diff options
author | Joffrey F <joffrey@docker.com> | 2018-02-21 13:24:25 -0800 |
---|---|---|
committer | Joffrey F <joffrey@docker.com> | 2018-02-21 13:33:27 -0800 |
commit | cd7ccad81ee527582992bbc225d5f485cb5e12bb (patch) | |
tree | 3da7acea1965d53c576492fdd776ed2fa6539a96 | |
parent | e71664385756a75f4cb14c9447138ac3c4120f3a (diff) |
Retrieve certs from default path if not provided explicitly
Signed-off-by: Joffrey F <joffrey@docker.com>
-rw-r--r-- | compose/cli/docker_client.py | 11 | ||||
-rw-r--r-- | tests/unit/cli/docker_client_test.py | 21 |
2 files changed, 28 insertions, 4 deletions
diff --git a/compose/cli/docker_client.py b/compose/cli/docker_client.py index 818fe63a..cc8993d7 100644 --- a/compose/cli/docker_client.py +++ b/compose/cli/docker_client.py @@ -9,6 +9,7 @@ from docker import APIClient from docker.errors import TLSParameterError from docker.tls import TLSConfig from docker.utils import kwargs_from_env +from docker.utils.config import home_dir from ..config.environment import Environment from ..const import HTTP_TIMEOUT @@ -19,6 +20,10 @@ from .utils import unquote_path log = logging.getLogger(__name__) +def default_cert_path(): + return os.path.join(home_dir(), '.docker') + + def get_tls_version(environment): compose_tls_version = environment.get('COMPOSE_TLS_VERSION', None) if not compose_tls_version: @@ -56,6 +61,12 @@ def tls_config_from_options(options, environment=None): key = os.path.join(cert_path, 'key.pem') ca_cert = os.path.join(cert_path, 'ca.pem') + if verify and not any((ca_cert, cert, key)): + # Default location for cert files is ~/.docker + ca_cert = os.path.join(default_cert_path(), 'ca.pem') + cert = os.path.join(default_cert_path(), 'cert.pem') + key = os.path.join(default_cert_path(), 'key.pem') + tls_version = get_tls_version(environment) advanced_opts = any([ca_cert, cert, key, verify, tls_version]) diff --git a/tests/unit/cli/docker_client_test.py b/tests/unit/cli/docker_client_test.py index 5bb4564e..be91ea31 100644 --- a/tests/unit/cli/docker_client_test.py +++ b/tests/unit/cli/docker_client_test.py @@ -68,9 +68,10 @@ class DockerClientTestCase(unittest.TestCase): class TLSConfigTestCase(unittest.TestCase): - ca_cert = os.path.join('tests/fixtures/tls/', 'ca.pem') - client_cert = os.path.join('tests/fixtures/tls/', 'cert.pem') - key = os.path.join('tests/fixtures/tls/', 'key.pem') + cert_path = 'tests/fixtures/tls/' + ca_cert = os.path.join(cert_path, 'ca.pem') + client_cert = os.path.join(cert_path, 'cert.pem') + key = os.path.join(cert_path, 'key.pem') def test_simple_tls(self): options = {'--tls': True} @@ -202,7 +203,8 @@ class TLSConfigTestCase(unittest.TestCase): def test_tls_verify_flag_no_override(self): environment = Environment({ 'DOCKER_TLS_VERIFY': 'true', - 'COMPOSE_TLS_VERSION': 'TLSv1' + 'COMPOSE_TLS_VERSION': 'TLSv1', + 'DOCKER_CERT_PATH': self.cert_path }) options = {'--tls': True, '--tlsverify': False} @@ -219,6 +221,17 @@ class TLSConfigTestCase(unittest.TestCase): options = {'--tls': True} assert tls_config_from_options(options, environment) is True + def test_tls_verify_default_cert_path(self): + environment = Environment({'DOCKER_TLS_VERIFY': '1'}) + options = {'--tls': True} + with mock.patch('compose.cli.docker_client.default_cert_path') as dcp: + dcp.return_value = 'tests/fixtures/tls/' + result = tls_config_from_options(options, environment) + assert isinstance(result, docker.tls.TLSConfig) + assert result.verify is True + assert result.ca_cert == self.ca_cert + assert result.cert == (self.client_cert, self.key) + class TestGetTlsVersion(object): def test_get_tls_version_default(self): |