mirror of https://github.com/docker/compose.git
Recognize COMPOSE_TLS_VERSION env var in tls_config_from_options
Signed-off-by: Joffrey F <joffrey@docker.com>
This commit is contained in:
parent
402b0157d4
commit
f55c9d4201
|
@ -4,7 +4,6 @@ from __future__ import unicode_literals
|
|||
import logging
|
||||
import os
|
||||
import re
|
||||
import ssl
|
||||
|
||||
import six
|
||||
|
||||
|
@ -15,6 +14,7 @@ from ..config.environment import Environment
|
|||
from ..const import API_VERSIONS
|
||||
from ..project import Project
|
||||
from .docker_client import docker_client
|
||||
from .docker_client import get_tls_version
|
||||
from .docker_client import tls_config_from_options
|
||||
from .utils import get_version_info
|
||||
|
||||
|
@ -60,23 +60,6 @@ def get_config_path_from_options(base_dir, options, environment):
|
|||
return None
|
||||
|
||||
|
||||
def get_tls_version(environment):
|
||||
compose_tls_version = environment.get('COMPOSE_TLS_VERSION', None)
|
||||
if not compose_tls_version:
|
||||
return None
|
||||
|
||||
tls_attr_name = "PROTOCOL_{}".format(compose_tls_version)
|
||||
if not hasattr(ssl, tls_attr_name):
|
||||
log.warn(
|
||||
'The "{}" protocol is unavailable. You may need to update your '
|
||||
'version of Python or OpenSSL. Falling back to TLSv1 (default).'
|
||||
.format(compose_tls_version)
|
||||
)
|
||||
return None
|
||||
|
||||
return getattr(ssl, tls_attr_name)
|
||||
|
||||
|
||||
def get_client(environment, verbose=False, version=None, tls_config=None, host=None,
|
||||
tls_version=None):
|
||||
|
||||
|
|
|
@ -2,6 +2,7 @@ from __future__ import absolute_import
|
|||
from __future__ import unicode_literals
|
||||
|
||||
import logging
|
||||
import ssl
|
||||
|
||||
from docker import APIClient
|
||||
from docker.errors import TLSParameterError
|
||||
|
@ -16,7 +17,24 @@ from .utils import unquote_path
|
|||
log = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def tls_config_from_options(options):
|
||||
def get_tls_version(environment):
|
||||
compose_tls_version = environment.get('COMPOSE_TLS_VERSION', None)
|
||||
if not compose_tls_version:
|
||||
return None
|
||||
|
||||
tls_attr_name = "PROTOCOL_{}".format(compose_tls_version)
|
||||
if not hasattr(ssl, tls_attr_name):
|
||||
log.warn(
|
||||
'The "{}" protocol is unavailable. You may need to update your '
|
||||
'version of Python or OpenSSL. Falling back to TLSv1 (default).'
|
||||
.format(compose_tls_version)
|
||||
)
|
||||
return None
|
||||
|
||||
return getattr(ssl, tls_attr_name)
|
||||
|
||||
|
||||
def tls_config_from_options(options, environment=None):
|
||||
tls = options.get('--tls', False)
|
||||
ca_cert = unquote_path(options.get('--tlscacert'))
|
||||
cert = unquote_path(options.get('--tlscert'))
|
||||
|
@ -24,7 +42,9 @@ def tls_config_from_options(options):
|
|||
verify = options.get('--tlsverify')
|
||||
skip_hostname_check = options.get('--skip-hostname-check', False)
|
||||
|
||||
advanced_opts = any([ca_cert, cert, key, verify])
|
||||
tls_version = get_tls_version(environment or {})
|
||||
|
||||
advanced_opts = any([ca_cert, cert, key, verify, tls_version])
|
||||
|
||||
if tls is True and not advanced_opts:
|
||||
return True
|
||||
|
@ -35,7 +55,8 @@ def tls_config_from_options(options):
|
|||
|
||||
return TLSConfig(
|
||||
client_cert=client_cert, verify=verify, ca_cert=ca_cert,
|
||||
assert_hostname=False if skip_hostname_check else None
|
||||
assert_hostname=False if skip_hostname_check else None,
|
||||
ssl_version=tls_version
|
||||
)
|
||||
|
||||
return None
|
||||
|
|
|
@ -2,12 +2,10 @@ from __future__ import absolute_import
|
|||
from __future__ import unicode_literals
|
||||
|
||||
import os
|
||||
import ssl
|
||||
|
||||
import pytest
|
||||
|
||||
from compose.cli.command import get_config_path_from_options
|
||||
from compose.cli.command import get_tls_version
|
||||
from compose.config.environment import Environment
|
||||
from compose.const import IS_WINDOWS_PLATFORM
|
||||
from tests import mock
|
||||
|
@ -57,21 +55,3 @@ class TestGetConfigPathFromOptions(object):
|
|||
def test_no_path(self):
|
||||
environment = Environment.from_env_file('.')
|
||||
assert not get_config_path_from_options('.', {}, environment)
|
||||
|
||||
|
||||
class TestGetTlsVersion(object):
|
||||
def test_get_tls_version_default(self):
|
||||
environment = {}
|
||||
assert get_tls_version(environment) is None
|
||||
|
||||
@pytest.mark.skipif(not hasattr(ssl, 'PROTOCOL_TLSv1_2'), reason='TLS v1.2 unsupported')
|
||||
def test_get_tls_version_upgrade(self):
|
||||
environment = {'COMPOSE_TLS_VERSION': 'TLSv1_2'}
|
||||
assert get_tls_version(environment) == ssl.PROTOCOL_TLSv1_2
|
||||
|
||||
def test_get_tls_version_unavailable(self):
|
||||
environment = {'COMPOSE_TLS_VERSION': 'TLSv5_5'}
|
||||
with mock.patch('compose.cli.command.log') as mock_log:
|
||||
tls_version = get_tls_version(environment)
|
||||
mock_log.warn.assert_called_once_with(mock.ANY)
|
||||
assert tls_version is None
|
||||
|
|
|
@ -3,6 +3,7 @@ from __future__ import unicode_literals
|
|||
|
||||
import os
|
||||
import platform
|
||||
import ssl
|
||||
|
||||
import docker
|
||||
import pytest
|
||||
|
@ -10,6 +11,7 @@ import pytest
|
|||
import compose
|
||||
from compose.cli import errors
|
||||
from compose.cli.docker_client import docker_client
|
||||
from compose.cli.docker_client import get_tls_version
|
||||
from compose.cli.docker_client import tls_config_from_options
|
||||
from tests import mock
|
||||
from tests import unittest
|
||||
|
@ -157,3 +159,29 @@ class TLSConfigTestCase(unittest.TestCase):
|
|||
assert result.cert == (self.client_cert, self.key)
|
||||
assert result.ca_cert == self.ca_cert
|
||||
assert result.verify is True
|
||||
|
||||
def test_tls_simple_with_tls_version(self):
|
||||
tls_version = 'TLSv1'
|
||||
options = {'--tls': True}
|
||||
environment = {'COMPOSE_TLS_VERSION': tls_version}
|
||||
result = tls_config_from_options(options, environment)
|
||||
assert isinstance(result, docker.tls.TLSConfig)
|
||||
assert result.ssl_version == ssl.PROTOCOL_TLSv1
|
||||
|
||||
|
||||
class TestGetTlsVersion(object):
|
||||
def test_get_tls_version_default(self):
|
||||
environment = {}
|
||||
assert get_tls_version(environment) is None
|
||||
|
||||
@pytest.mark.skipif(not hasattr(ssl, 'PROTOCOL_TLSv1_2'), reason='TLS v1.2 unsupported')
|
||||
def test_get_tls_version_upgrade(self):
|
||||
environment = {'COMPOSE_TLS_VERSION': 'TLSv1_2'}
|
||||
assert get_tls_version(environment) == ssl.PROTOCOL_TLSv1_2
|
||||
|
||||
def test_get_tls_version_unavailable(self):
|
||||
environment = {'COMPOSE_TLS_VERSION': 'TLSv5_5'}
|
||||
with mock.patch('compose.cli.docker_client.log') as mock_log:
|
||||
tls_version = get_tls_version(environment)
|
||||
mock_log.warn.assert_called_once_with(mock.ANY)
|
||||
assert tls_version is None
|
||||
|
|
Loading…
Reference in New Issue