;charset=UTF-8 Origin:http://127.0.0.1:9000 X-Forwarded-For:10.2.0.2 Accept:application/json, text/plain, */* Accept-Language:ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7 Content-Length:413 Cookie:_ga=GA1.1.734966946.1509693905; _gid=GA1.1.1988790202.1522732951; __lnkrntdmcvrd=-1 Referer:http://127.0.0.1:9000/ User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36] RequestPeerCertificates:[0xc42036cb00] ResponseStatusCode:0 ResponseBody:[] ResponseHeaders:map[]}
{User:client UserAuthNMethod:TLS RequestMethod:POST RequestURI:/containers/339dbdaa6364ec95900d19682adc42c94e612182b8b368b9ea94def5eb8a56b3/start RequestBody:[] RequestHeaders:map[Accept:application/json, text/plain, */* Accept-Encoding:gzip, deflate, br Content-Length:2 Content-Type:application/json;charset=UTF-8 Cookie:_ga=GA1.1.734966946.1509693905; _gid=GA1.1.1988790202.1522732951; __lnkrntdmcvrd=-1 User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 X-Forwarded-For:10.2.0.2 Accept-Language:ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7 Origin:http://127.0.0.1:9000 Referer:http://127.0.0.1:9000/] RequestPeerCertificates:[0xc42036e100] ResponseStatusCode:0 ResponseBody:[] ResponseHeaders:map[]}
{User:client UserAuthNMethod:TLS RequestMethod:GET RequestURI:/containers/json?all=1 RequestBody:[] RequestHeaders:map[Accept:application/json, text/plain, */* Accept-Encoding:gzip, deflate, br Accept-Language:ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7 Cookie:_ga=GA1.1.734966946.1509693905; _gid=GA1.1.1988790202.1522732951; __lnkrntdmcvrd=-1 Referer:http://127.0.0.1:9000/ User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 X-Forwarded-For:10.2.0.2] RequestPeerCertificates:[0xc42036f700] ResponseStatusCode:0 ResponseBody:[] ResponseHeaders:map[]}
I found that RequestBody is also empty in empty plugin.
docker cli over TLS
I tried to execute docker cli over TLS.
docker --tlsverify --tlscacert=/etc/docker/certs/ca.crt --tlscert=/etc/docker/certs/client/client.crt --tlskey=/etc/docker/certs/client/client.key-H 127.0.0.1:2376 run -itd --name=test library/alpine:3.7
In this case, RequestBody is not empty and it works fine.
from hbm.
commented on June 18, 2024
quick like that, could you try to update hbm to 0.9.5. What is the Docker API that Portainer uses?
from hbm.
odg0318
commented on June 18, 2024
This is not related to hbm.
portainer/portainer#1785
moby/moby#36778
I will close this issue.
from hbm.
Related Issues (20)
- panic with docker-compose HOT 8
- Policy for multiple private registries HOT 2
- Running an image already stored in local repository HOT 9
- With syslog, an error occured. HOT 6
- Feature request; audit log for policy change. HOT 2
- Feature Request: Block Public Docker Registry HOT 12
- Restrict ip address range in user-defined network
- Match whole collection against a policy HOT 1
- Panic / AuthZPlugin.AuthZReq: an error occurred; contact your system administrator HOT 4
- documentation broken links HOT 3
- move hbm to a managed plugin instead of a legacy one
- Allow running locally built images with arbitrary names
- Runtime error HOT 7
- harbormaster.io DNS expired HOT 2
- Recursive volume mount, does not check source path
- docker stack deploy fails even if port is allowed HOT 1
- Resourcetype volumedriver missing? HOT 1
- Hbm go code query
- Connecting back to the Docker host
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hbm.