diff options
author | rsdy <rsdy@users.noreply.github.com> | 2019-01-09 02:24:14 +0000 |
---|---|---|
committer | doug tangren <d.tangren@gmail.com> | 2019-01-08 21:24:14 -0500 |
commit | 0ca553e5976acd49f2b9177755e1b2c685c19e48 (patch) | |
tree | 9561ee778b00c9869618fcd5c3793ac5fff69231 /src | |
parent | 4a6117df2eefd2a6878a44fbcdb97be6ac17355b (diff) |
Make TLS/openssl an optional dependency (#130)
Diffstat (limited to 'src')
-rw-r--r-- | src/lib.rs | 100 | ||||
-rw-r--r-- | src/transport.rs | 9 |
2 files changed, 68 insertions, 41 deletions
@@ -47,10 +47,12 @@ use crate::{ }; use futures::{future::Either, Future, IntoFuture, Stream}; use hyper::{client::HttpConnector, Body, Client, Method, Uri}; +#[cfg(feature = "tls")] use hyper_openssl::HttpsConnector; #[cfg(feature = "unix-socket")] use hyperlocal::UnixConnector; use mime::Mime; +#[cfg(feature = "tls")] use openssl::ssl::{SslConnector, SslFiletype, SslMethod}; use serde_json::Value; use std::{borrow::Cow, env, path::Path, time::Duration}; @@ -742,7 +744,63 @@ impl<'a, 'b> Volume<'a, 'b> { } } -// https://docs.docker.com/reference/api/ +fn get_http_connector() -> HttpConnector { + let mut http = HttpConnector::new(1); + http.enforce_http(false); + + http +} + +#[cfg(feature = "tls")] +fn get_docker_for_tcp(tcp_host_str: String) -> Docker { + let http = get_http_connector(); + if let Ok(ref certs) = env::var("DOCKER_CERT_PATH") { + // fixme: don't unwrap before you know what's in the box + // https://github.com/hyperium/hyper/blob/master/src/net.rs#L427-L428 + let mut connector = SslConnector::builder(SslMethod::tls()).unwrap(); + connector.set_cipher_list("DEFAULT").unwrap(); + let cert = &format!("{}/cert.pem", certs); + let key = &format!("{}/key.pem", certs); + connector + .set_certificate_file(&Path::new(cert), SslFiletype::PEM) + .unwrap(); + connector + .set_private_key_file(&Path::new(key), SslFiletype::PEM) + .unwrap(); + if env::var("DOCKER_TLS_VERIFY").is_ok() { + let ca = &format!("{}/ca.pem", certs); + connector.set_ca_file(&Path::new(ca)).unwrap(); + } + + Docker { + transport: Transport::EncryptedTcp { + client: Client::builder() + .build(HttpsConnector::with_connector(http, connector).unwrap()), + host: tcp_host_str, + }, + } + } else { + Docker { + transport: Transport::Tcp { + client: Client::builder().build(http), + host: tcp_host_str, + }, + } + } +} + +#[cfg(not(feature = "tls"))] +fn get_docker_for_tcp(tcp_host_str: String) -> Docker { + let http = get_http_connector(); + Docker { + transport: Transport::Tcp { + client: Client::builder().build(http), + host: tcp_host_str, + }, + } +} + +// https://docs.docker.com/reference/api/docker_remote_api_v1.17/ impl Docker { /// constructs a new Docker instance for a docker host listening at a url specified by an env var `DOCKER_HOST`, /// falling back on unix:///var/run/docker.sock @@ -795,45 +853,7 @@ impl Docker { #[cfg(not(feature = "unix-socket"))] Some("unix") => panic!("Unix socket support is disabled"), - _ => { - let mut http = HttpConnector::new(1); - // Required to support DOCKER_HOST variables of the form `tcp://127.0.0.1:2375`. - http.enforce_http(false); - - if let Ok(ref certs) = env::var("DOCKER_CERT_PATH") { - // fixme: don't unwrap before you know what's in the box - // https://github.com/hyperium/hyper/blob/master/src/net.rs#L427-L428 - let mut connector = SslConnector::builder(SslMethod::tls()).unwrap(); - connector.set_cipher_list("DEFAULT").unwrap(); - let cert = &format!("{}/cert.pem", certs); - let key = &format!("{}/key.pem", certs); - connector - .set_certificate_file(&Path::new(cert), SslFiletype::PEM) - .unwrap(); - connector - .set_private_key_file(&Path::new(key), SslFiletype::PEM) - .unwrap(); - if env::var("DOCKER_TLS_VERIFY").is_ok() { - let ca = &format!("{}/ca.pem", certs); - connector.set_ca_file(&Path::new(ca)).unwrap(); - } - - Docker { - transport: Transport::EncryptedTcp { - client: Client::builder() - .build(HttpsConnector::with_connector(http, connector).unwrap()), - host: tcp_host_str, - }, - } - } else { - Docker { - transport: Transport::Tcp { - client: Client::builder().build(http), - host: tcp_host_str, - }, - } - } - } + _ => get_docker_for_tcp(tcp_host_str), } } diff --git a/src/transport.rs b/src/transport.rs index 432c5df..0d64b5a 100644 --- a/src/transport.rs +++ b/src/transport.rs @@ -9,6 +9,7 @@ use hyper::{ client::{Client, HttpConnector}, header, Body, Chunk, Method, Request, StatusCode, }; +#[cfg(feature = "tls")] use hyper_openssl::HttpsConnector; #[cfg(feature = "unix-socket")] use hyperlocal::UnixConnector; @@ -35,6 +36,7 @@ pub enum Transport { host: String, }, /// TCP/TLS + #[cfg(feature = "tls")] EncryptedTcp { client: Client<HttpsConnector<HttpConnector>>, host: String, @@ -54,6 +56,7 @@ impl fmt::Debug for Transport { ) -> fmt::Result { match *self { Transport::Tcp { ref host, .. } => write!(f, "Tcp({})", host), + #[cfg(feature = "tls")] Transport::EncryptedTcp { ref host, .. } => write!(f, "EncryptedTcp({})", host), #[cfg(feature = "unix-socket")] Transport::Unix { ref path, .. } => write!(f, "Unix({})", path), @@ -154,6 +157,7 @@ impl Transport { Transport::Tcp { ref host, .. } => { builder.method(method).uri(&format!("{}{}", host, endpoint)) } + #[cfg(feature = "tls")] Transport::EncryptedTcp { ref host, .. } => { builder.method(method).uri(&format!("{}{}", host, endpoint)) } @@ -180,6 +184,7 @@ impl Transport { ) -> impl Future<Item = hyper::Response<Body>, Error = Error> { let req = match self { Transport::Tcp { ref client, .. } => client.request(req), + #[cfg(feature = "tls")] Transport::EncryptedTcp { ref client, .. } => client.request(req), #[cfg(feature = "unix-socket")] Transport::Unix { ref client, .. } => client.request(req), @@ -203,7 +208,9 @@ impl Transport { B: Into<Body>, { match self { - Transport::Tcp { .. } | Transport::EncryptedTcp { .. } => (), + Transport::Tcp { .. } => (), + #[cfg(feature = "tls")] + Transport::EncryptedTcp { .. } => (), _ => panic!("connection streaming is only supported over TCP"), }; |