Read docker host from config (#574)

* Read docker host from config Because Image is part of the native provider, we need to be able to pass configurations to it as well. This change allows users to set the hostname for the docker host in their configuration file * Add unit tests for client creation where possible
pulumi · Mar 30, 2023 · 8ff68a2 · 8ff68a2
1 parent 1ade8ae
commit 8ff68a2
Show file tree

Hide file tree

Showing 2 changed files with 107 additions and 1 deletion.
diff --git a/provider/image.go b/provider/image.go
@@ -689,10 +689,17 @@ func configureDockerClient(configs map[string]string) (*client.Client, error) {
 		}
 
 		// Set custom client first
+		if host != "" {
+			return client.NewClientWithOpts(
+				client.WithHTTPClient(httpClient),
+				client.WithHost(host),
+				client.FromEnv,
+				client.WithAPIVersionNegotiation(),
+			)
+		}
 		return client.NewClientWithOpts(
 			client.WithHTTPClient(httpClient),
 			client.FromEnv,
-			client.WithHost(host),
 			client.WithAPIVersionNegotiation(),
 		)
 	}
@@ -703,6 +710,14 @@ func configureDockerClient(configs map[string]string) (*client.Client, error) {
 		ca = filepath.Join(certPath, "ca.pem")
 		cert = filepath.Join(certPath, "cert.pem")
 		key = filepath.Join(certPath, "key.pem")
+		if host != "" {
+			return client.NewClientWithOpts(
+				client.FromEnv,
+				client.WithHost(host),
+				client.WithTLSClientConfig(ca, cert, key),
+				client.WithAPIVersionNegotiation(),
+			)
+		}
 		return client.NewClientWithOpts(
 			client.FromEnv,
 			client.WithTLSClientConfig(ca, cert, key),
@@ -711,6 +726,14 @@ func configureDockerClient(configs map[string]string) (*client.Client, error) {
 	}
 
 	// No TLS certificate material provided, create an http client
+	if host != "" {
+		return client.NewClientWithOpts(
+			client.FromEnv,
+			client.WithHost(host),
+			client.WithAPIVersionNegotiation(),
+		)
+	}
+
 	return client.NewClientWithOpts(
 		client.FromEnv,
 		client.WithAPIVersionNegotiation(),

diff --git a/provider/image_test.go b/provider/image_test.go
@@ -340,3 +340,86 @@ func TestGetRegistryAddrFromImage(t *testing.T) {
 		assert.Equal(t, expectedError, err)
 	})
 }
+
+func TestConfigureDockerClient(t *testing.T) {
+
+	t.Run("Given a host passed via pulumi config, a client should have that host", func(t *testing.T) {
+		expected := "testhost://something.sock"
+		input := map[string]string{
+			"host": "testhost://something.sock",
+		}
+
+		actual, err := configureDockerClient(input)
+		assert.NoError(t, err)
+		assert.Equal(t, expected, actual.DaemonHost())
+	})
+	t.Run("Given a host passed via environment, a client should be configured", func(t *testing.T) {
+		input := map[string]string{}
+		actual, err := configureDockerClient(input)
+		assert.NoError(t, err)
+		assert.NotNil(t, actual)
+	})
+
+	t.Run("For TLS, must pass certMaterial, keyMaterial, and caMaterial", func(t *testing.T) {
+		input := map[string]string{
+			"caMaterial": "raw-cert-string",
+		}
+		actual, err := configureDockerClient(input)
+		expectedError := fmt.Errorf("certMaterial, keyMaterial, and caMaterial must all be specified")
+		if assert.Error(t, err) {
+			assert.Equal(t, expectedError, err)
+		}
+		assert.Nil(t, actual)
+	})
+	t.Run("Errors if only caMaterial is specified", func(t *testing.T) {
+		input := map[string]string{
+			"caMaterial": "raw-ca-string",
+		}
+		actual, err := configureDockerClient(input)
+		expectedError := fmt.Errorf("certMaterial, keyMaterial, and caMaterial must all be specified")
+		if assert.Error(t, err) {
+			assert.Equal(t, expectedError, err)
+		}
+		assert.Nil(t, actual)
+	})
+	t.Run("Errors if only keyMaterial is specified", func(t *testing.T) {
+		input := map[string]string{
+			"keyMaterial": "raw-key-string",
+		}
+		actual, err := configureDockerClient(input)
+		expectedError := fmt.Errorf("certMaterial, keyMaterial, and caMaterial must all be specified")
+		if assert.Error(t, err) {
+			assert.Equal(t, expectedError, err)
+		}
+		assert.Nil(t, actual)
+	})
+
+	t.Run("Errors if not all of certMaterial, keyMaterial, and caMaterial are specified", func(t *testing.T) {
+		input := map[string]string{
+			"caMaterial":   "raw-ca-string",
+			"certMaterial": "raw-cert-string",
+		}
+		actual, err := configureDockerClient(input)
+		expectedError := fmt.Errorf("certMaterial, keyMaterial, and caMaterial must all be specified")
+		if assert.Error(t, err) {
+			assert.Equal(t, expectedError, err)
+		}
+		assert.Nil(t, actual)
+	})
+
+	t.Run("Fails if both a certPath and raw certificates are passed", func(t *testing.T) {
+		input := map[string]string{
+			"certPath":     "path/to/certs",
+			"caMaterial":   "raw-ca-string",
+			"keyMaterial":  "raw-key-string",
+			"certMaterial": "raw-cert-string",
+		}
+		actual, err := configureDockerClient(input)
+		expectedError := fmt.Errorf("when using raw certificates, certPath must not be specified")
+		if assert.Error(t, err) {
+			assert.Equal(t, expectedError, err)
+		}
+		assert.Nil(t, actual)
+	})
+
+}