API Documentation

Summary

API Details

POST /AuthZPlugin.AuthZReq

Process a request for authorization.

This is one of the main feature of this plugin. Depending on the configuration, the system, will allow or deny a request.

For a specific user, if no configuration match the RequestMethod and the RequestUri, then the default action is to deny the request.

See also

Function authz_response() for response authentication.

See also

See official docker documentation.

Request:

GET /AuthZPlugin.AuthZReq HTTP/1.1
Host: example.com
Accept: application/json

{
  "User": "mal",
  "AuthenticationMethod": "TLS",
  "RequestMethod": "POST",
  "RequestUri": "/v1.32/containers/json",
  "RequestHeaders": "<base64 encoded string>",
  "RequestBody": "<base64 encoded string>"
}

Response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: application/json

{
  "Allow": "true",
  "Msg": "Authorization granted",
  "Err": "Authorization granted"
}

Request Headers:  

• Accept – application/json

Request JSON Object:  

• User (string) – The user identification
• AuthenticationMethod (string) – The authentication method used
• RequestMethod (enum) – The HTTP method (GET/DELETE/POST)
• RequestUri (string) – The HTTP request URI including API version (e.g., /v1.32/containers/json)
• RequestHeaders (map[string]string) – Request headers as key value pairs (without the authorization header)
• RequestBody ([]byte) – Raw request body

Response JSON Object:  

• Allow (bool) – Boolean value indicating whether the request is allowed or denied
• Msg (string) – Authorization message (will be returned to the client in case the access is denied)
• Err (string) – Error message. Will be returned to the client in case the plugin encounter an error. The string value supplied may appear in logs, so should not include confidential information.

Response Headers:  

• Content-Type – application/json

Status Codes:

• 200 OK – valid response
• 400 Bad Request – malformed request
• 422 Unprocessable Entity – invalid parameters

Rtype:

flask.Response

POST /AuthZPlugin.AuthZRes

Process a response for authorization.

This is one of the main feature of this plugin. Depending on the configuration, the system, will allow or deny a request.

Warning

In the current version, we don’t check any parameter, and always accept the request.

In contrast to authz_response(), this endpoint is called after the action has been processed by the docker daemon. The request payload contains additional fields representing the response from the daemon.

See also

Function authz_request() for request authentication.

See also

Check the official docker documentation.

Request:

GET /AuthZPlugin.AuthZReq HTTP/1.1
Host: example.com
Accept: application/json

{
  "User": "mal",
  "AuthenticationMethod": "TLS",
  "RequestMethod": "POST",
  "RequestUri": "/v1.32/containers/json",
  "RequestHeaders": "<base64 encoded string>",
  "RequestBody": "<base64 encoded string>",
  "ResponseStatusCode": "200",
  "ResponseHeaders": "<base64 encoded string>",
  "ResponseBody": "<base64 encoded string>"
}

Response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: application/json

{
  "Allow": "true",
  "Msg": "Authorization granted",
  "Err": "Authorization granted"
}

Request Headers:  

• Accept – application/json

Request JSON Object:  

• User (string) – The user identification
• AuthenticationMethod (string) – The authentication method used
• RequestMethod (enum) – The HTTP method (GET/DELETE/POST)
• RequestUri (string) – The HTTP request URI including API version (e.g., /v1.32/containers/json)
• RequestHeaders (map[string]string) – Request headers as key value pairs (without the authorization header)
• RequestBody ([]byte) – Raw request body
• ResponseStatusCode (int) – Status code from the docker daemon
• ResponseHeaders (map[string]string) – Response headers as key value pairs
• ResponseBody ([]byte) – Raw docker daemon response body

Response JSON Object:  

• Allow (bool) – Boolean value indicating whether the request is allowed or denied
• Msg (string) – Authorization message (will be returned to the client in case the access is denied)
• Err (string) – Error message. Will be returned to the client in case the plugin encounter an error. The string value supplied may appear in logs, so should not include confidential information.

Response Headers:  

• Content-Type – application/json

Status Codes:

• 200 OK – valid response
• 400 Bad Request – malformed request
• 422 Unprocessable Entity – invalid parameters

Rtype:

flask.Response

POST /Plugin.Activate

Return implemented event system.

It is used internally by the Docker daemon to indicate which event system is concerned by the plugin. In the case of this plugin, it return authz.

See the official docker documentation.

Request:

GET /Plugin.Activate HTTP/1.1
Host: example.com
Accept: application/json

Response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: application/json

{
  "Implements": ["authz"]
}

Response Headers:  

• Content-Type – application/json

Status Codes:

• 200 OK – valid response

Rtype:

flask.Response

GET /

Main entry point. it respond to the GET method for the / uri.