tyler.durden
/
compose
mirror of https://github.com/docker/compose.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Recognize COMPOSE_TLS_VERSION env var in tls_config_from_options 

Signed-off-by: Joffrey F <joffrey@docker.com>
This commit is contained in:
Joffrey F 2017-03-22 17:27:11 -07:00
parent 8c181b81ca
commit 14115a3570
4 changed files with 53 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
compose/cli/command.py
View File

@ -4,7 +4,6 @@ from __future__ import unicode_literals
import logging
import os
import re
import ssl
import six
@ -15,6 +14,7 @@ from ..config.environment import Environment
from ..const import API_VERSIONS
from ..project import Project
from .docker_client import docker_client
from .docker_client import get_tls_version
from .docker_client import tls_config_from_options
from .utils import get_version_info
@ -60,23 +60,6 @@ def get_config_path_from_options(base_dir, options, environment):
return None
def get_tls_version(environment):
compose_tls_version = environment.get('COMPOSE_TLS_VERSION', None)
if not compose_tls_version:
return None
tls_attr_name = "PROTOCOL_{}".format(compose_tls_version)
if not hasattr(ssl, tls_attr_name):
log.warn(
'The "{}" protocol is unavailable. You may need to update your '
'version of Python or OpenSSL. Falling back to TLSv1 (default).'
.format(compose_tls_version)
)
return None
return getattr(ssl, tls_attr_name)
def get_client(environment, verbose=False, version=None, tls_config=None, host=None,
tls_version=None):

27
compose/cli/docker_client.py
View File

@ -2,6 +2,7 @@ from __future__ import absolute_import
from __future__ import unicode_literals
import logging
import ssl
from docker import APIClient
from docker.errors import TLSParameterError
@ -16,7 +17,24 @@ from .utils import unquote_path
log = logging.getLogger(__name__)
def tls_config_from_options(options):
def get_tls_version(environment):
compose_tls_version = environment.get('COMPOSE_TLS_VERSION', None)
if not compose_tls_version:
return None
tls_attr_name = "PROTOCOL_{}".format(compose_tls_version)
if not hasattr(ssl, tls_attr_name):
log.warn(
'The "{}" protocol is unavailable. You may need to update your '
'version of Python or OpenSSL. Falling back to TLSv1 (default).'
.format(compose_tls_version)
)
return None
return getattr(ssl, tls_attr_name)
def tls_config_from_options(options, environment=None):
tls = options.get('--tls', False)
ca_cert = unquote_path(options.get('--tlscacert'))
cert = unquote_path(options.get('--tlscert'))
@ -24,7 +42,9 @@ def tls_config_from_options(options):
verify = options.get('--tlsverify')
skip_hostname_check = options.get('--skip-hostname-check', False)
advanced_opts = any([ca_cert, cert, key, verify])
tls_version = get_tls_version(environment or {})
advanced_opts = any([ca_cert, cert, key, verify, tls_version])
if tls is True and not advanced_opts:
return True
@ -35,7 +55,8 @@ def tls_config_from_options(options):
return TLSConfig(
client_cert=client_cert, verify=verify, ca_cert=ca_cert,
assert_hostname=False if skip_hostname_check else None
assert_hostname=False if skip_hostname_check else None,
ssl_version=tls_version
)
return None

20
tests/unit/cli/command_test.py
View File

@ -2,12 +2,10 @@ from __future__ import absolute_import
from __future__ import unicode_literals
import os
import ssl
import pytest
from compose.cli.command import get_config_path_from_options
from compose.cli.command import get_tls_version
from compose.config.environment import Environment
from compose.const import IS_WINDOWS_PLATFORM
from tests import mock
@ -57,21 +55,3 @@ class TestGetConfigPathFromOptions(object):
def test_no_path(self):
environment = Environment.from_env_file('.')
assert not get_config_path_from_options('.', {}, environment)
class TestGetTlsVersion(object):
def test_get_tls_version_default(self):
environment = {}
assert get_tls_version(environment) is None
@pytest.mark.skipif(not hasattr(ssl, 'PROTOCOL_TLSv1_2'), reason='TLS v1.2 unsupported')
def test_get_tls_version_upgrade(self):
environment = {'COMPOSE_TLS_VERSION': 'TLSv1_2'}
assert get_tls_version(environment) == ssl.PROTOCOL_TLSv1_2
def test_get_tls_version_unavailable(self):
environment = {'COMPOSE_TLS_VERSION': 'TLSv5_5'}
with mock.patch('compose.cli.command.log') as mock_log:
tls_version = get_tls_version(environment)
mock_log.warn.assert_called_once_with(mock.ANY)
assert tls_version is None

28
tests/unit/cli/docker_client_test.py
View File

@ -3,6 +3,7 @@ from __future__ import unicode_literals
import os
import platform
import ssl
import docker
import pytest
@ -10,6 +11,7 @@ import pytest
import compose
from compose.cli import errors
from compose.cli.docker_client import docker_client
from compose.cli.docker_client import get_tls_version
from compose.cli.docker_client import tls_config_from_options
from tests import mock
from tests import unittest
@ -157,3 +159,29 @@ class TLSConfigTestCase(unittest.TestCase):
assert result.cert == (self.client_cert, self.key)
assert result.ca_cert == self.ca_cert
assert result.verify is True
def test_tls_simple_with_tls_version(self):
tls_version = 'TLSv1'
options = {'--tls': True}
environment = {'COMPOSE_TLS_VERSION': tls_version}
result = tls_config_from_options(options, environment)
assert isinstance(result, docker.tls.TLSConfig)
assert result.ssl_version == ssl.PROTOCOL_TLSv1
class TestGetTlsVersion(object):
def test_get_tls_version_default(self):
environment = {}
assert get_tls_version(environment) is None
@pytest.mark.skipif(not hasattr(ssl, 'PROTOCOL_TLSv1_2'), reason='TLS v1.2 unsupported')
def test_get_tls_version_upgrade(self):
environment = {'COMPOSE_TLS_VERSION': 'TLSv1_2'}
assert get_tls_version(environment) == ssl.PROTOCOL_TLSv1_2
def test_get_tls_version_unavailable(self):
environment = {'COMPOSE_TLS_VERSION': 'TLSv5_5'}
with mock.patch('compose.cli.docker_client.log') as mock_log:
tls_version = get_tls_version(environment)
mock_log.warn.assert_called_once_with(mock.ANY)
assert tls_version is None