Support TLS configuration from docker context (#2105)

piotrwielgolaski-tomtom · eddumelendez · web-flow · commit dddd439ceb3f · 2023-05-29T20:50:47.000+02:00
Co-authored-by: Eddú Meléndez &lt;eddu.melendez@gmail.com&gt;
diff --git a/docker-java-core/src/main/java/com/github/dockerjava/core/DefaultDockerClientConfig.java b/docker-java-core/src/main/java/com/github/dockerjava/core/DefaultDockerClientConfig.java
@@ -441,7 +441,33 @@ public final Builder withCustomSslConfig(SSLConfig customSslConfig) {
             return this;
         }
 
+        private void applyContextConfiguration(final String context) {
+            final Optional<DockerContextMetaFile> dockerContextMetaFile =
+                Optional.ofNullable(context)
+                    .flatMap(ctx -> DockerContextMetaFile.resolveContextMetaFile(DockerClientConfig.getDefaultObjectMapper(),
+                            new File(this.dockerConfig), ctx));
+
+            if (dockerContextMetaFile.isPresent()) {
+                final Optional<DockerContextMetaFile.Endpoints.Docker> dockerEndpoint =
+                    dockerContextMetaFile.map(metaFile -> metaFile.endpoints).map(endpoint -> endpoint.docker);
+                if (this.dockerHost == null) {
+                    this.dockerHost = dockerEndpoint.map(endpoint -> endpoint.host).map(URI::create).orElse(null);
+                }
+                if (this.dockerCertPath == null) {
+                    this.dockerCertPath = dockerContextMetaFile.map(metaFile -> metaFile.storage)
+                        .map(storage -> storage.tlsPath)
+                        .filter(file -> new File(file).exists()).orElse(null);
+                    if (this.dockerCertPath != null) {
+                        this.dockerTlsVerify = dockerEndpoint.map(endpoint -> !endpoint.skipTLSVerify).orElse(true);
+                    }
+                }
+            }
+        }
+
         public DefaultDockerClientConfig build() {
+            final DockerConfigFile dockerConfigFile = readDockerConfig();
+            final String context = (dockerContext != null) ? dockerContext : dockerConfigFile.getCurrentContext();
+            applyContextConfiguration(context);
 
             SSLConfig sslConfig = null;
 
@@ -454,12 +480,9 @@ public DefaultDockerClientConfig build() {
                 sslConfig = customSslConfig;
             }
 
-            final DockerConfigFile dockerConfigFile = readDockerConfig();
-
-            final String context = (dockerContext != null) ? dockerContext : dockerConfigFile.getCurrentContext();
             URI dockerHostUri = dockerHost != null
                 ? dockerHost
-                : resolveDockerHost(context);
+                : URI.create(SystemUtils.IS_OS_WINDOWS ? WINDOWS_DEFAULT_DOCKER_HOST : DEFAULT_DOCKER_HOST);
 
             return new DefaultDockerClientConfig(dockerHostUri, dockerConfigFile, dockerConfig, apiVersion, registryUrl, registryUsername,
                     registryPassword, registryEmail, sslConfig);
@@ -473,14 +496,6 @@ private DockerConfigFile readDockerConfig() {
             }
         }
 
-        private URI resolveDockerHost(String dockerContext) {
-            return URI.create(Optional.ofNullable(dockerContext)
-                .flatMap(context -> DockerContextMetaFile.resolveContextMetaFile(
-                    DockerClientConfig.getDefaultObjectMapper(), new File(dockerConfig), context))
-                .flatMap(DockerContextMetaFile::host)
-                .orElse(SystemUtils.IS_OS_WINDOWS ? WINDOWS_DEFAULT_DOCKER_HOST : DEFAULT_DOCKER_HOST));
-        }
-
         private String checkDockerCertPath(String dockerCertPath) {
             if (StringUtils.isEmpty(dockerCertPath)) {
                 throw new DockerClientException(
diff --git a/docker-java-core/src/main/java/com/github/dockerjava/core/DockerContextMetaFile.java b/docker-java-core/src/main/java/com/github/dockerjava/core/DockerContextMetaFile.java
@@ -18,6 +18,9 @@ public class DockerContextMetaFile {
     @JsonProperty("Endpoints")
     Endpoints endpoints;
 
+    @JsonProperty("Storage")
+    Storage storage;
+
     public static class Endpoints {
         @JsonProperty("docker")
         Docker docker;
@@ -31,11 +34,12 @@ public static class Docker {
         }
     }
 
-    public Optional<String> host() {
-        if (endpoints != null && endpoints.docker != null) {
-            return Optional.ofNullable(endpoints.docker.host);
-        }
-        return Optional.empty();
+    public static class Storage {
+
+        @JsonProperty("TLSPath")
+        String tlsPath;
+        @JsonProperty("MetadataPath")
+        String metadataPath;
     }
 
     public static Optional<DockerContextMetaFile> resolveContextMetaFile(ObjectMapper objectMapper, File dockerConfigPath, String context) {
diff --git a/docker-java/src/test/java/com/github/dockerjava/core/DefaultDockerClientConfigTest.java b/docker-java/src/test/java/com/github/dockerjava/core/DefaultDockerClientConfigTest.java
@@ -23,6 +23,7 @@
 import static org.hamcrest.core.Is.is;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
 
 public class DefaultDockerClientConfigTest {
 
@@ -113,6 +114,25 @@ public void dockerContextFromEnvironmentVariable() {
         assertEquals(URI.create("unix:///envvarcontext.sock"), config.getDockerHost());
     }
 
+    @Test
+    public void dockerContextWithDockerHostAndTLS() {
+        // given home directory with docker contexts
+        Properties systemProperties = new Properties();
+        systemProperties.setProperty("user.home", "target/test-classes/dockerContextHomeDir");
+
+        // and an environment variable that overrides docker context
+        Map<String, String> env = new HashMap<>();
+        env.put(DefaultDockerClientConfig.DOCKER_CONTEXT, "remote");
+
+        // when you build a config
+        DefaultDockerClientConfig config = buildConfig(env, systemProperties);
+
+        assertEquals(URI.create("tcp://remote:2376"), config.getDockerHost());
+        assertTrue("SSL config is set", config.getSSLConfig() instanceof LocalDirectorySSLConfig);
+        assertEquals("target/test-classes/com/github/dockerjava/core/util/CertificateUtilsTest/allFilesExist",
+            ((LocalDirectorySSLConfig)config.getSSLConfig()).getDockerCertPath());
+    }
+
     @Test
     public void environment() {
 
diff --git a/docker-java/src/test/resources/dockerContextHomeDir/.docker/contexts/meta/b71199ebd070b36beab7317920c2c2f1d777df8d05e5527d8458fda57cb17a7a/meta.json b/docker-java/src/test/resources/dockerContextHomeDir/.docker/contexts/meta/b71199ebd070b36beab7317920c2c2f1d777df8d05e5527d8458fda57cb17a7a/meta.json
@@ -0,0 +1,15 @@
+{
+    "Name": "remote",
+    "Metadata": {
+        "Description": "remote"
+    },
+    "Endpoints": {
+        "docker": {
+            "Host": "tcp://remote:2376",
+            "SkipTLSVerify": false
+        }
+    },
+    "Storage": {
+        "TLSPath": "target/test-classes/com/github/dockerjava/core/util/CertificateUtilsTest/allFilesExist"
+    }
+}
