Merge pull request #3226 from shin-/3210-assert-hostname

Fix assert_hostname logic in tls_config_from_options
2016-04-01 10:32:13 -07:00 · 2016-04-01 10:32:13 -07:00 · 9509508f3e
parent 85e2fb63b3 1a7a65f84d
commit 9509508f3e
3 changed files with 14 additions and 10 deletions
--- a/compose/cli/docker_client.py
+++ b/compose/cli/docker_client.py
@ -7,7 +7,6 @@ from docker import Client
 from docker.errors import TLSParameterError
 from docker.tls import TLSConfig
 from docker.utils import kwargs_from_env
 from requests.utils import urlparse
 from ..const import HTTP_TIMEOUT
 from .errors import UserError
@ -21,24 +20,23 @@ def tls_config_from_options(options):
    cert = options.get('--tlscert')
    key = options.get('--tlskey')
    verify = options.get('--tlsverify')
-    hostname = urlparse(options.get('--host') or '').hostname
+    skip_hostname_check = options.get('--skip-hostname-check', False)
    advanced_opts = any([ca_cert, cert, key, verify])
    if tls is True and not advanced_opts:
        return True
-    elif advanced_opts:
+    elif advanced_opts:  # --tls is a noop
        client_cert = None
        if cert or key:
            client_cert = (cert, key)
        return TLSConfig(
            client_cert=client_cert, verify=verify, ca_cert=ca_cert,
-            assert_hostname=(
+            assert_hostname=False if skip_hostname_check else None
                hostname or not options.get('--skip-hostname-check', False)
            )
        )
-    else:
+
-        return None
+    return None
 def docker_client(environment, version=None, tls_config=None, host=None):
@ -51,7 +49,7 @@ def docker_client(environment, version=None, tls_config=None, host=None):
                 "Please use COMPOSE_HTTP_TIMEOUT instead.")
    try:
-        kwargs = kwargs_from_env(assert_hostname=False, environment=environment)
+        kwargs = kwargs_from_env(environment=environment)
    except TLSParameterError:
        raise UserError(
            "TLS configuration is invalid - make sure your DOCKER_TLS_VERIFY "
--- a/requirements.txt
+++ b/requirements.txt
@ -1,6 +1,6 @@
 PyYAML==3.11
 cached-property==1.2.0
-docker-py==1.8.0rc2
+docker-py==1.8.0rc5
 dockerpty==0.4.1
 docopt==0.6.1
 enum34==1.0.4
--- a/tests/unit/cli/docker_client_test.py
+++ b/tests/unit/cli/docker_client_test.py
@ -103,3 +103,9 @@ class TLSConfigTestCase(unittest.TestCase):
        options = {'--tlskey': self.key}
        with pytest.raises(docker.errors.TLSParameterError):
            tls_config_from_options(options)
    def test_assert_hostname_explicit_skip(self):
        options = {'--tlscacert': self.ca_cert, '--skip-hostname-check': True}
        result = tls_config_from_options(options)
        assert isinstance(result, docker.tls.TLSConfig)
        assert result.assert_hostname is False