Allow to connect to docker daemons without certificates but using tls

crt-fork · Sep 15, 2017 · e9e20a5 · e9e20a5
1 parent 6ac9784
commit e9e20a5
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 5 deletions.
diff --git a/docker/local_cached_factory.go b/docker/local_cached_factory.go
@@ -83,14 +83,16 @@ func (f *localCachedFactory) GetForInstance(instance *types.Instance) (DockerApi
 	// Need to create client to the DinD docker daemon
 	// We check if the client needs to use TLS
 	var tlsConfig *tls.Config
-	if len(instance.Cert) > 0 && len(instance.Key) > 0 {
+	if (len(instance.Cert) > 0 && len(instance.Key) > 0) || instance.Tls {
 		tlsConfig = tlsconfig.ClientDefault()
 		tlsConfig.InsecureSkipVerify = true
-		tlsCert, err := tls.X509KeyPair(instance.Cert, instance.Key)
-		if err != nil {
-			return nil, fmt.Errorf("Could not load X509 key pair: %v. Make sure the key is not encrypted", err)
+		if len(instance.Cert) > 0 && len(instance.Key) > 0 {
+			tlsCert, err := tls.X509KeyPair(instance.Cert, instance.Key)
+			if err != nil {
+				return nil, fmt.Errorf("Could not load X509 key pair: %v. Make sure the key is not encrypted", err)
+			}
+			tlsConfig.Certificates = []tls.Certificate{tlsCert}
 		}
-		tlsConfig.Certificates = []tls.Certificate{tlsCert}
 	}
 
 	proxyUrl, _ := url.Parse("http://l2:443")

diff --git a/pwd/session.go b/pwd/session.go
@@ -41,6 +41,7 @@ type SessionSetupInstanceConf struct {
 	IsSwarmWorker  bool       `json:"is_swarm_worker"`
 	Type           string     `json:"type"`
 	Run            [][]string `json:"run"`
+	Tls            bool       `json:"tls"`
 }
 
 func (p *pwd) SessionNew(duration time.Duration, stack, stackName, imageName string) (*types.Session, error) {
@@ -241,6 +242,7 @@ func (p *pwd) SessionSetup(session *types.Session, sconf SessionSetupConf) error
 				Hostname:       conf.Hostname,
 				PlaygroundFQDN: sconf.PlaygroundFQDN,
 				Type:           conf.Type,
+				Tls:            conf.Tls,
 			}
 			i, err := p.InstanceNew(session, instanceConf)
 			if err != nil {

diff --git a/pwd/types/instance.go b/pwd/types/instance.go
@@ -13,6 +13,7 @@ type Instance struct {
 	CACert      []byte          `json:"ca_cert" bson:"ca_cert"`
 	Cert        []byte          `json:"cert" bson:"cert"`
 	Key         []byte          `json:"key" bson:"key"`
+	Tls         bool            `json:"tls" bson:"tls"`
 	SessionId   string          `json:"session_id" bson:"session_id"`
 	ProxyHost   string          `json:"proxy_host" bson:"proxy_host"`
 	SessionHost string          `json:"session_host" bson:"session_host"`
@@ -34,6 +35,7 @@ type InstanceConfig struct {
 	CACert         []byte
 	Cert           []byte
 	Key            []byte
+	Tls            bool
 	PlaygroundFQDN string
 	Type           string
 }