From 69cd38ab8684e2a6760f8861d141822d41170c7b Mon Sep 17 00:00:00 2001 From: Deni Bertovic Date: Sat, 22 Mar 2014 01:04:12 +0100 Subject: [PATCH] initial take on adding support for tls auth with client certificates --- docker/client.py | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/docker/client.py b/docker/client.py index 38355b09c4..9ae21a235e 100644 --- a/docker/client.py +++ b/docker/client.py @@ -69,9 +69,18 @@ def is_server_error(self): class Client(requests.Session): - def __init__(self, base_url=None, version=DEFAULT_DOCKER_API_VERSION, - timeout=DEFAULT_TIMEOUT_SECONDS): + def __init__(self, + base_url=None, + version=DEFAULT_DOCKER_API_VERSION, + timeout=DEFAULT_TIMEOUT_SECONDS, + tls=False, + tls_cert=None, + tls_key=None): super(Client, self).__init__() + if tls and not (tls_cert and tls_key): + raise RuntimeError('tls_key and tls_cert are required.') + if tls and not base_url.startswith('https'): + raise RuntimeError('TLS: base_url has to start with https://') if base_url is None: base_url = "http+unix://var/run/docker.sock" if 'unix:///' in base_url: @@ -87,7 +96,12 @@ def __init__(self, base_url=None, version=DEFAULT_DOCKER_API_VERSION, self._timeout = timeout self._auth_configs = auth.load_config() - self.mount('http+unix://', unixconn.UnixAdapter(base_url, timeout)) + if tls: + self.cert = (tls_cert, tls_key) + self.verify = False # We assume the server.crt will we self signed + self.mount('https://', requests.adapters.HTTPAdapter()) + else: + self.mount('http+unix://', unixconn.UnixAdapter(base_url, timeout)) def _set_request_timeout(self, kwargs): """Prepare the kwargs for an HTTP request by inserting the timeout