Skip to content

feat: high level wrapper around Docker API #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
oleksandr-nc merged 5 commits into from
May 29, 2025
Merged

feat: high level wrapper around Docker API #39

oleksandr-nc merged 5 commits into from
May 29, 2025

Conversation

@oleksandr-nc
Copy link
Contributor

@oleksandr-nc oleksandr-nc commented May 22, 2025

Partitially related to the nextcloud/app_api#531

In this pull request we add a wrapper around Docker Commands for AppAPI for Nextcloud 32.

All the wrapper logic is written in Python, all the main commands for which complex regular expressions for access control were written are covered in this PR.

This is what remains to be done for the future (most likely it will be for Nextcloud 33 or 34 when we drop DockerDockerProxy support):

# docker system _ping
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/_ping$ } METH_GET
# docker inspect image
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images/.*/json } METH_GET
# container inspect: GET containers/%s/json
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/json } METH_GET
# container inspect: GET containers/%s/logs 
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/logs } METH_GET
# image pulling
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images/create } METH_POST

@oleksandr-nc oleksandr-nc requested a review from andrey18106 May 22, 2025 13:57
@oleksandr-nc oleksandr-nc requested a review from kyteinsky as a code owner May 22, 2025 13:57
@oleksandr-nc oleksandr-nc mentioned this pull request May 22, 2025
Merged
@oleksandr-nc oleksandr-nc force-pushed the feat/Docker-API-wrapper branch from 16aab96 to 28ceb51 Compare May 22, 2025 14:30
kyteinsky
kyteinsky reviewed May 28, 2025
View reviewed changes
Copy link
Contributor

@kyteinsky kyteinsky left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

works quite flawlessly, tested even with custom ssl certs. 🚀

@oleksandr-nc oleksandr-nc force-pushed the feat/Docker-API-wrapper branch from 28ceb51 to 8d44b25 Compare May 28, 2025 12:58
kyteinsky
kyteinsky approved these changes May 29, 2025
View reviewed changes
Copy link
Contributor

@kyteinsky kyteinsky left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

@oleksandr-nc oleksandr-nc merged commit 94ac45a into main May 29, 2025
3 checks passed
@oleksandr-nc oleksandr-nc deleted the feat/Docker-API-wrapper branch May 29, 2025 05:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kyteinsky kyteinsky kyteinsky approved these changes

@andrey18106 andrey18106 andrey18106 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@oleksandr-nc @kyteinsky @andrey18106