Skip to content

Commit b5d752f

Browse files
committed
Merge pull request #89 from jwilder/jw-tls
Docker TLS Environment variable support
2 parents 82da74a + 187d486 commit b5d752f

File tree

2 files changed

+63
-13
lines changed

2 files changed

+63
-13
lines changed

docker-gen.go

Lines changed: 51 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ import (
77
"log"
88
"os"
99
"os/exec"
10+
"path/filepath"
1011
"strings"
1112
"sync"
1213
"time"
@@ -33,6 +34,7 @@ var (
3334
tlsKey string
3435
tlsCaCert string
3536
tlsVerify bool
37+
tlsCertPath string
3638
wg sync.WaitGroup
3739
)
3840

@@ -152,16 +154,42 @@ func (r *RuntimeContainer) PublishedAddresses() []Address {
152154
}
153155

154156
func usage() {
155-
println("Usage: docker-gen [-config file] [-watch=false] [-notify=\"restart xyz\"] [-notify-sighup=\"container-ID\"] [-interval=0] [-endpoint tcp|unix://..] [-tlscert file] [-tlskey file] [-tlscacert file] [-tlsverify] <template> [<dest>]")
157+
println(`Usage: docker-gen [options] template [dest]
158+
159+
Generate files from docker container meta-data
160+
161+
Options:`)
162+
flag.PrintDefaults()
163+
164+
println(`
165+
Arguments:
166+
template - path to a template to generate
167+
dest - path to a write the template. If not specfied, STDOUT is used`)
168+
169+
println(`
170+
Environment Variables:
171+
DOCKER_HOST - default value for -endpoint
172+
DOCKER_CERT_PATH - directory path containing key.pem, cert.pm and ca.pem
173+
DOCKER_TLS_VERIFY - enable client TLS verification
174+
`)
175+
}
176+
177+
func tlsEnabled() bool {
178+
for _, v := range []string{tlsCert, tlsCaCert, tlsKey} {
179+
if e, err := pathExists(v); e && err == nil {
180+
return true
181+
}
182+
}
183+
return false
156184
}
157185

158186
func NewDockerClient(endpoint string) (*docker.Client, error) {
159187
if strings.HasPrefix(endpoint, "unix:") {
160188
return docker.NewClient(endpoint)
161-
} else if tlsVerify || tlsCert != "" || tlsKey != "" || tlsCaCert != "" {
189+
} else if tlsVerify || tlsEnabled() {
162190
if tlsVerify {
163-
if tlsCaCert == "" {
164-
return nil, errors.New("TLS verification was requested, but no -tlscacert was provided")
191+
if e, err := pathExists(tlsCaCert); !e || err != nil {
192+
return nil, errors.New("TLS verification was requested, but CA cert does not exist")
165193
}
166194
}
167195

@@ -347,19 +375,29 @@ func generateFromEvents(client *docker.Client, configs ConfigFile) {
347375
}
348376

349377
func initFlags() {
378+
379+
certPath := filepath.Join(os.Getenv("DOCKER_CERT_PATH"))
380+
if certPath == "" {
381+
certPath = filepath.Join(os.Getenv("HOME"), ".docker")
382+
}
350383
flag.BoolVar(&version, "version", false, "show version")
351384
flag.BoolVar(&watch, "watch", false, "watch for container changes")
352385
flag.BoolVar(&onlyExposed, "only-exposed", false, "only include containers with exposed ports")
353-
flag.BoolVar(&onlyPublished, "only-published", false, "only include containers with published ports (implies -only-exposed)")
354-
flag.StringVar(&notifyCmd, "notify", "", "run command after template is regenerated")
355-
flag.StringVar(&notifySigHUPContainerID, "notify-sighup", "", "send HUP signal to container. Equivalent to `docker kill -s HUP container-ID`")
386+
387+
flag.BoolVar(&onlyPublished, "only-published", false,
388+
"only include containers with published ports (implies -only-exposed)")
389+
flag.StringVar(&notifyCmd, "notify", "", "run command after template is regenerated (e.g `restart xyz`)")
390+
flag.StringVar(&notifySigHUPContainerID, "notify-sighup", "",
391+
"send HUP signal to container. Equivalent to `docker kill -s HUP container-ID`")
356392
flag.Var(&configFiles, "config", "config files with template directives. Config files will be merged if this option is specified multiple times.")
357-
flag.IntVar(&interval, "interval", 0, "notify command interval (s)")
358-
flag.StringVar(&endpoint, "endpoint", "", "docker api endpoint")
359-
flag.StringVar(&tlsCert, "tlscert", "", "path to TLS client certificate file")
360-
flag.StringVar(&tlsKey, "tlskey", "", "path to TLS client key file")
361-
flag.StringVar(&tlsCaCert, "tlscacert", "", "path to TLS CA certificate file")
362-
flag.BoolVar(&tlsVerify, "tlsverify", false, "verify docker daemon's TLS certicate")
393+
flag.IntVar(&interval, "interval", 0, "notify command interval (secs)")
394+
flag.StringVar(&endpoint, "endpoint", "", "docker api endpoint (tcp|unix://..). Default unix:///var/run/docker.sock")
395+
flag.StringVar(&tlsCert, "tlscert", filepath.Join(certPath, "cert.pem"), "path to TLS client certificate file")
396+
flag.StringVar(&tlsKey, "tlskey", filepath.Join(certPath, "key.pem"), "path to TLS client key file")
397+
flag.StringVar(&tlsCaCert, "tlscacert", filepath.Join(certPath, "ca.pem"), "path to TLS CA certificate file")
398+
flag.BoolVar(&tlsVerify, "tlsverify", os.Getenv("DOCKER_TLS_VERIFY") != "", "verify docker daemon's TLS certicate")
399+
400+
flag.Usage = usage
363401
flag.Parse()
364402
}
365403

utils.go

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,3 +38,15 @@ func splitKeyValueSlice(in []string) map[string]string {
3838
return env
3939

4040
}
41+
42+
// pathExists returns whether the given file or directory exists or not
43+
func pathExists(path string) (bool, error) {
44+
_, err := os.Stat(path)
45+
if err == nil {
46+
return true, nil
47+
}
48+
if os.IsNotExist(err) {
49+
return false, nil
50+
}
51+
return false, err
52+
}

0 commit comments

Comments
 (0)