From 97abb20c2164875cbde5ae647513c406aae3935d Mon Sep 17 00:00:00 2001 From: Calvin Cheng Date: Mon, 20 Feb 2017 06:55:54 +0800 Subject: [PATCH 1/3] docker api enforces tls from docker 1.13 onwards For docker 1.13 onwards, not using `dc.NewTLSClient` will fail with malformed http response. Also, is there an option in dockertest v3 to support docker-machine? There was an option to support docker-machine in v2 but I can't seem to find it in v3. Providing such an option will allow us to use `dc.NewClientFromEnv()`. --- dockertest.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/dockertest.go b/dockertest.go index b4d7d158..b1011eb3 100644 --- a/dockertest.go +++ b/dockertest.go @@ -52,7 +52,13 @@ func NewPool(endpoint string) (*Pool, error) { } } - client, err := dc.NewClient(endpoint) + // docker machine cert path, not sure how it applies to non-docker machine scenarios + path := os.Getenv("DOCKER_CERT_PATH") + ca := fmt.Sprintf("%s/ca.pem", path) + cert := fmt.Sprintf("%s/cert.pem", path) + key := fmt.Sprintf("%s/key.pem", path) + + client, err := dc.NewTLSClient(endpoint, cert, key, ca) if err != nil { return nil, errors.Wrap(err, "") } From eedc39f96115c5dc32d3149d7320235119fd5750 Mon Sep 17 00:00:00 2001 From: Calvin Cheng Date: Tue, 21 Feb 2017 23:00:56 +0800 Subject: [PATCH 2/3] `NewTLSPool` for TLS endpoints --- dockertest.go | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/dockertest.go b/dockertest.go index b1011eb3..d1307e6a 100644 --- a/dockertest.go +++ b/dockertest.go @@ -39,6 +39,23 @@ func (r *Resource) GetPort(id string) string { return m[0].HostPort } +// NewTLSPool creates a new pool given an endpoint and the certificate path. This is required for endpoints that +// require TLS communication. +func NewTLSPool(endpoint, certpath string) (*Pool, error) { + ca := fmt.Sprintf("%s/ca.pem", certpath) + cert := fmt.Sprintf("%s/cert.pem", certpath) + key := fmt.Sprintf("%s/key.pem", certpath) + + client, err := dc.NewTLSClient(endpoint, cert, key, ca) + if err != nil { + return nil, errors.Wrap(err, "") + } + + return &Pool{ + Client: client, + }, nil +} + // NewPool creates a new pool. You can pass an empty string to use the default, which is taken from the environment // variable DOCKER_URL or if that is not defined a sensible default for the operating system you are on. func NewPool(endpoint string) (*Pool, error) { @@ -51,14 +68,8 @@ func NewPool(endpoint string) (*Pool, error) { endpoint = "unix:///var/run/docker.sock" } } - - // docker machine cert path, not sure how it applies to non-docker machine scenarios - path := os.Getenv("DOCKER_CERT_PATH") - ca := fmt.Sprintf("%s/ca.pem", path) - cert := fmt.Sprintf("%s/cert.pem", path) - key := fmt.Sprintf("%s/key.pem", path) - - client, err := dc.NewTLSClient(endpoint, cert, key, ca) + + client, err := dc.NewClient(endpoint, cert, key, ca) if err != nil { return nil, errors.Wrap(err, "") } From cde1a9a8b0f565f725835beb26e3557784bebbfb Mon Sep 17 00:00:00 2001 From: Calvin Cheng Date: Wed, 22 Feb 2017 06:24:21 +0800 Subject: [PATCH 3/3] NewClient vs NewTLSClient --- dockertest.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dockertest.go b/dockertest.go index d1307e6a..e9e6acce 100644 --- a/dockertest.go +++ b/dockertest.go @@ -69,7 +69,7 @@ func NewPool(endpoint string) (*Pool, error) { } } - client, err := dc.NewClient(endpoint, cert, key, ca) + client, err := dc.NewClient(endpoint) if err != nil { return nil, errors.Wrap(err, "") }