Retrieve User data for authorization plugin

rschlenker · January 16, 2017, 1:08pm

Hey guys,
I am trying to develop a authorization plugin to restrict usage of specific docker api-calls. I based my code on the example implementation of an authorization plugin using uwsgi:

I am already cabable of restricting the overall usage of some api-calls but I would like to have a user-distinct restriction level, so e.g. only some users should have access to some containers, or should be allowed to run or stop containers.
Therefore I need to get the information about the requesting user. The Twistlock-Auth-Plugin already implements user-distinct behaviour but I cannot find any parameters in the retrieved requests I get by the docker-daemon which give me any information about the requesting user.
I found HTTP-Headers called ‘REMOTE_ADDRESS’ which is always 0.0.0.0 even if I use a remote docker-client.
Another Param is ‘User-Agent’ which is always 'Docker-Client/y.
How can I get the requesting docker-user-information as described in

the sequence diagram points out that some user-specific information would be passed over, but I cannot find them.
Thank you for your patience in reading my request.
Kind regards,
rschlenker

Topic		Replies	Views
Right place to ask about the Docker Authz plugin API General	0	711	October 4, 2018
Authorization plugins - passing user credentials General	2	1200	March 14, 2016
How to implement Docker Authentication? General	1	1426	April 19, 2016
Need docker to report UID of user starting image to authorization plugin General	1	421	July 20, 2020
Custom user authorization in authz docker plugins? Machine	0	1224	May 27, 2017

Retrieve User data for authorization plugin

Related topics