From 08910fecaa85861e921ff219fb22e2efaef7001c Mon Sep 17 00:00:00 2001 From: Ruben Gees Date: Sat, 9 Oct 2021 13:13:52 +0200 Subject: [PATCH] Add support for /grpc api --- Dockerfile | 1 + README.md | 1 + haproxy.cfg | 1 + tests/test_service.py | 1 + 4 files changed, 4 insertions(+) diff --git a/Dockerfile b/Dockerfile index 8c3e71c..87c545b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,6 +10,7 @@ ENV ALLOW_RESTARTS=0 \ DISTRIBUTION=0 \ EVENTS=1 \ EXEC=0 \ + GRPC=0 \ IMAGES=0 \ INFO=0 \ LOG_LEVEL=info \ diff --git a/README.md b/README.md index 2d2f57d..2845fb0 100644 --- a/README.md +++ b/README.md @@ -127,6 +127,7 @@ extremely critical but can expose some information that your service does not ne - `CONTAINERS` - `DISTRIBUTION` - `EXEC` +- `GRPC` - `IMAGES` - `INFO` - `NETWORKS` diff --git a/haproxy.cfg b/haproxy.cfg index 78bdf37..495ca7b 100644 --- a/haproxy.cfg +++ b/haproxy.cfg @@ -51,6 +51,7 @@ frontend dockerfrontend http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/distribution } { env(DISTRIBUTION) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/events } { env(EVENTS) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/exec } { env(EXEC) -m bool } + http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/grpc } { env(GRPC) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images } { env(IMAGES) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/info } { env(INFO) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks } { env(NETWORKS) -m bool } diff --git a/tests/test_service.py b/tests/test_service.py index 097a906..2d38aa1 100644 --- a/tests/test_service.py +++ b/tests/test_service.py @@ -34,6 +34,7 @@ def test_default_permissions(proxy_factory): ("info",), ("system", "info"), ("build", "."), + ("buildx build", "."), ("swarm", "init"), ) _check_permissions(allowed_calls, forbidden_calls)