-
Notifications
You must be signed in to change notification settings - Fork 0
/
client.go
73 lines (60 loc) · 1.75 KB
/
client.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
// μDocker - super-lightweight Docker client. pulling in the official client uses
// huge amounts of code and memory
package udocker
import (
"context"
"crypto/tls"
"net"
"net/http"
"net/url"
"github.com/function61/gokit/os/osutil"
)
type certificateLoader func() (*tls.Certificate, error)
func DefaultDockerSockClient() (*http.Client, string, error) {
return Client("unix:///var/run/docker.sock", nil, false)
}
func Client(
dockerUrl string,
clientCertificateLoader certificateLoader,
insecureSkipVerify bool,
) (*http.Client, string, error) {
u, err := url.Parse(dockerUrl)
if err != nil {
return nil, "", err
}
if u.Scheme == "unix" { // unix socket needs own dialer
return &http.Client{
Transport: &http.Transport{
DialContext: func(ctx context.Context, _, addr string) (net.Conn, error) {
dialer := net.Dialer{} // don't know why we need a struct to use DialContext()
return dialer.DialContext(ctx, "unix", u.Path)
},
},
}, "http://localhost", nil
}
clientCertificate, err := clientCertificateLoader()
if err != nil {
return nil, "", err
}
tlsConfig := &tls.Config{
Certificates: []tls.Certificate{*clientCertificate},
//nolint:gosec // ok as explicit opt-in
InsecureSkipVerify: insecureSkipVerify,
}
return &http.Client{Transport: &http.Transport{TLSClientConfig: tlsConfig}}, dockerUrl, nil
}
func ClientCertificateFromEnv() (*tls.Certificate, error) {
clientCert, err := osutil.GetenvRequiredFromBase64("DOCKER_CLIENTCERT")
if err != nil {
return nil, err
}
clientCertKey, err := osutil.GetenvRequiredFromBase64("DOCKER_CLIENTCERT_KEY")
if err != nil {
return nil, err
}
clientKeypair, err := tls.X509KeyPair(clientCert, clientCertKey)
if err != nil {
return nil, err
}
return &clientKeypair, nil
}