From 898c408fdbfd4ef9be541e51fa69238ad6119f8d Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Fri, 18 Dec 2015 12:34:19 +0100 Subject: [PATCH] authZ: more fixes - fix naming and formatting - provide more context when erroring auth - do not capitalize errors - fix wrong documentation - remove ugly remoteError{} Signed-off-by: Antonio Murdaca Upstream-commit: d00b518979e30aa9fe7f4b804c126cff802ae038 Component: cli --- components/cli/docs/extend/authorization.md | 23 ++++++++------------- 1 file changed, 9 insertions(+), 14 deletions(-) diff --git a/components/cli/docs/extend/authorization.md b/components/cli/docs/extend/authorization.md index 5330e9d245..23a1787ca3 100644 --- a/components/cli/docs/extend/authorization.md +++ b/components/cli/docs/extend/authorization.md @@ -104,9 +104,6 @@ Docker's authorization subsystem supports multiple `--authz-plugin` parameters. ### Calling authorized command (allow) -Your plugin must support calling the `allow` command to authorize a command. -This call does not impact Docker's command line. - ```bash $ docker pull centos ... @@ -116,22 +113,20 @@ f1b10cd84249: Pull complete ### Calling unauthorized command (deny) -Your plugin must support calling the `deny` command to report on the outcome of -a plugin interaction. This call returns messages to Docker's command line informing -the user of the outcome of each call. +```bash +$ docker pull centos +... +docker: Error response from daemon: authorization denied by plugin PLUGIN_NAME: volumes are not allowed. +``` + +### Error from plugins ```bash $ docker pull centos -… -Authorization failed. Pull command for user 'john_doe' is -denied by authorization plugin 'ACME' with message -‘[ACME] User 'john_doe' is not allowed to perform the pull -command’ +... +docker: Error response from daemon: plugin PLUGIN_NAME failed with error: AuthZPlugin.AuthZReq: Cannot connect to the Docker daemon. Is the docker daemon running on this host?. ``` -Where multiple authorization plugins are installed, multiple messages are expected. - - ## API schema and implementation In addition to Docker's standard plugin registration method, each plugin