Skip to content
Snippets Groups Projects
Commit 08910fec authored by Ruben Gees's avatar Ruben Gees Committed by João Marques
Browse files

Add support for /grpc api

parent f48305fe
No related branches found
No related tags found
No related merge requests found
...@@ -10,6 +10,7 @@ ENV ALLOW_RESTARTS=0 \ ...@@ -10,6 +10,7 @@ ENV ALLOW_RESTARTS=0 \
DISTRIBUTION=0 \ DISTRIBUTION=0 \
EVENTS=1 \ EVENTS=1 \
EXEC=0 \ EXEC=0 \
GRPC=0 \
IMAGES=0 \ IMAGES=0 \
INFO=0 \ INFO=0 \
LOG_LEVEL=info \ LOG_LEVEL=info \
......
...@@ -127,6 +127,7 @@ extremely critical but can expose some information that your service does not ne ...@@ -127,6 +127,7 @@ extremely critical but can expose some information that your service does not ne
- `CONTAINERS` - `CONTAINERS`
- `DISTRIBUTION` - `DISTRIBUTION`
- `EXEC` - `EXEC`
- `GRPC`
- `IMAGES` - `IMAGES`
- `INFO` - `INFO`
- `NETWORKS` - `NETWORKS`
......
...@@ -51,6 +51,7 @@ frontend dockerfrontend ...@@ -51,6 +51,7 @@ frontend dockerfrontend
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/distribution } { env(DISTRIBUTION) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/distribution } { env(DISTRIBUTION) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/events } { env(EVENTS) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/events } { env(EVENTS) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/exec } { env(EXEC) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/exec } { env(EXEC) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/grpc } { env(GRPC) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images } { env(IMAGES) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images } { env(IMAGES) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/info } { env(INFO) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/info } { env(INFO) -m bool }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks } { env(NETWORKS) -m bool } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks } { env(NETWORKS) -m bool }
......
...@@ -34,6 +34,7 @@ def test_default_permissions(proxy_factory): ...@@ -34,6 +34,7 @@ def test_default_permissions(proxy_factory):
("info",), ("info",),
("system", "info"), ("system", "info"),
("build", "."), ("build", "."),
("buildx build", "."),
("swarm", "init"), ("swarm", "init"),
) )
_check_permissions(allowed_calls, forbidden_calls) _check_permissions(allowed_calls, forbidden_calls)
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment