Beispiel #1
0
func checkAllowedUser(d docker.Docker, config *api.Config, isOnbuild bool) error {
	if config.AllowedUIDs == nil || config.AllowedUIDs.Empty() {
		return nil
	}
	user, err := d.GetImageUser(config.BuilderImage)
	if err != nil {
		return err
	}
	if !userutil.IsUserAllowed(user, &config.AllowedUIDs) {
		return errors.NewBuilderUserNotAllowedError(config.BuilderImage, false)
	}
	if isOnbuild {
		cmds, err := d.GetOnBuild(config.BuilderImage)
		if err != nil {
			return err
		}
		if !userutil.IsOnbuildAllowed(cmds, &config.AllowedUIDs) {
			return errors.NewBuilderUserNotAllowedError(config.BuilderImage, true)
		}
	}
	return nil
}
Beispiel #2
0
// CheckAllowedUser checks if the Docker image contains allowed users
// FIXME: @cswong this need better godoc
func CheckAllowedUser(d Docker, imageName string, uids user.RangeList, isOnbuild bool) error {
	if uids == nil || uids.Empty() {
		return nil
	}
	imageUser, err := d.GetImageUser(imageName)
	if err != nil {
		return err
	}
	if !user.IsUserAllowed(imageUser, &uids) {
		return errors.NewBuilderUserNotAllowedError(imageName, false)
	}
	if isOnbuild {
		cmds, err := d.GetOnBuild(imageName)
		if err != nil {
			return err
		}
		if !user.IsOnbuildAllowed(cmds, &uids) {
			return errors.NewBuilderUserNotAllowedError(imageName, true)
		}
	}
	return nil
}