Skip to content

Added expanding environment variables for allow* methods #48

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: 49-fr-added-expanding-environment-variables-for-allow-methods
Choose a base branch
from
Open

Added expanding environment variables for allow* methods #48

wants to merge 1 commit into from

Conversation

AlexSat
Copy link

@AlexSat AlexSat commented Apr 2, 2025
edited
Loading

Allow to place environment variable into allow* variables content for future expanding when starting to grant permissions for target container only.

Use case(for docker ocmpose): set environments
SP_ALLOW_POST=/v1\.\d{1,2}/(exec|containers)/$$CONTAINER_NAME/(start|stop|exec)
CONTAINER_NAME=xxx

More complex example:

#cat exts.yaml
services:
  docker-proxy:
    image: wollomatic/socket-proxy:1
    restart: unless-stopped
    read_only: true
    mem_limit: 64M
    hostname: docker_proxy
    security_opt:
      - no-new-privileges
    user: 65534:${DOCKER_GROUP_ID}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - SP_LISTENIP=0.0.0.0
      - SP_LOGLEVEL=INFO
      - SP_PROXYPORT=${DOCKER_PROXY_PORT}
    networks:
      - docker_proxy_net
  docker-proxy-start-stop:
    extends: docker-proxy
    environment:
      - SP_ALLOW_POST=/v1\.\d{1,2}/containers/$$TARGET_CONTAINER/(start|stop)
  docker-proxy-start-stop-exec:
    extends: docker-proxy
    environment:
      - SP_ALLOW_POST=/v1\.\d{1,2}/(exec|containers)/$$TARGET_CONTAINER/(start|stop|exec)
      - SP_ALLOW_GET=/v1\.\d{1,2}/(exec|containers)/.*?/(json)

#cat compose.yml
services:
  ...
  docker_socket:
    extends:
      file: exts.yml
      service: docker-proxy-start-stop
    environment:
      - SP_ALLOWFROM=my_app_backup
      - TARGET_CONTAINER=my_app

@AlexSat
Copy link
Author

AlexSat commented Apr 2, 2025
edited
Loading

@wollomatic Hello! What do you think about it?

UPD: Sorry, misstag... removed @justsomescripts @ildyria

@wollomatic wollomatic mentioned this pull request Apr 2, 2025
Open
@wollomatic wollomatic changed the base branch from main to 49-fr-added-expanding-environment-variables-for-allow-methods April 2, 2025 17:21
@wollomatic wollomatic self-assigned this Apr 2, 2025
@wollomatic
Copy link
Owner

Hi @AlexSat,

thank you very much for your contribution. I'll think about it in the next few days and get back to you soon.

Best regards,
Wolfgang

@AlexSat
Copy link
Author

AlexSat commented Apr 22, 2025

Hi @wollomatic,

have you some time to check PR, please?

Best regards,
Alexander

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@wollomatic wollomatic

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AlexSat @wollomatic