docker-socket-proxy icon indicating copy to clipboard operation
docker-socket-proxy copied to clipboard

Published 20 hours ago verified publisher icon Tecnativa

Add more granular access control

Open LifetimeMistake opened this issue 1 year ago • 4 comments

Hello, I recently ran into an issue when trying to allow watchtower to pull images through this proxy while keeping the other APIs read-only and thought I'd share my solution. This PR introduces a new access check that can grant read/write permissions to any section of the Docker API.

Now, read/write access is managed using XXXXX_READ and XXXXX_WRITE environment variables, where XXXXX represents the Docker API section. For instance, setting CONTAINERS_READ=1 allows GET/HEAD requests to the containers endpoint.

To keep everything backwards compatible, original variable names may still be used to grant read-only access. The POST variable will grant write access to all readable APIs, preserving the functionality of the original code.

If you're interested in merging this, but have some questions or feedback just let me know.

LifetimeMistake avatar Apr 14 '24 14:04 LifetimeMistake

What do you think @yajo @Tardo ?

pedrobaeza avatar May 17 '24 20:05 pedrobaeza

Thanks! It's fine to me.

The problem with the tests must be because the python 3.8 version is deprecated.

Tardo avatar May 22 '24 12:05 Tardo

I have just pushed "Update branch", but it does a merge operation. Can you please rebase it instead to check if CIs are green? cc @josep-tecnativa

pedrobaeza avatar Sep 28 '24 08:09 pedrobaeza

Please, Could you rebase and we will see if CI is green after that?

josep-tecnativa avatar Oct 02 '24 07:10 josep-tecnativa