def test_tls_client_missing_key(self):
options = {'--tlscert': self.client_cert}
with pytest.raises(docker.errors.TLSParameterError):
tls_config_from_options(options)
options = {'--tlskey': self.key}
with pytest.raises(docker.errors.TLSParameterError):
tls_config_from_options(options)
def test_tls_client_missing_key(self):
options = {'--tlscert': self.client_cert}
with pytest.raises(docker.errors.TLSParameterError):
tls_config_from_options(options)
options = {'--tlskey': self.key}
with pytest.raises(docker.errors.TLSParameterError):
tls_config_from_options(options)
def test_tls_flags_override_environment(self):
environment = {'DOCKER_TLS_VERIFY': True}
options = {'--tls': True, '--tlsverify': False}
assert tls_config_from_options(options, environment) is True
environment['COMPOSE_TLS_VERSION'] = 'TLSv1'
result = tls_config_from_options(options, environment)
assert isinstance(result, docker.tls.TLSConfig)
assert result.ssl_version == ssl.PROTOCOL_TLSv1
assert result.verify is False
def test_tls_simple_with_tls_version(self):
tls_version = 'TLSv1'
options = {'--tls': True}
environment = Environment({'COMPOSE_TLS_VERSION': tls_version})
result = tls_config_from_options(options, environment)
assert isinstance(result, docker.tls.TLSConfig)
assert result.ssl_version == ssl.PROTOCOL_TLSv1
def test_tls_client_cert(self):
options = {
'--tlscert': self.client_cert, '--tlskey': self.key
}
result = tls_config_from_options(options)
assert isinstance(result, docker.tls.TLSConfig)
assert result.cert == (options['--tlscert'], options['--tlskey'])
def test_tls_simple_with_tls_version(self):
tls_version = 'TLSv1'
options = {'--tls': True}
environment = Environment({'COMPOSE_TLS_VERSION': tls_version})
result = tls_config_from_options(options, environment)
assert isinstance(result, docker.tls.TLSConfig)
assert result.ssl_version == ssl.PROTOCOL_TLSv1
def test_tls_mixed_environment_and_flags(self):
options = {'--tls': True, '--tlsverify': False}
environment = Environment({'DOCKER_CERT_PATH': 'tests/fixtures/tls/'})
result = tls_config_from_options(options, environment)
assert isinstance(result, docker.tls.TLSConfig)
assert result.cert == (self.client_cert, self.key)
assert result.ca_cert == self.ca_cert
assert result.verify is False
def test_tls_mixed_environment_and_flags(self):
options = {'--tls': True, '--tlsverify': False}
environment = Environment({'DOCKER_CERT_PATH': 'tests/fixtures/tls/'})
result = tls_config_from_options(options, environment)
assert isinstance(result, docker.tls.TLSConfig)
assert result.cert == (self.client_cert, self.key)
assert result.ca_cert == self.ca_cert
assert result.verify is False
def test_tls_ca_cert(self):
options = {
'--tlscacert': self.ca_cert, '--tlsverify': True
}
result = tls_config_from_options(options)
assert isinstance(result, docker.tls.TLSConfig)
assert result.ca_cert == options['--tlscacert']
assert result.verify is True
def test_tls_client_and_ca(self):
options = {
'--tlscert': self.client_cert, '--tlskey': self.key,
'--tlsverify': True, '--tlscacert': self.ca_cert
}
result = tls_config_from_options(options)
assert isinstance(result, docker.tls.TLSConfig)
assert result.cert == (options['--tlscert'], options['--tlskey'])
assert result.ca_cert == options['--tlscacert']
assert result.verify is True
def test_tls_verify_default_cert_path(self):
environment = Environment({'DOCKER_TLS_VERIFY': '1'})
options = {'--tls': True}
with mock.patch('compose.cli.docker_client.default_cert_path') as dcp:
dcp.return_value = 'tests/fixtures/tls/'
result = tls_config_from_options(options, environment)
assert isinstance(result, docker.tls.TLSConfig)
assert result.verify is True
assert result.ca_cert == self.ca_cert
assert result.cert == (self.client_cert, self.key)
def test_tls_verify_default_cert_path(self):
environment = Environment({'DOCKER_TLS_VERIFY': '1'})
options = {'--tls': True}
with mock.patch('compose.cli.docker_client.default_cert_path') as dcp:
dcp.return_value = 'tests/fixtures/tls/'
result = tls_config_from_options(options, environment)
assert isinstance(result, docker.tls.TLSConfig)
assert result.verify is True
assert result.ca_cert == self.ca_cert
assert result.cert == (self.client_cert, self.key)
def test_tls_client_and_ca_quoted_paths(self):
options = {
'--tlscacert': '"{}"'.format(self.ca_cert),
'--tlscert': '"{}"'.format(self.client_cert),
'--tlskey': '"{}"'.format(self.key),
'--tlsverify': True
}
result = tls_config_from_options(options)
assert isinstance(result, docker.tls.TLSConfig)
assert result.cert == (self.client_cert, self.key)
assert result.ca_cert == self.ca_cert
assert result.verify is True
def test_tls_client_and_ca_quoted_paths(self):
options = {
'--tlscacert': '"{0}"'.format(self.ca_cert),
'--tlscert': '"{0}"'.format(self.client_cert),
'--tlskey': '"{0}"'.format(self.key),
'--tlsverify': True
}
result = tls_config_from_options(options)
assert isinstance(result, docker.tls.TLSConfig)
assert result.cert == (self.client_cert, self.key)
assert result.ca_cert == self.ca_cert
assert result.verify is True
def test_tls_verify_flag_no_override(self):
environment = Environment({
'DOCKER_TLS_VERIFY': 'true',
'COMPOSE_TLS_VERSION': 'TLSv1'
})
options = {'--tls': True, '--tlsverify': False}
result = tls_config_from_options(options, environment)
assert isinstance(result, docker.tls.TLSConfig)
assert result.ssl_version == ssl.PROTOCOL_TLSv1
# verify is a special case - since `--tlsverify` = False means it
# wasn't used, we set it if either the environment or the flag is True
# see https://github.com/docker/compose/issues/5632
assert result.verify is True
def test_tls_flags_override_environment(self):
environment = Environment({
'DOCKER_CERT_PATH': '/completely/wrong/path',
'DOCKER_TLS_VERIFY': 'false'
})
options = {
'--tlscacert': '"{}"'.format(self.ca_cert),
'--tlscert': '"{}"'.format(self.client_cert),
'--tlskey': '"{}"'.format(self.key),
'--tlsverify': True
}
result = tls_config_from_options(options, environment)
assert isinstance(result, docker.tls.TLSConfig)
assert result.cert == (self.client_cert, self.key)
assert result.ca_cert == self.ca_cert
assert result.verify is True
def test_tls_flags_override_environment(self):
environment = Environment({
'DOCKER_CERT_PATH': '/completely/wrong/path',
'DOCKER_TLS_VERIFY': 'false'
})
options = {
'--tlscacert': '"{0}"'.format(self.ca_cert),
'--tlscert': '"{0}"'.format(self.client_cert),
'--tlskey': '"{0}"'.format(self.key),
'--tlsverify': True
}
result = tls_config_from_options(options, environment)
assert isinstance(result, docker.tls.TLSConfig)
assert result.cert == (self.client_cert, self.key)
assert result.ca_cert == self.ca_cert
assert result.verify is True
def test_assert_hostname_explicit_skip(self):
options = {'--tlscacert': self.ca_cert, '--skip-hostname-check': True}
result = tls_config_from_options(options)
assert isinstance(result, docker.tls.TLSConfig)
assert result.assert_hostname is False
def test_assert_hostname_explicit_skip(self):
options = {'--tlscacert': self.ca_cert, '--skip-hostname-check': True}
result = tls_config_from_options(options)
assert isinstance(result, docker.tls.TLSConfig)
assert result.assert_hostname is False
def test_tls_verify_env_falsy_value(self):
environment = Environment({'DOCKER_TLS_VERIFY': '0'})
options = {'--tls': True}
assert tls_config_from_options(options, environment) is True
def test_tls_verify_env_falsy_value(self):
environment = Environment({'DOCKER_TLS_VERIFY': '0'})
options = {'--tls': True}
assert tls_config_from_options(options, environment) is True
def test_simple_tls(self):
options = {'--tls': True}
result = tls_config_from_options(options)
assert result is True
def test_simple_tls(self):
options = {'--tls': True}
result = tls_config_from_options(options)
assert result is True
