Merge pull request #5593 from docker/4651-tls-env-and-flags

Support mixed use of TLS flags and TLS environment variables
This commit is contained in:
Joffrey F 2018-01-22 11:01:44 -08:00 committed by GitHub
commit fd1e8024f7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 35 additions and 6 deletions

View File

@ -35,7 +35,7 @@ def project_from_options(project_dir, options):
project_name=options.get('--project-name'),
verbose=options.get('--verbose'),
host=host,
tls_config=tls_config_from_options(options),
tls_config=tls_config_from_options(options, environment),
environment=environment,
override_dir=options.get('--project-directory'),
)

View File

@ -2,6 +2,7 @@ from __future__ import absolute_import
from __future__ import unicode_literals
import logging
import os.path
import ssl
from docker import APIClient
@ -35,14 +36,22 @@ def get_tls_version(environment):
def tls_config_from_options(options, environment=None):
environment = environment or {}
cert_path = environment.get('DOCKER_CERT_PATH') or None
tls = options.get('--tls', False)
ca_cert = unquote_path(options.get('--tlscacert'))
cert = unquote_path(options.get('--tlscert'))
key = unquote_path(options.get('--tlskey'))
verify = options.get('--tlsverify')
verify = options.get('--tlsverify', environment.get('DOCKER_TLS_VERIFY'))
skip_hostname_check = options.get('--skip-hostname-check', False)
if cert_path is not None and not any((ca_cert, cert, key)):
# FIXME: Modify TLSConfig to take a cert_path argument and do this internally
cert = os.path.join(cert_path, 'cert.pem')
key = os.path.join(cert_path, 'key.pem')
ca_cert = os.path.join(cert_path, 'ca.pem')
tls_version = get_tls_version(environment or {})
tls_version = get_tls_version(environment)
advanced_opts = any([ca_cert, cert, key, verify, tls_version])

View File

@ -64,9 +64,9 @@ class DockerClientTestCase(unittest.TestCase):
class TLSConfigTestCase(unittest.TestCase):
ca_cert = 'tests/fixtures/tls/ca.pem'
client_cert = 'tests/fixtures/tls/cert.pem'
key = 'tests/fixtures/tls/key.key'
ca_cert = os.path.join('tests/fixtures/tls/', 'ca.pem')
client_cert = os.path.join('tests/fixtures/tls/', 'cert.pem')
key = os.path.join('tests/fixtures/tls/', 'key.pem')
def test_simple_tls(self):
options = {'--tls': True}
@ -168,6 +168,26 @@ class TLSConfigTestCase(unittest.TestCase):
assert isinstance(result, docker.tls.TLSConfig)
assert result.ssl_version == ssl.PROTOCOL_TLSv1
def test_tls_mixed_environment_and_flags(self):
options = {'--tls': True, '--tlsverify': False}
environment = {'DOCKER_CERT_PATH': 'tests/fixtures/tls/'}
result = tls_config_from_options(options, environment)
assert isinstance(result, docker.tls.TLSConfig)
assert result.cert == (self.client_cert, self.key)
assert result.ca_cert == self.ca_cert
assert result.verify is False
def test_tls_flags_override_environment(self):
environment = {'DOCKER_TLS_VERIFY': True}
options = {'--tls': True, '--tlsverify': False}
assert tls_config_from_options(options, environment) is True
environment['COMPOSE_TLS_VERSION'] = 'TLSv1'
result = tls_config_from_options(options, environment)
assert isinstance(result, docker.tls.TLSConfig)
assert result.ssl_version == ssl.PROTOCOL_TLSv1
assert result.verify is False
class TestGetTlsVersion(object):
def test_get_tls_version_default(self):