Browse code
Change authz plugin argument name
Signed-off-by: Liron Levin <liron@twistlock.com>
Liron Levin authored on 2015/12/12 03:59:15Showing 5 changed files
- daemon/config.go
- docs/extend/authorization.md
- docs/reference/commandline/daemon.md
- integration-cli/docker_cli_authz_unix_test.go
- man/docker-daemon.8.md
| ... | ... |
@@ -55,7 +55,7 @@ type CommonConfig struct {
|
| 55 | 55 |
// from the command-line. |
| 56 | 56 |
func (config *Config) InstallCommonFlags(cmd *flag.FlagSet, usageFn func(string) string) {
|
| 57 | 57 |
cmd.Var(opts.NewListOptsRef(&config.GraphOptions, nil), []string{"-storage-opt"}, usageFn("Set storage driver options"))
|
| 58 |
- cmd.Var(opts.NewListOptsRef(&config.AuthZPlugins, nil), []string{"-authz-plugins"}, usageFn("List authorization plugins in order from first evaluator to last"))
|
|
| 58 |
+ cmd.Var(opts.NewListOptsRef(&config.AuthZPlugins, nil), []string{"-authz-plugin"}, usageFn("List authorization plugins in order from first evaluator to last"))
|
|
| 59 | 59 |
cmd.Var(opts.NewListOptsRef(&config.ExecOptions, nil), []string{"-exec-opt"}, usageFn("Set exec driver options"))
|
| 60 | 60 |
cmd.StringVar(&config.Pidfile, []string{"p", "-pidfile"}, defaultPidFile, usageFn("Path to use for daemon PID file"))
|
| 61 | 61 |
cmd.StringVar(&config.Root, []string{"g", "-graph"}, defaultGraph, usageFn("Root of the Docker runtime"))
|
| ... | ... |
@@ -93,14 +93,14 @@ support the Docker client interactions detailed in this section. |
| 93 | 93 |
### Setting up Docker daemon |
| 94 | 94 |
|
| 95 | 95 |
Enable the authorization plugin with a dedicated command line flag in the |
| 96 |
-`--authz-plugins=PLUGIN_ID` format. The flag supplies a `PLUGIN_ID` value. |
|
| 96 |
+`--authz-plugin=PLUGIN_ID` format. The flag supplies a `PLUGIN_ID` value. |
|
| 97 | 97 |
This value can be the plugin’s socket or a path to a specification file. |
| 98 | 98 |
|
| 99 | 99 |
```bash |
| 100 |
-$ docker daemon --authz-plugins=plugin1 --authz-plugins=plugin2,... |
|
| 100 |
+$ docker daemon --authz-plugin=plugin1 --authz-plugin=plugin2,... |
|
| 101 | 101 |
``` |
| 102 | 102 |
|
| 103 |
-Docker's authorization subsystem supports multiple `--authz-plugins` parameters. |
|
| 103 |
+Docker's authorization subsystem supports multiple `--authz-plugin` parameters. |
|
| 104 | 104 |
|
| 105 | 105 |
### Calling authorized command (allow) |
| 106 | 106 |
|
| ... | ... |
@@ -17,7 +17,7 @@ weight = -1 |
| 17 | 17 |
|
| 18 | 18 |
Options: |
| 19 | 19 |
--api-cors-header="" Set CORS headers in the remote API |
| 20 |
- --authz-plugins=[] Set authorization plugins to load |
|
| 20 |
+ --authz-plugin=[] Set authorization plugins to load |
|
| 21 | 21 |
-b, --bridge="" Attach containers to a network bridge |
| 22 | 22 |
--bip="" Specify network bridge IP |
| 23 | 23 |
-D, --debug=false Enable debug mode |
| ... | ... |
@@ -607,10 +607,10 @@ The currently supported cluster store options are: |
| 607 | 607 |
Docker's access authorization can be extended by authorization plugins that your |
| 608 | 608 |
organization can purchase or build themselves. You can install one or more |
| 609 | 609 |
authorization plugins when you start the Docker `daemon` using the |
| 610 |
-`--authz-plugins=PLUGIN_ID` option. |
|
| 610 |
+`--authz-plugin=PLUGIN_ID` option. |
|
| 611 | 611 |
|
| 612 | 612 |
```bash |
| 613 |
-docker daemon --authz-plugins=plugin1 --authz-plugins=plugin2,... |
|
| 613 |
+docker daemon --authz-plugin=plugin1 --authz-plugin=plugin2,... |
|
| 614 | 614 |
``` |
| 615 | 615 |
|
| 616 | 616 |
The `PLUGIN_ID` value is either the plugin's name or a path to its specification |
| ... | ... |
@@ -156,7 +156,7 @@ func (s *DockerAuthzSuite) TearDownSuite(c *check.C) {
|
| 156 | 156 |
|
| 157 | 157 |
func (s *DockerAuthzSuite) TestAuthZPluginAllowRequest(c *check.C) {
|
| 158 | 158 |
|
| 159 |
- err := s.d.Start("--authz-plugins=" + testAuthZPlugin)
|
|
| 159 |
+ err := s.d.Start("--authz-plugin=" + testAuthZPlugin)
|
|
| 160 | 160 |
c.Assert(err, check.IsNil) |
| 161 | 161 |
s.ctrl.reqRes.Allow = true |
| 162 | 162 |
s.ctrl.resRes.Allow = true |
| ... | ... |
@@ -180,7 +180,7 @@ func (s *DockerAuthzSuite) TestAuthZPluginAllowRequest(c *check.C) {
|
| 180 | 180 |
|
| 181 | 181 |
func (s *DockerAuthzSuite) TestAuthZPluginDenyRequest(c *check.C) {
|
| 182 | 182 |
|
| 183 |
- err := s.d.Start("--authz-plugins=" + testAuthZPlugin)
|
|
| 183 |
+ err := s.d.Start("--authz-plugin=" + testAuthZPlugin)
|
|
| 184 | 184 |
c.Assert(err, check.IsNil) |
| 185 | 185 |
s.ctrl.reqRes.Allow = false |
| 186 | 186 |
s.ctrl.reqRes.Msg = unauthorizedMessage |
| ... | ... |
@@ -197,7 +197,7 @@ func (s *DockerAuthzSuite) TestAuthZPluginDenyRequest(c *check.C) {
|
| 197 | 197 |
|
| 198 | 198 |
func (s *DockerAuthzSuite) TestAuthZPluginDenyResponse(c *check.C) {
|
| 199 | 199 |
|
| 200 |
- err := s.d.Start("--authz-plugins=" + testAuthZPlugin)
|
|
| 200 |
+ err := s.d.Start("--authz-plugin=" + testAuthZPlugin)
|
|
| 201 | 201 |
c.Assert(err, check.IsNil) |
| 202 | 202 |
s.ctrl.reqRes.Allow = true |
| 203 | 203 |
s.ctrl.resRes.Allow = false |
| ... | ... |
@@ -7,7 +7,7 @@ docker-daemon - Enable daemon mode |
| 7 | 7 |
# SYNOPSIS |
| 8 | 8 |
**docker daemon** |
| 9 | 9 |
[**--api-cors-header**=[=*API-CORS-HEADER*]] |
| 10 |
-[**--authz-plugins**[=*[]*]] |
|
| 10 |
+[**--authz-plugin**[=*[]*]] |
|
| 11 | 11 |
[**-b**|**--bridge**[=*BRIDGE*]] |
| 12 | 12 |
[**--bip**[=*BIP*]] |
| 13 | 13 |
[**--cluster-store**[=*[]*]] |
| ... | ... |
@@ -71,7 +71,7 @@ format. |
| 71 | 71 |
**--api-cors-header**="" |
| 72 | 72 |
Set CORS headers in the remote API. Default is cors disabled. Give urls like "http://foo, http://bar, ...". Give "*" to allow all. |
| 73 | 73 |
|
| 74 |
-**--authz-plugins**="" |
|
| 74 |
+**--authz-plugin**="" |
|
| 75 | 75 |
Set authorization plugins to load |
| 76 | 76 |
|
| 77 | 77 |
**-b**, **--bridge**="" |
| ... | ... |
@@ -465,10 +465,10 @@ Key/Value store. |
| 465 | 465 |
Docker's access authorization can be extended by authorization plugins that your |
| 466 | 466 |
organization can purchase or build themselves. You can install one or more |
| 467 | 467 |
authorization plugins when you start the Docker `daemon` using the |
| 468 |
-`--authz-plugins=PLUGIN_ID` option. |
|
| 468 |
+`--authz-plugin=PLUGIN_ID` option. |
|
| 469 | 469 |
|
| 470 | 470 |
```bash |
| 471 |
-docker daemon --authz-plugins=plugin1 --authz-plugins=plugin2,... |
|
| 471 |
+docker daemon --authz-plugin=plugin1 --authz-plugin=plugin2,... |
|
| 472 | 472 |
``` |
| 473 | 473 |
|
| 474 | 474 |
The `PLUGIN_ID` value is either the plugin's name or a path to its specification |