Add support for /grpc api

rubengees · joao-p-marques · commit 08910fecaa85 · 2021-10-20T14:16:31.000+01:00
diff --git a/Dockerfile b/Dockerfile
@@ -10,6 +10,7 @@ ENV ALLOW_RESTARTS=0 \
     DISTRIBUTION=0 \
     EVENTS=1 \
     EXEC=0 \
+    GRPC=0 \
     IMAGES=0 \
     INFO=0 \
     LOG_LEVEL=info \
diff --git a/README.md b/README.md
@@ -127,6 +127,7 @@ extremely critical but can expose some information that your service does not ne
 -   `CONTAINERS`
 -   `DISTRIBUTION`
 -   `EXEC`
+-   `GRPC`
 -   `IMAGES`
 -   `INFO`
 -   `NETWORKS`
diff --git a/haproxy.cfg b/haproxy.cfg
@@ -51,6 +51,7 @@ frontend dockerfrontend
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/distribution } { env(DISTRIBUTION) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/events } { env(EVENTS) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/exec } { env(EXEC) -m bool }
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/grpc } { env(GRPC) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images } { env(IMAGES) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/info } { env(INFO) -m bool }
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/networks } { env(NETWORKS) -m bool }
diff --git a/tests/test_service.py b/tests/test_service.py
@@ -34,6 +34,7 @@ def test_default_permissions(proxy_factory):
             ("info",),
             ("system", "info"),
             ("build", "."),
+            ("buildx build", "."),
             ("swarm", "init"),
         )
         _check_permissions(allowed_calls, forbidden_calls)

Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,7 @@ def test_default_permissions(proxy_factory):`
`34`	`34`	`("info",),`
`35`	`35`	`("system", "info"),`
`36`	`36`	`("build", "."),`
	`37`	`+ ("buildx build", "."),`
`37`	`38`	`("swarm", "init"),`
`38`	`39`	`)`
`39`	`40`	`_check_permissions(allowed_calls, forbidden_calls)`