From 08910fecaa85861e921ff219fb22e2efaef7001c Mon Sep 17 00:00:00 2001
From: Ruben Gees <rubengees7@googlemail.com>
Date: Sat, 9 Oct 2021 13:13:52 +0200
Subject: [PATCH] Add support for /grpc api
---
Dockerfile | 1 +
README.md | 1 +
haproxy.cfg | 1 +
tests/test_service.py | 1 +
4 files changed, 4 insertions(+)
diff --git a/Dockerfile b/Dockerfile
index 8c3e71c..87c545b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -10,6 +10,7 @@ ENV ALLOW_RESTARTS=0 \
DISTRIBUTION=0 \
EVENTS=1 \
EXEC=0 \
+ GRPC=0 \
IMAGES=0 \
INFO=0 \
LOG_LEVEL=info \
diff --git a/README.md b/README.md
index 2d2f57d..2845fb0 100644
--- a/README.md
+++ b/README.md
@@ -127,6 +127,7 @@ extremely critical but can expose some information that your service does not ne
- `CONTAINERS`
- `DISTRIBUTION`
- `EXEC`
+- `GRPC`
- `IMAGES`
- `INFO`
- `NETWORKS`
diff --git a/haproxy.cfg b/haproxy.cfg
index 78bdf37..495ca7b 100644
--- a/haproxy.cfg
+++ b/haproxy.cfg
@@ -51,6 +51,7 @@ frontend dockerfrontend
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/distribution } { env(DISTRIBUTION) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/events } { env(EVENTS) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/exec } { env(EXEC) -m bool }
+ http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/grpc } { env(GRPC) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images } { env(IMAGES) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/info } { env(INFO) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks } { env(NETWORKS) -m bool }
diff --git a/tests/test_service.py b/tests/test_service.py
index 097a906..2d38aa1 100644
--- a/tests/test_service.py
+++ b/tests/test_service.py
@@ -34,6 +34,7 @@ def test_default_permissions(proxy_factory):
("info",),
("system", "info"),
("build", "."),
+ ("buildx build", "."),
("swarm", "init"),
)
_check_permissions(allowed_calls, forbidden_calls)
--
GitLab