At Twistlock, it is very important to us to be a part of the community and, when possible, contribute the source code to various open source projects. One of the projects we contributed to the most is the Docker application container engine. One of our main contributions to the Docker engine is the authorization plugins we developed, which were introduced in Docker 1.10. Authorization plugins enable approving or denying management requests to the Docker daemon based on both the current authentication context and the command context. The authentication context contains all user details and the authentication method. The command context contains all the relevant request data.

You can read more about the authorization framework we added on Docker’s website, here. If you would like to go deeper, please see the original Github issue here, and the corresponding PR here.

OpenShift is Red Hat’s Platform-as-a-Service (PaaS) that allows developers to quickly develop, host, and scale applications in a cloud environment. With OpenShift you have a choice of offerings, including online, on-premise, and open source project options. We have many customers using OpenShift and have various integration points with the product itself. Recently we were very happy to learn that OpenShift security uses Docker authorization plugins as part of their default OpenShift deployment. The reason for using those is on order to detect and avoid any RHEL based images to be pushed to the default registry. This helps to prevent users from violating Red Hat’s subscription agreement. According to Dan Walsh, Container Development Lead Engineer at Red Hat: “The introduction of the authorization plugin infrastructure allows us to customize the docker experience without us having to patch the code. This is the first step in getting fine grained access control over users interacting with container runtimes.”

You can read more about Red Hat’s plugin, including downloading the source code, here.

Consequently, we are proud to say that if you run OpenShift security you run code contributed by Twistlock! It is a delight to realize we helped the two products to work better together and we look forward to many more contribution and joint work with both Red Hat and Docker.

← Back to All Posts Next Post →