Authorization Plugins
Docker authorization is based on two modes: all kinds of actions are enabled or all kinds of actions are disabled. In other words, if a user can access the Docker daemon, they can run any command and consume the API or Docker client commands. If you need more granular access control methods, you need to use authorization plugins in Docker. Authorization plugins enhance authentication and permission for Docker Engine operations. They enable more granular access to control who can take specific actions on Docker Engine.
Authorization plugins approve or deny the requests forwarded by Docker daemons using the request context. Therefore, the plugins should implement the following two methods:
AuthZReq
: This method is called before the Docker daemon processes the request.AuthZRes
: This method is called before the response is returned from the Docker daemon to the client.
In the following exercise, you will learn how to configure and...