forked from containers/image
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Issue containers#327 Creating Docker client from settings passed in S…
…ystemContext Signed-off-by: Hardy Ferentschik <[email protected]>
- Loading branch information
1 parent
1751a75
commit f932d4b
Showing
8 changed files
with
236 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
package daemon | ||
|
||
import ( | ||
"github.com/containers/image/types" | ||
dockerclient "github.com/docker/docker/client" | ||
"github.com/docker/go-connections/tlsconfig" | ||
"net/http" | ||
"path/filepath" | ||
) | ||
|
||
const ( | ||
// The default API version to be used in case none is explicitly specified | ||
defaultAPIVersion = "1.22" | ||
) | ||
|
||
// NewDockerClient initializes a new API client based on the passed SystemContext. | ||
func newDockerClient(ctx *types.SystemContext) (*dockerclient.Client, error) { | ||
if ctx == nil { | ||
return dockerclient.NewClient(dockerclient.DefaultDockerHost, defaultAPIVersion, nil, nil) | ||
} | ||
|
||
httpClient, err := tlsConfig(ctx) | ||
if err != nil { | ||
return nil, err | ||
} | ||
|
||
host := ctx.DockerDaemonHost | ||
if host == "" { | ||
host = dockerclient.DefaultDockerHost | ||
} | ||
|
||
version := ctx.DockerDaemonAPIVersion | ||
if version == "" { | ||
version = defaultAPIVersion | ||
} | ||
|
||
cli, err := dockerclient.NewClient(host, version, httpClient, nil) | ||
if err != nil { | ||
return cli, err | ||
} | ||
|
||
return cli, nil | ||
} | ||
|
||
func tlsConfig(ctx *types.SystemContext) (*http.Client, error) { | ||
if ctx == nil || ctx.DockerDaemonCertPath == "" { | ||
return nil, nil | ||
} | ||
|
||
options := tlsconfig.Options{ | ||
CAFile: filepath.Join(ctx.DockerDaemonCertPath, "ca.pem"), | ||
CertFile: filepath.Join(ctx.DockerDaemonCertPath, "cert.pem"), | ||
KeyFile: filepath.Join(ctx.DockerDaemonCertPath, "key.pem"), | ||
InsecureSkipVerify: ctx.DockerDaemonInsecureSkipTLSVerify, | ||
} | ||
tlsc, err := tlsconfig.Client(options) | ||
if err != nil { | ||
return nil, err | ||
} | ||
|
||
httpClient := &http.Client{ | ||
Transport: &http.Transport{ | ||
TLSClientConfig: tlsc, | ||
}, | ||
CheckRedirect: dockerclient.CheckRedirect, | ||
} | ||
|
||
return httpClient, nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,83 @@ | ||
package daemon | ||
|
||
import "testing" | ||
import ( | ||
"github.com/containers/image/types" | ||
dockerclient "github.com/docker/docker/client" | ||
"github.com/stretchr/testify/assert" | ||
"net/http" | ||
"os" | ||
"path/filepath" | ||
) | ||
|
||
func TestDockerClientFromNilSystemContext(t *testing.T) { | ||
client, err := newDockerClient(nil) | ||
|
||
assert.Nil(t, err, "There should be no error creating the Docker client") | ||
assert.NotNil(t, client, "A Docker client reference should have been returned") | ||
|
||
assert.Equal(t, dockerclient.DefaultDockerHost, client.DaemonHost(), "The default docker host should have been used") | ||
assert.Equal(t, defaultAPIVersion, client.ClientVersion(), "The default api version should have been used") | ||
} | ||
|
||
func TestDockerClientFromCertContext(t *testing.T) { | ||
testDir, err := os.Getwd() | ||
if err != nil { | ||
t.Fatal("Unable to determine the current test directory") | ||
} | ||
|
||
host := "tcp://127.0.0.1:2376" | ||
version := "1.11" | ||
systemCtx := &types.SystemContext{ | ||
DockerDaemonCertPath: filepath.Join(testDir, "testdata", "certs"), | ||
DockerDaemonHost: host, | ||
DockerDaemonAPIVersion: version, | ||
DockerDaemonInsecureSkipTLSVerify: true, | ||
} | ||
|
||
client, err := newDockerClient(systemCtx) | ||
|
||
assert.Nil(t, err, "There should be no error creating the Docker client") | ||
assert.NotNil(t, client, "A Docker client reference should have been returned") | ||
|
||
assert.Equal(t, host, client.DaemonHost()) | ||
assert.Equal(t, version, client.ClientVersion()) | ||
} | ||
|
||
func TestTlsConfigFromNilSystemContext(t *testing.T) { | ||
httpClient, err := tlsConfig(nil) | ||
|
||
assert.Nil(t, err, "There should be no error creating the HTTP client") | ||
assert.Nil(t, httpClient, "With no explicit TLS configutation, there should be no HTTP client") | ||
} | ||
|
||
func TestTlsConfigFromInvalidCertPath(t *testing.T) { | ||
ctx := &types.SystemContext{ | ||
DockerDaemonCertPath: "/foo/bar", | ||
} | ||
|
||
_, err := tlsConfig(ctx) | ||
|
||
if assert.Error(t, err, "An error was expected") { | ||
assert.Regexp(t, "could not read CA certificate", err.Error()) | ||
} | ||
} | ||
|
||
func TestTlsConfigFromCertPath(t *testing.T) { | ||
testDir, err := os.Getwd() | ||
if err != nil { | ||
t.Fatal("Unable to determine the current test directory") | ||
} | ||
|
||
ctx := &types.SystemContext{ | ||
DockerDaemonCertPath: filepath.Join(testDir, "testdata", "certs"), | ||
DockerDaemonInsecureSkipTLSVerify: true, | ||
} | ||
|
||
httpClient, err := tlsConfig(ctx) | ||
|
||
assert.Nil(t, err, "There should be no error creating the HTTP client") | ||
|
||
transport := httpClient.Transport.(*http.Transport) | ||
assert.True(t, transport.TLSClientConfig.InsecureSkipVerify, "TLS verification should be skipped") | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIICzjCCAbagAwIBAgIRAIGgYBNZse0EqRVzxe7aQGIwDQYJKoZIhvcNAQELBQAw | ||
EDEOMAwGA1UEChMFaGFyZHkwHhcNMTcxMDA0MDgzNDAwWhcNMjAwOTE4MDgzNDAw | ||
WjAQMQ4wDAYDVQQKEwVoYXJkeTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC | ||
ggEBAMlrdtoXWlZMPFwgeKZHrGxjVe4KXkQy5MFBUfO48htyIe2OlZAd3HGyap41 | ||
7L4YciFhw0bp7wHnYtSTiCHQrnA4SLzNuaU2NM5nJw+E4c5kNrkvhLJqpTNCaYCy | ||
Xbh3H8REW+5UJIgnyeKLx//kvlDm6p4O55+OLlGgzxNaTIgldKLPmx543VVt6VDT | ||
qgFlaYsRz8hZ12+qAqu5am/Wpfal2+Df7Pmmn5M90UBTUwY8CLc/ZiWbv6hihDWV | ||
I28JoM0onEqAx7phRd0SwwK4mYfEe/u614r3bZaI36e9ojU9/St4nbMoMeyZP96t | ||
DOdX9A1SMbsqLOYKXBKM+jXPEaECAwEAAaMjMCEwDgYDVR0PAQH/BAQDAgKsMA8G | ||
A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALah7CjpwbEY6yjA2KDv | ||
VaAHEgz4Xd8USW/L2292EiQLmFdIaEJiiWRjtKFiF427TXfAPXvxHA2q9OElDW4d | ||
G6XAcBJg5mcBh8WRTHwfLQ8llfj7dH1/sfazSUZeat6lTIyhQfkF99LAJTqlfYAF | ||
aNqIQio7FAjGyJqIPYLa1FKmfLdZr9azb9IjTZLhBGBWdLF0+JOn+JBsl7g9BvUp | ||
ArCI0Wib/vsr368xkzWzKjij1exZdfw0TmsieNYvViFoFJGNCB5XLPo0bHrmMVVe | ||
25EGam+xPkG/JQP5Eb3iikSEn8y5SIeJ0nS0EQE6uXPv+lQj1LmVv8OYzjXqpoJT | ||
n6g= | ||
-----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIC6zCCAdOgAwIBAgIQEh1UsPL20u9KnyOByuhYWDANBgkqhkiG9w0BAQsFADAQ | ||
MQ4wDAYDVQQKEwVoYXJkeTAeFw0xNzEwMDQwODM0MDBaFw0yMDA5MTgwODM0MDBa | ||
MBwxGjAYBgNVBAoMEWhhcmR5Ljxib290c3RyYXA+MIIBIjANBgkqhkiG9w0BAQEF | ||
AAOCAQ8AMIIBCgKCAQEAyJm29vB/urzreEwF012iAAWW3fgE1VEeNLTP/sZTYV3z | ||
UNGKao5x7dUIiah8rptkK3+FN4TID8Z2c1DpKzMTisdpRF3UoRWmjm1UTbxEENhk | ||
EptkFwGFM6BcZSyiLlyCBVM+wGsqzHAASe833S/yiu8miNc2S+jd0FIluKWe0yzG | ||
u2oaJfA28dBfqWyn9hh6msqBVYK6sDle9t0ditNubCyD+vrnoK8825LOIPV6QafL | ||
kVyW0/mj4GJutPOVop37HyQMcuQnDWBA+934l3tpeaJ93d3u8XjU7dXuOobKMohw | ||
+33/pTALu9P0WtDbEeo/xcEICgimqpir92KMSXxUbwIDAQABozUwMzAOBgNVHQ8B | ||
Af8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADANBgkq | ||
hkiG9w0BAQsFAAOCAQEAnYffv9ipGQVW/t3sFxKu9LXQ7ZkhUSgoxPIA51goaYop | ||
YM9QR3ZBf2tMJwjKXuOLEkxxweNjP3dMKh2gykFory+jv6OQYIiLf9M82ty8rOPi | ||
mWLMDAIWWagkj5Yy6b+/aLkpXQ+lEsxLyi6po+D+I+AwRUYvfSc74a7XxkJk77JF | ||
/0SVgNdDtL08zVNOGDgepP/95e1pKMKgsOiCDnFCOAY+l6HcvizwBH+EI+XtdLVb | ||
qBmOAYiwYObBaRuyhVbbDKqKRGFUNkmmDv6vCQoTL1C9wrBnAiJe2khbLm1ix9Re | ||
3MW15CLuipneSgRAWXSdMbDIv9+KQE8fo2TWqikrCw== | ||
-----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
-----BEGIN RSA PRIVATE KEY----- | ||
MIIEpQIBAAKCAQEAyJm29vB/urzreEwF012iAAWW3fgE1VEeNLTP/sZTYV3zUNGK | ||
ao5x7dUIiah8rptkK3+FN4TID8Z2c1DpKzMTisdpRF3UoRWmjm1UTbxEENhkEptk | ||
FwGFM6BcZSyiLlyCBVM+wGsqzHAASe833S/yiu8miNc2S+jd0FIluKWe0yzGu2oa | ||
JfA28dBfqWyn9hh6msqBVYK6sDle9t0ditNubCyD+vrnoK8825LOIPV6QafLkVyW | ||
0/mj4GJutPOVop37HyQMcuQnDWBA+934l3tpeaJ93d3u8XjU7dXuOobKMohw+33/ | ||
pTALu9P0WtDbEeo/xcEICgimqpir92KMSXxUbwIDAQABAoIBAQCyuKjXR5w1Ll4I | ||
FotWLmTH6jLo3jDIMPZddP6e+emNpRvD1HyixPhiMdvicXdsRUuwqXNx7F4mF+au | ||
hNbIwz/U9CcoXwSy48w5ttRWUba+31wBa+p3yMX5IhVPmr1/2rGItwsAejpuXBcV | ||
yAiYi0BnYfyODFf2t6jwElBDO2POtdEoYVYwgtMTMy5pmDA2QA3mKkjCcJviectZ | ||
9yFb8DFiwIYkryErWrGWaKls/oYV2O0A0mCaIqgw3HfhIl6F1pk+9oYnmsq6IzF5 | ||
wSIg2evd4GMm/L2sqlVFqb4Kj54fbyfdOFK0bQso6VQZvB5tZ6NLHfv2f3BBFHVu | ||
jO+On/ixAoGBAOJkPHavnAb/lLDnMJjjXYNUQqyxxSlwOwNifG4evf/KAezIIalJ | ||
kC7jZoFsUkARVbRKQag0T2Xvxw/dDqmNastR1NxsBkhOWjYiQbALYP3u2f06Nhf8 | ||
YlX6hyEje/3bb838//sH5jnaN8GcZnDBrAoPzW+V87pQoCyVrjs2t8qXAoGBAOLV | ||
+PviAUWFjUO//dYk9H9IWotr6rdkzmpLbrj+NoLNSGeoZbByPmT5BuNswXvNyk+9 | ||
smOQ8yqBiMpjxKwR4WQnS6Ydh6HTT33IWLLVazDFMf7ACmXWoScFhCAW6qGfdrYQ | ||
hkCSbwgun8jbL2D477jJl6ZyQG48lVnnZDjkFbfpAoGAUOqCsekSW23+Nzxqojqh | ||
sc7sBc2EKstyTENnNfTG9CW/imH9pgQlBJ1Chf+xZjTL7SSdUwFfX4/UFldsZi2l | ||
fgZBjocNt8pJdA/KaqGmiRxVzayAqRIME673nWCRcKp9y6Ih3Bd2sjbMtuavtp2C | ||
YBZF1xxBgNZQaZ8WJxPnnQECgYEAzLgGJPWc5iyZCJsesQTbMICRTyEPTYKKFD6N | ||
6CFt+vDgNsUxOWRx0Vk6kUhW+rAItZzjgZ6RBzyuwtH17sGYZHZefMZL4Y2/QSru | ||
ej/IpNRjwaF6AN0KxhfhXcCw8zrivX/+WgqOcJj7lh/TC7a/S0uNNSgJ5DODKwd9 | ||
WSboPvkCgYEAzqdWfetko7hEI4076pufJrHPnnCJSHkkQ1QnfVl71mq7UmKXLDxD | ||
L5oWtU53+dswzvxGrzkOWsRJC5nN30BYJuYlwKzo3+MCKlUzJSuIMVTbTPlwKudh | ||
AF19s4GFZVo29FlgIQhA5dfIkZgFXAlVxYcGTLUixEmPwrc6yguULPs= | ||
-----END RSA PRIVATE KEY----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters