Merge pull request #3935 from csrwng/docker_tls

OpenShift Bot · OpenShift Bot · commit 8e1fb749f125 · 2015-07-28T18:06:49.000-04:00
Merged by openshift-bot
diff --git a/pkg/cmd/util/docker/docker.go b/pkg/cmd/util/docker/docker.go
@@ -2,8 +2,9 @@ package docker
 
 import (
 	"os"
+	"path"
 
-	"github.com/fsouza/go-dockerclient"
+	docker "github.com/fsouza/go-dockerclient"
 	"github.com/golang/glog"
 	"github.com/spf13/pflag"
 )
@@ -26,10 +27,16 @@ func (_ *Helper) InstallFlags(flags *pflag.FlagSet) {
 
 // GetClient returns a valid Docker client, the address of the client, or an error
 // if the client couldn't be created.
-func (_ *Helper) GetClient() (*docker.Client, string, error) {
-	addr := getDockerEndpoint("")
-	client, err := docker.NewClient(addr)
-	return client, addr, err
+func (_ *Helper) GetClient() (client *docker.Client, endpoint string, err error) {
+	cfg := getDockerConfig("")
+	endpoint = cfg.Endpoint
+
+	if cfg.IsTLS() {
+		client, err = docker.NewTLSClient(cfg.Endpoint, cfg.Cert(), cfg.Key(), cfg.CA())
+		return
+	}
+	client, err = docker.NewClient(cfg.Endpoint)
+	return
 }
 
 // GetClientOrExit returns a valid Docker client and the address of the client,
@@ -42,15 +49,39 @@ func (h *Helper) GetClientOrExit() (*docker.Client, string) {
 	return client, addr
 }
 
-func getDockerEndpoint(dockerEndpoint string) string {
-	var endpoint string
+type dockerConfig struct {
+	Endpoint string
+	CertPath string
+}
+
+func (c *dockerConfig) IsTLS() bool {
+	return len(c.CertPath) > 0
+}
+
+func (c *dockerConfig) Cert() string {
+	return path.Join(c.CertPath, "cert.pem")
+}
+
+func (c *dockerConfig) Key() string {
+	return path.Join(c.CertPath, "key.pem")
+}
+
+func (c *dockerConfig) CA() string {
+	return path.Join(c.CertPath, "ca.pem")
+}
+
+func getDockerConfig(dockerEndpoint string) *dockerConfig {
+	cfg := &dockerConfig{}
 	if len(dockerEndpoint) > 0 {
-		endpoint = dockerEndpoint
+		cfg.Endpoint = dockerEndpoint
 	} else if len(os.Getenv("DOCKER_HOST")) > 0 {
-		endpoint = os.Getenv("DOCKER_HOST")
+		cfg.Endpoint = os.Getenv("DOCKER_HOST")
 	} else {
-		endpoint = "unix:///var/run/docker.sock"
+		cfg.Endpoint = "unix:///var/run/docker.sock"
 	}
 
-	return endpoint
+	if os.Getenv("DOCKER_TLS_VERIFY") == "1" {
+		cfg.CertPath = os.Getenv("DOCKER_CERT_PATH")
+	}
+	return cfg
 }
