From 1a6bb747b99bd730cc7c214469d46fff3538fc5f Mon Sep 17 00:00:00 2001 From: Laurent Luce Date: Mon, 31 Jul 2023 13:07:19 -0400 Subject: [PATCH] fix: Remove the temp cert files only after the docker client is initialized (#1030) ## Description: The temp cert files were removed before the docker client got a chance to read them to build a TLS config. Not sure if this was due to a race condition or a recent change in the docker client. ## Is this change user facing? NO --- .../backend_creator/backend_creator.go | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/container-engine-lib/lib/backend_impls/docker/docker_kurtosis_backend/backend_creator/backend_creator.go b/container-engine-lib/lib/backend_impls/docker/docker_kurtosis_backend/backend_creator/backend_creator.go index 1d2cb3d2c9..c428cb6497 100644 --- a/container-engine-lib/lib/backend_impls/docker/docker_kurtosis_backend/backend_creator/backend_creator.go +++ b/container-engine-lib/lib/backend_impls/docker/docker_kurtosis_backend/backend_creator/backend_creator.go @@ -86,10 +86,11 @@ func getRemoteDockerKurtosisBackend( optionalApiContainerModeArgs *APIContainerModeArgs, remoteBackendConfig *configs.KurtosisRemoteBackendConfig, ) (backend_interface.KurtosisBackend, error) { - remoteDockerClientOpts, err := buildRemoteDockerClientOpts(remoteBackendConfig) + remoteDockerClientOpts, cleanCertFilesFunc, err := buildRemoteDockerClientOpts(remoteBackendConfig) if err != nil { return nil, stacktrace.Propagate(err, "Error building client configuration for Docker remote backend") } + defer cleanCertFilesFunc() kurtosisRemoteBackend, err := getDockerKurtosisBackend(remoteDockerClientOpts, optionalApiContainerModeArgs) if err != nil { return nil, stacktrace.Propagate(err, "Error building Kurtosis remote Docker backend") @@ -97,19 +98,21 @@ func getRemoteDockerKurtosisBackend( return kurtosisRemoteBackend, nil } -func buildRemoteDockerClientOpts(remoteBackendConfig *configs.KurtosisRemoteBackendConfig) ([]client.Opt, error) { +func buildRemoteDockerClientOpts(remoteBackendConfig *configs.KurtosisRemoteBackendConfig) ([]client.Opt, func(), error) { var clientOptions []client.Opt // host and port option clientOptions = append(clientOptions, client.WithHost(remoteBackendConfig.Endpoint)) // TLS option if config is present + cleanCertFilesFunc := func() {} if tlsConfig := remoteBackendConfig.Tls; tlsConfig != nil { - tlsFilesDir, cleanCertFilesFunc, err := writeTlsConfigToTempDir(tlsConfig.Ca, tlsConfig.ClientCert, tlsConfig.ClientKey) + var tlsFilesDir string + var err error + tlsFilesDir, cleanCertFilesFunc, err = writeTlsConfigToTempDir(tlsConfig.Ca, tlsConfig.ClientCert, tlsConfig.ClientKey) if err != nil { - return nil, stacktrace.Propagate(err, "Error building TLS configuration to connect to remote Docker backend") + return nil, nil, stacktrace.Propagate(err, "Error building TLS configuration to connect to remote Docker backend") } - defer cleanCertFilesFunc() tlsOpt := client.WithTLSClientConfig( path.Join(tlsFilesDir, caFileName), path.Join(tlsFilesDir, certFileName), @@ -119,7 +122,7 @@ func buildRemoteDockerClientOpts(remoteBackendConfig *configs.KurtosisRemoteBack // Timeout and API version negotiation option clientOptions = append(clientOptions, client.WithAPIVersionNegotiation()) - return clientOptions, nil + return clientOptions, cleanCertFilesFunc, nil } // writeTlsConfigToTempDir writes the different TLS files to a directory, and returns the path to this directory.