Merge branch 'Tecnativa:master' into master

.pre-commit-config.yaml

@@ -11,7 +11,7 @@ repos:
         language: fail
         files: "\\.rej$"
   - repo: https://github.com/pre-commit/mirrors-prettier
-    rev: v2.7.1
+    rev: v3.0.3
     hooks:
       - id: prettier
         additional_dependencies:
@@ -20,7 +20,7 @@ repos:
         args:
           - --plugin=@prettier/plugin-xml
   - repo: https://github.com/myint/autoflake
-    rev: v1.4
+    rev: v2.2.1
     hooks:
       - id: autoflake
         args:
@@ -31,21 +31,21 @@ repos:
           - --remove-duplicate-keys
           - --remove-unused-variables
   - repo: https://github.com/asottile/pyupgrade
-    rev: v2.34.0
+    rev: v3.13.0
     hooks:
       - id: pyupgrade
   - repo: https://github.com/psf/black
-    rev: 22.3.0
+    rev: 23.9.1
     hooks:
       - id: black
   - repo: https://github.com/timothycrosley/isort
-    rev: 5.10.1
+    rev: 5.12.0
     hooks:
       - id: isort
         args:
           - --settings=.
   - repo: https://github.com/pycqa/flake8
-    rev: 3.9.2
+    rev: 6.1.0
     hooks:
       - &flake8
         id: flake8
@@ -60,7 +60,7 @@ repos:
           - --extend-ignore=F401
         files: /__init__\.py$
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.3.0
+    rev: v4.4.0
     hooks:
       - id: check-case-conflict
       - id: check-executables-have-shebangs

Dockerfile

@@ -2,6 +2,8 @@ FROM haproxy:2.2-alpine
 
 EXPOSE 2375
 ENV ALLOW_RESTARTS=0 \
+    ALLOW_STOP=0 \
+    ALLOW_START=0 \
     AUTH=0 \
     BUILD=0 \
     COMMIT=0 \

README.md

@@ -125,6 +125,9 @@ extremely critical but can expose some information that your service does not ne
 -   `COMMIT`
 -   `CONFIGS`
 -   `CONTAINERS`
+-   `ALLOW_START` (containers/`id`/`start`)
+-   `ALLOW_STOP` (containers/`id`/`stop`)
+-   `ALLOW_RESTARTS` (containers/`id`/`stop`|`restart`|`kill`)
 -   `DISTRIBUTION`
 -   `EXEC`
 -   `GRPC`
@@ -230,7 +233,7 @@ env DOCKER_IMAGE_NAME=my_custom_image poetry run pytest
 ## Logging
 
 You can set the logging level or severity level of the messages to be logged with the
-environment variable `LOG_LEVEL`. Defaul value is info. Possible values are: debug,
+environment variable `LOG_LEVEL`. Default value is info. Possible values are: debug,
 info, notice, warning, err, crit, alert and emerg.
 
 ## Supported API versions

haproxy.cfg

@@ -39,10 +39,16 @@ defaults
 backend dockerbackend
     server dockersocket $SOCKET_PATH
 
+backend docker-events
+    server dockersocket $SOCKET_PATH
+    timeout server 0
+
 frontend dockerfrontend
-    bind :2375
+    bind :::2375 v4v6
     http-request deny unless METH_GET || { env(POST) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) } { env(ALLOW_RESTARTS) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/start } { env(ALLOW_START) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/stop } { env(ALLOW_STOP) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth } { env(AUTH) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/build } { env(BUILD) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/commit } { env(COMMIT) -m bool }
@@ -68,3 +74,5 @@ frontend dockerfrontend
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes } { env(VOLUMES) -m bool }
     http-request deny
     default_backend dockerbackend
+
+    use_backend docker-events if { path,url_dec -m reg -i ^(/v[\d\.]+)?/events }