diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 5de0b65..794c31d 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -11,7 +11,7 @@ repos: language: fail files: "\\.rej$" - repo: https://github.com/pre-commit/mirrors-prettier - rev: v2.7.1 + rev: v3.0.3 hooks: - id: prettier additional_dependencies: @@ -20,7 +20,7 @@ repos: args: - --plugin=@prettier/plugin-xml - repo: https://github.com/myint/autoflake - rev: v1.4 + rev: v2.2.1 hooks: - id: autoflake args: @@ -31,21 +31,21 @@ repos: - --remove-duplicate-keys - --remove-unused-variables - repo: https://github.com/asottile/pyupgrade - rev: v2.34.0 + rev: v3.13.0 hooks: - id: pyupgrade - repo: https://github.com/psf/black - rev: 22.3.0 + rev: 23.9.1 hooks: - id: black - repo: https://github.com/timothycrosley/isort - rev: 5.10.1 + rev: 5.12.0 hooks: - id: isort args: - --settings=. - repo: https://github.com/pycqa/flake8 - rev: 3.9.2 + rev: 6.1.0 hooks: - &flake8 id: flake8 @@ -60,7 +60,7 @@ repos: - --extend-ignore=F401 files: /__init__\.py$ - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.3.0 + rev: v4.4.0 hooks: - id: check-case-conflict - id: check-executables-have-shebangs diff --git a/Dockerfile b/Dockerfile index 7a977ff..28dd497 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,6 +2,8 @@ FROM haproxy:2.2-alpine EXPOSE 2375 ENV ALLOW_RESTARTS=0 \ + ALLOW_STOP=0 \ + ALLOW_START=0 \ AUTH=0 \ BUILD=0 \ COMMIT=0 \ diff --git a/README.md b/README.md index 4b48187..115b2de 100644 --- a/README.md +++ b/README.md @@ -125,6 +125,9 @@ extremely critical but can expose some information that your service does not ne - `COMMIT` - `CONFIGS` - `CONTAINERS` +- `ALLOW_START` (containers/`id`/`start`) +- `ALLOW_STOP` (containers/`id`/`stop`) +- `ALLOW_RESTARTS` (containers/`id`/`stop`|`restart`|`kill`) - `DISTRIBUTION` - `EXEC` - `GRPC` @@ -230,7 +233,7 @@ env DOCKER_IMAGE_NAME=my_custom_image poetry run pytest ## Logging You can set the logging level or severity level of the messages to be logged with the -environment variable `LOG_LEVEL`. Defaul value is info. Possible values are: debug, +environment variable `LOG_LEVEL`. Default value is info. Possible values are: debug, info, notice, warning, err, crit, alert and emerg. ## Supported API versions diff --git a/haproxy.cfg b/haproxy.cfg index 011137e..c87c8d8 100644 --- a/haproxy.cfg +++ b/haproxy.cfg @@ -39,10 +39,16 @@ defaults backend dockerbackend server dockersocket $SOCKET_PATH +backend docker-events + server dockersocket $SOCKET_PATH + timeout server 0 + frontend dockerfrontend - bind :2375 + bind :::2375 v4v6 http-request deny unless METH_GET || { env(POST) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) } { env(ALLOW_RESTARTS) -m bool } + http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/start } { env(ALLOW_START) -m bool } + http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/stop } { env(ALLOW_STOP) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth } { env(AUTH) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/build } { env(BUILD) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/commit } { env(COMMIT) -m bool } @@ -68,3 +74,5 @@ frontend dockerfrontend http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes } { env(VOLUMES) -m bool } http-request deny default_backend dockerbackend + + use_backend docker-events if { path,url_dec -m reg -i ^(/v[\d\.]+)?/events }