@@ -91,6 +91,10 @@ passed to the authorization plugins. For commands that return chunked HTTP
9191response, such as ` logs ` and ` events ` , only the HTTP request is sent to the
9292authorization plugins.
9393
94+ The Engine's authorization middleware fails closed: when a plugin returns an error or returns ` Allow: false ` ,
95+ the request is denied and the error is surfaced to the client. Plugins should also fail closed: if the plugin
96+ cannot confidently evaluate a request, it should return an error or ` Allow: false ` .
97+
9498### Response body size and partial buffering
9599
96100The internal buffer that holds the response body between the daemon's HTTP
@@ -239,7 +243,7 @@ Name | Type | Description
239243User | string | The user identification
240244Authentication method | string | The authentication method used
241245Request method | enum | The HTTP method (GET/DELETE/POST)
242- Request URI | string | The HTTP request URI including API version (e.g., v.1.17/containers/json)
246+ Request URI | string | The HTTP request URI including API version, as sent by the client (e.g., v.1.17/containers/json)
243247Request headers | map[ string] string | Request headers as key value pairs (without the authorization header)
244248Request body | [ ] byte | Raw request body
245249
@@ -262,7 +266,7 @@ Name | Type | Description
262266User | string | The user identification
263267Authentication method | string | The authentication method used
264268Request method | string | The HTTP method (GET/DELETE/POST)
265- Request URI | string | The HTTP request URI including API version (e.g., v.1.17/containers/json)
269+ Request URI | string | The HTTP request URI including API version, as sent by the client (e.g., v.1.17/containers/json)
266270Request headers | map[ string] string | Request headers as key value pairs (without the authorization header)
267271Request body | [ ] byte | Raw request body
268272Response status code | int | Status code from the Docker daemon
0 commit comments