Auth request get image sha256 #125
Description
I am trying to implement an auth plugin that will obtain the containers image sha256 hand it off to an api for checking and then respond as to whether or not the container is allowed to start. I have tried to begin by simply listing the running containers upon receiving a AuthZReq as follows
func getContainers() {
fmt.Printf("***** Container List\n")
cli, err := client.NewClientWithOpts(client.FromEnv)
if err != nil {
panic(err)
}
containers, err := cli.ContainerList(context.Background(), types.ContainerListOptions{})
if err != nil {
panic(err)
}
for _, container := range containers {
fmt.Printf("%s %s\n", container.ID[:10], container.Image)
}
}
When making this call during plugin startup I get the following error, which is the expected unable to hit the socket as there is no volume mounted
level=error msg="panic: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?"
When running my container before creating the plugin I can achieve the desired behaviour by running the container as follows
docker run -v /var/run/docker.sock:/var/run/docker.sock ${TEMPLATE}:${VERSION}
I am assuming my config.json needs amending but not sure how?
config.json
{
"Description": "Authorization plugin for Docker",
"Documentation": "TODO",
"Entrypoint": [
"/src/my-plugin"
],
"Interface": {
"Socket": "my-sock.sock",
"Types": [
"docker.authz/1.0"
]
},
"network": {
"type": "host"
},
"Mounts": [
{
"Type": "bind",
"Source": "/var/run/docker.sock",
"Destination": "/var/run/docker.sock",
"Mode": "",
"RW": true,
"Propagation": "rprivate"
}
]
}