Make authorization plugins use pluginv2.

anusha-ragunathan · anusha-ragunathan · commit c5393ee147e9 · 2016-10-11T13:09:28.000-07:00
Signed-off-by: Anusha Ragunathan &lt;anusha@docker.com&gt;
diff --git a/cmd/dockerd/daemon.go b/cmd/dockerd/daemon.go
@@ -275,10 +275,12 @@ func (cli *DaemonCli) start(opts daemonOptions) (err error) {
 		"graphdriver": d.GraphDriverName(),
 	}).Info("Docker daemon")
 
+	cli.d = d
+
+	// initMiddlewares needs cli.d to be populated. Dont change this init order.
 	cli.initMiddlewares(api, serverConfig)
 	initRouter(api, d, c)
 
-	cli.d = d
 	cli.setupConfigReloadTrap()
 
 	// The serve API routine never exits unless an error occurs
@@ -438,6 +440,6 @@ func (cli *DaemonCli) initMiddlewares(s *apiserver.Server, cfg *apiserver.Config
 	u := middleware.NewUserAgentMiddleware(v)
 	s.UseMiddleware(u)
 
-	cli.authzMiddleware = authorization.NewMiddleware(cli.Config.AuthorizationPlugins)
+	cli.authzMiddleware = authorization.NewMiddleware(cli.Config.AuthorizationPlugins, cli.d.PluginStore)
 	s.UseMiddleware(cli.authzMiddleware)
 }
diff --git a/daemon/daemon.go b/daemon/daemon.go
@@ -96,7 +96,7 @@ type Daemon struct {
 	gidMaps                   []idtools.IDMap
 	layerStore                layer.Store
 	imageStore                image.Store
-	pluginStore               *pluginstore.Store
+	PluginStore               *pluginstore.Store
 	nameIndex                 *registrar.Registrar
 	linkIndex                 *linkIndex
 	containerd                libcontainerd.Client
@@ -559,7 +559,7 @@ func NewDaemon(config *Config, registryService registry.Service, containerdRemot
 		driverName = config.GraphDriver
 	}
 
-	d.pluginStore = pluginstore.NewStore(config.Root)
+	d.PluginStore = pluginstore.NewStore(config.Root)
 
 	d.layerStore, err = layer.NewStoreFromOptions(layer.StoreOptions{
 		StorePath:                 config.Root,
@@ -568,7 +568,7 @@ func NewDaemon(config *Config, registryService registry.Service, containerdRemot
 		GraphDriverOptions:        config.GraphOptions,
 		UIDMaps:                   uidMaps,
 		GIDMaps:                   gidMaps,
-		PluginGetter:              d.pluginStore,
+		PluginGetter:              d.PluginStore,
 	})
 	if err != nil {
 		return nil, err
@@ -926,7 +926,7 @@ func (daemon *Daemon) configureVolumes(rootUID, rootGID int) (*store.VolumeStore
 		return nil, err
 	}
 
-	volumedrivers.RegisterPluginGetter(daemon.pluginStore)
+	volumedrivers.RegisterPluginGetter(daemon.PluginStore)
 
 	if !volumedrivers.Register(volumesDriver, volumesDriver.Name()) {
 		return nil, fmt.Errorf("local volume driver could not be registered")
@@ -1102,7 +1102,7 @@ func (daemon *Daemon) reloadClusterDiscovery(config *Config) error {
 	if daemon.netController == nil {
 		return nil
 	}
-	netOptions, err := daemon.networkOptions(daemon.configStore, daemon.pluginStore, nil)
+	netOptions, err := daemon.networkOptions(daemon.configStore, daemon.PluginStore, nil)
 	if err != nil {
 		logrus.WithError(err).Warnf("failed to get options with network controller")
 		return nil
diff --git a/daemon/daemon_experimental.go b/daemon/daemon_experimental.go
@@ -13,7 +13,7 @@ func (daemon *Daemon) verifyExperimentalContainerSettings(hostConfig *container.
 }
 
 func pluginInit(d *Daemon, cfg *Config, remote libcontainerd.Remote) error {
-	return plugin.Init(cfg.Root, d.pluginStore, remote, d.RegistryService, cfg.LiveRestoreEnabled, d.LogPluginEvent)
+	return plugin.Init(cfg.Root, d.PluginStore, remote, d.RegistryService, cfg.LiveRestoreEnabled, d.LogPluginEvent)
 }
 
 func pluginShutdown() {
diff --git a/daemon/daemon_unix.go b/daemon/daemon_unix.go
@@ -613,7 +613,7 @@ func configureKernelSecuritySupport(config *Config, driverName string) error {
 }
 
 func (daemon *Daemon) initNetworkController(config *Config, activeSandboxes map[string]interface{}) (libnetwork.NetworkController, error) {
-	netOptions, err := daemon.networkOptions(config, daemon.pluginStore, activeSandboxes)
+	netOptions, err := daemon.networkOptions(config, daemon.PluginStore, activeSandboxes)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/authorization/middleware.go b/pkg/authorization/middleware.go
@@ -4,6 +4,7 @@ import (
 	"net/http"
 
 	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/pkg/plugingetter"
 	"golang.org/x/net/context"
 )
 
@@ -15,7 +16,8 @@ type Middleware struct {
 
 // NewMiddleware creates a new Middleware
 // with a slice of plugins names.
-func NewMiddleware(names []string) *Middleware {
+func NewMiddleware(names []string, pg plugingetter.PluginGetter) *Middleware {
+	SetPluginGetter(pg)
 	return &Middleware{
 		plugins: newPlugins(names),
 	}
diff --git a/pkg/authorization/plugin.go b/pkg/authorization/plugin.go
@@ -3,6 +3,7 @@ package authorization
 import (
 	"sync"
 
+	"github.com/docker/docker/pkg/plugingetter"
 	"github.com/docker/docker/pkg/plugins"
 )
 
@@ -33,6 +34,18 @@ func newPlugins(names []string) []Plugin {
 	return plugins
 }
 
+var getter plugingetter.PluginGetter
+
+// SetPluginGetter sets the plugingetter
+func SetPluginGetter(pg plugingetter.PluginGetter) {
+	getter = pg
+}
+
+// GetPluginGetter gets the plugingetter
+func GetPluginGetter() plugingetter.PluginGetter {
+	return getter
+}
+
 // authorizationPlugin is an internal adapter to docker plugin system
 type authorizationPlugin struct {
 	plugin *plugins.Client
@@ -80,7 +93,14 @@ func (a *authorizationPlugin) initPlugin() error {
 	var err error
 	a.once.Do(func() {
 		if a.plugin == nil {
-			plugin, e := plugins.Get(a.name, AuthZApiImplements)
+			var plugin plugingetter.CompatPlugin
+			var e error
+
+			if pg := GetPluginGetter(); pg != nil {
+				plugin, e = pg.Get(a.name, AuthZApiImplements, plugingetter.LOOKUP)
+			} else {
+				plugin, e = plugins.Get(a.name, AuthZApiImplements)
+			}
 			if e != nil {
 				err = e
 				return

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@ func (daemon Daemon) verifyExperimentalContainerSettings(hostConfig container.`
`13`	`13`	`}`
`14`	`14`
`15`	`15`	`func pluginInit(d Daemon, cfg Config, remote libcontainerd.Remote) error {`
`16`		`- return plugin.Init(cfg.Root, d.pluginStore, remote, d.RegistryService, cfg.LiveRestoreEnabled, d.LogPluginEvent)`
	`16`	`+ return plugin.Init(cfg.Root, d.PluginStore, remote, d.RegistryService, cfg.LiveRestoreEnabled, d.LogPluginEvent)`
`17`	`17`	`}`
`18`	`18`
`19`	`19`	`func pluginShutdown() {`
Original file line number	Diff line number	Diff line change
`@@ -613,7 +613,7 @@ func configureKernelSecuritySupport(config *Config, driverName string) error {`
`613`	`613`	`}`
`614`	`614`
`615`	`615`	`func (daemon Daemon) initNetworkController(config Config, activeSandboxes map[string]interface{}) (libnetwork.NetworkController, error) {`
`616`		`- netOptions, err := daemon.networkOptions(config, daemon.pluginStore, activeSandboxes)`
	`616`	`+ netOptions, err := daemon.networkOptions(config, daemon.PluginStore, activeSandboxes)`
`617`	`617`	`if err != nil {`
`618`	`618`	`return nil, err`
`619`	`619`	`}`
Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@ import (`
`4`	`4`	`"net/http"`
`5`	`5`
`6`	`6`	`"github.com/Sirupsen/logrus"`
	`7`	`+ "github.com/docker/docker/pkg/plugingetter"`
`7`	`8`	`"golang.org/x/net/context"`
`8`	`9`	`)`
`9`	`10`
`@@ -15,7 +16,8 @@ type Middleware struct {`
`15`	`16`
`16`	`17`	`// NewMiddleware creates a new Middleware`
`17`	`18`	`// with a slice of plugins names.`
`18`		`-func NewMiddleware(names []string) *Middleware {`
	`19`	`+func NewMiddleware(names []string, pg plugingetter.PluginGetter) *Middleware {`
	`20`	`+ SetPluginGetter(pg)`
`19`	`21`	`return &Middleware{`
`20`	`22`	`plugins: newPlugins(names),`
`21`	`23`	`}`