API Documentation¶
Summary¶
API Details¶
-
POST
/AuthZPlugin.AuthZReq
¶ Process a request for authorization.
This is one of the main feature of this plugin. Depending on the configuration, the system, will allow or deny a request.
For a specific user, if no configuration match the RequestMethod and the RequestUri, then the default action is to deny the request.
See also
Function
authz_response()
for response authentication.See also
Request:
GET /AuthZPlugin.AuthZReq HTTP/1.1 Host: example.com Accept: application/json { "User": "mal", "AuthenticationMethod": "TLS", "RequestMethod": "POST", "RequestUri": "/v1.32/containers/json", "RequestHeaders": "<base64 encoded string>", "RequestBody": "<base64 encoded string>" }
Response:
HTTP/1.1 200 OK Vary: Accept Content-Type: application/json { "Allow": "true", "Msg": "Authorization granted", "Err": "Authorization granted" }
Request Headers: - Accept – application/json
Request JSON Object: - User (string) – The user identification
- AuthenticationMethod (string) – The authentication method used
- RequestMethod (enum) – The HTTP method (GET/DELETE/POST)
- RequestUri (string) – The HTTP request URI including API version (e.g., /v1.32/containers/json)
- RequestHeaders (map[string]string) – Request headers as key value pairs (without the authorization header)
- RequestBody ([]byte) – Raw request body
Response JSON Object: - Allow (bool) – Boolean value indicating whether the request is allowed or denied
- Msg (string) – Authorization message (will be returned to the client in case the access is denied)
- Err (string) – Error message. Will be returned to the client in case the plugin encounter an error. The string value supplied may appear in logs, so should not include confidential information.
Response Headers: - Content-Type – application/json
Status Codes: - 200 OK – valid response
- 400 Bad Request – malformed request
- 422 Unprocessable Entity – invalid parameters
Rtype:
-
POST
/AuthZPlugin.AuthZRes
¶ Process a response for authorization.
This is one of the main feature of this plugin. Depending on the configuration, the system, will allow or deny a request.
Warning
In the current version, we don’t check any parameter, and always accept the request.
In contrast to
authz_response()
, this endpoint is called after the action has been processed by the docker daemon. The request payload contains additional fields representing the response from the daemon.See also
Function
authz_request()
for request authentication.See also
Check the official docker documentation.
Request:
GET /AuthZPlugin.AuthZReq HTTP/1.1 Host: example.com Accept: application/json { "User": "mal", "AuthenticationMethod": "TLS", "RequestMethod": "POST", "RequestUri": "/v1.32/containers/json", "RequestHeaders": "<base64 encoded string>", "RequestBody": "<base64 encoded string>", "ResponseStatusCode": "200", "ResponseHeaders": "<base64 encoded string>", "ResponseBody": "<base64 encoded string>" }
Response:
HTTP/1.1 200 OK Vary: Accept Content-Type: application/json { "Allow": "true", "Msg": "Authorization granted", "Err": "Authorization granted" }
Request Headers: - Accept – application/json
Request JSON Object: - User (string) – The user identification
- AuthenticationMethod (string) – The authentication method used
- RequestMethod (enum) – The HTTP method (GET/DELETE/POST)
- RequestUri (string) – The HTTP request URI including API version (e.g., /v1.32/containers/json)
- RequestHeaders (map[string]string) – Request headers as key value pairs (without the authorization header)
- RequestBody ([]byte) – Raw request body
- ResponseStatusCode (int) – Status code from the docker daemon
- ResponseHeaders (map[string]string) – Response headers as key value pairs
- ResponseBody ([]byte) – Raw docker daemon response body
Response JSON Object: - Allow (bool) – Boolean value indicating whether the request is allowed or denied
- Msg (string) – Authorization message (will be returned to the client in case the access is denied)
- Err (string) – Error message. Will be returned to the client in case the plugin encounter an error. The string value supplied may appear in logs, so should not include confidential information.
Response Headers: - Content-Type – application/json
Status Codes: - 200 OK – valid response
- 400 Bad Request – malformed request
- 422 Unprocessable Entity – invalid parameters
Rtype:
-
POST
/Plugin.Activate
¶ Return implemented event system.
It is used internally by the Docker daemon to indicate which event system is concerned by the plugin. In the case of this plugin, it return authz.
See the official docker documentation.
Request:
GET /Plugin.Activate HTTP/1.1 Host: example.com Accept: application/json
Response:
HTTP/1.1 200 OK Vary: Accept Content-Type: application/json { "Implements": ["authz"] }
Response Headers: - Content-Type – application/json
Status Codes: - 200 OK – valid response
Rtype:
-
GET
/
¶ Main entry point. it respond to the GET method for the / uri.