arno/docker-socket-proxy
1
0
Fork 0
mirror of https://github.com/Tecnativa/docker-socket-proxy synced 2024-12-21 14:18:07 +00:00
Code Issues Releases Wiki Activity

Add support for /grpc api

Browse Source
This commit is contained in:
Ruben Gees 2021-10-09 13:13:52 +02:00 committed by João Marques
parent f48305fe92
commit 08910fecaa
4 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Dockerfile
View File

@ -10,6 +10,7 @@ ENV ALLOW_RESTARTS=0 \
DISTRIBUTION=0 \ DISTRIBUTION=0 \
EVENTS=1 \ EVENTS=1 \
EXEC=0 \ EXEC=0 \
GRPC=0 \
IMAGES=0 \ IMAGES=0 \
INFO=0 \ INFO=0 \
LOG_LEVEL=info \ LOG_LEVEL=info \

1
README.md
View File

@ -127,6 +127,7 @@ extremely critical but can expose some information that your service does not ne
- `CONTAINERS` - `CONTAINERS`
- `DISTRIBUTION` - `DISTRIBUTION`
- `EXEC` - `EXEC`
- `GRPC`
- `IMAGES` - `IMAGES`
- `INFO` - `INFO`
- `NETWORKS` - `NETWORKS`

1
haproxy.cfg
View File

@ -51,6 +51,7 @@ frontend dockerfrontend
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/distribution } { env(DISTRIBUTION) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/distribution } { env(DISTRIBUTION) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/events } { env(EVENTS) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/events } { env(EVENTS) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/exec } { env(EXEC) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/exec } { env(EXEC) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/grpc } { env(GRPC) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images } { env(IMAGES) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images } { env(IMAGES) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/info } { env(INFO) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/info } { env(INFO) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks } { env(NETWORKS) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks } { env(NETWORKS) -m bool }

1
tests/test_service.py
View File

@ -34,6 +34,7 @@ def test_default_permissions(proxy_factory):
("info",), ("info",),
("system", "info"), ("system", "info"),
("build", "."), ("build", "."),
("buildx build", "."),
("swarm", "init"), ("swarm", "init"),
) )
_check_permissions(allowed_calls, forbidden_calls) _check_permissions(allowed_calls, forbidden_calls)