From 42e1ce93bcca07b647c7cd28e8c822bbdb2698a7 Mon Sep 17 00:00:00 2001
From: Oleksander Piskun <oleksandr2088@icloud.com>
Date: Wed, 20 Nov 2024 14:04:52 +0300
Subject: [PATCH] allow exec and files access for AppAPI for ExApps containers

Signed-off-by: Oleksander Piskun <oleksandr2088@icloud.com>
---
 haproxy.cfg.template | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/haproxy.cfg.template b/haproxy.cfg.template
index 456aa5f..24c92f4 100644
--- a/haproxy.cfg.template
+++ b/haproxy.cfg.template
@@ -50,7 +50,12 @@ frontend docker_engine
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/((start)|(stop)) } METH_POST
     # container rm: DELETE containers/%s
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+ } METH_DELETE
-
+    # container update/exec: POST containers/%s/update containers/%s/exec
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/((update)|(exec)) } METH_POST
+    # container put: PUT containers/%s/archive
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/archive } METH_PUT
+    # run exec instance: POST exec/%s
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/exec/[a-zA-Z0-9_.-]+/start } METH_POST
 
     # container create: POST containers/create?name=%s
     # ACL to restrict container name to nc_app_[a-zA-Z0-9_.-]+