mirror of https://github.com/docker/compose.git
Merge pull request #5593 from docker/4651-tls-env-and-flags
Support mixed use of TLS flags and TLS environment variables
This commit is contained in:
commit
fd1e8024f7
|
@ -35,7 +35,7 @@ def project_from_options(project_dir, options):
|
|||
project_name=options.get('--project-name'),
|
||||
verbose=options.get('--verbose'),
|
||||
host=host,
|
||||
tls_config=tls_config_from_options(options),
|
||||
tls_config=tls_config_from_options(options, environment),
|
||||
environment=environment,
|
||||
override_dir=options.get('--project-directory'),
|
||||
)
|
||||
|
|
|
@ -2,6 +2,7 @@ from __future__ import absolute_import
|
|||
from __future__ import unicode_literals
|
||||
|
||||
import logging
|
||||
import os.path
|
||||
import ssl
|
||||
|
||||
from docker import APIClient
|
||||
|
@ -35,14 +36,22 @@ def get_tls_version(environment):
|
|||
|
||||
|
||||
def tls_config_from_options(options, environment=None):
|
||||
environment = environment or {}
|
||||
cert_path = environment.get('DOCKER_CERT_PATH') or None
|
||||
|
||||
tls = options.get('--tls', False)
|
||||
ca_cert = unquote_path(options.get('--tlscacert'))
|
||||
cert = unquote_path(options.get('--tlscert'))
|
||||
key = unquote_path(options.get('--tlskey'))
|
||||
verify = options.get('--tlsverify')
|
||||
verify = options.get('--tlsverify', environment.get('DOCKER_TLS_VERIFY'))
|
||||
skip_hostname_check = options.get('--skip-hostname-check', False)
|
||||
if cert_path is not None and not any((ca_cert, cert, key)):
|
||||
# FIXME: Modify TLSConfig to take a cert_path argument and do this internally
|
||||
cert = os.path.join(cert_path, 'cert.pem')
|
||||
key = os.path.join(cert_path, 'key.pem')
|
||||
ca_cert = os.path.join(cert_path, 'ca.pem')
|
||||
|
||||
tls_version = get_tls_version(environment or {})
|
||||
tls_version = get_tls_version(environment)
|
||||
|
||||
advanced_opts = any([ca_cert, cert, key, verify, tls_version])
|
||||
|
||||
|
|
|
@ -64,9 +64,9 @@ class DockerClientTestCase(unittest.TestCase):
|
|||
|
||||
|
||||
class TLSConfigTestCase(unittest.TestCase):
|
||||
ca_cert = 'tests/fixtures/tls/ca.pem'
|
||||
client_cert = 'tests/fixtures/tls/cert.pem'
|
||||
key = 'tests/fixtures/tls/key.key'
|
||||
ca_cert = os.path.join('tests/fixtures/tls/', 'ca.pem')
|
||||
client_cert = os.path.join('tests/fixtures/tls/', 'cert.pem')
|
||||
key = os.path.join('tests/fixtures/tls/', 'key.pem')
|
||||
|
||||
def test_simple_tls(self):
|
||||
options = {'--tls': True}
|
||||
|
@ -168,6 +168,26 @@ class TLSConfigTestCase(unittest.TestCase):
|
|||
assert isinstance(result, docker.tls.TLSConfig)
|
||||
assert result.ssl_version == ssl.PROTOCOL_TLSv1
|
||||
|
||||
def test_tls_mixed_environment_and_flags(self):
|
||||
options = {'--tls': True, '--tlsverify': False}
|
||||
environment = {'DOCKER_CERT_PATH': 'tests/fixtures/tls/'}
|
||||
result = tls_config_from_options(options, environment)
|
||||
assert isinstance(result, docker.tls.TLSConfig)
|
||||
assert result.cert == (self.client_cert, self.key)
|
||||
assert result.ca_cert == self.ca_cert
|
||||
assert result.verify is False
|
||||
|
||||
def test_tls_flags_override_environment(self):
|
||||
environment = {'DOCKER_TLS_VERIFY': True}
|
||||
options = {'--tls': True, '--tlsverify': False}
|
||||
assert tls_config_from_options(options, environment) is True
|
||||
|
||||
environment['COMPOSE_TLS_VERSION'] = 'TLSv1'
|
||||
result = tls_config_from_options(options, environment)
|
||||
assert isinstance(result, docker.tls.TLSConfig)
|
||||
assert result.ssl_version == ssl.PROTOCOL_TLSv1
|
||||
assert result.verify is False
|
||||
|
||||
|
||||
class TestGetTlsVersion(object):
|
||||
def test_get_tls_version_default(self):
|
||||
|
|
Loading…
Reference in New Issue