2019-11-12 12:35:42 -05:00
|
|
|
package global
|
|
|
|
|
|
|
|
import (
|
2021-07-28 10:26:52 -04:00
|
|
|
"net/http"
|
|
|
|
"net/http/httptest"
|
|
|
|
"strings"
|
2019-11-12 12:35:42 -05:00
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/docker/cli/internal/test/environment"
|
2021-07-28 10:26:52 -04:00
|
|
|
"gotest.tools/v3/assert"
|
2020-02-22 12:12:14 -05:00
|
|
|
"gotest.tools/v3/icmd"
|
|
|
|
"gotest.tools/v3/skip"
|
2019-11-12 12:35:42 -05:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestTLSVerify(t *testing.T) {
|
|
|
|
// Remote daemons use TLS and this test is not applicable when TLS is required.
|
|
|
|
skip.If(t, environment.RemoteDaemon())
|
|
|
|
|
|
|
|
icmd.RunCmd(icmd.Command("docker", "ps")).Assert(t, icmd.Success)
|
|
|
|
|
|
|
|
// Regardless of whether we specify true or false we need to
|
|
|
|
// test to make sure tls is turned on if --tlsverify is specified at all
|
|
|
|
result := icmd.RunCmd(icmd.Command("docker", "--tlsverify=false", "ps"))
|
|
|
|
result.Assert(t, icmd.Expected{ExitCode: 1, Err: "unable to resolve docker endpoint:"})
|
|
|
|
|
|
|
|
result = icmd.RunCmd(icmd.Command("docker", "--tlsverify=true", "ps"))
|
|
|
|
result.Assert(t, icmd.Expected{ExitCode: 1, Err: "ca.pem"})
|
|
|
|
}
|
2021-07-28 10:26:52 -04:00
|
|
|
|
|
|
|
// TestTCPSchemeUsesHTTPProxyEnv verifies that the cli uses HTTP_PROXY if
|
|
|
|
// DOCKER_HOST is set to use the 'tcp://' scheme.
|
|
|
|
//
|
|
|
|
// Prior to go1.16, https:// schemes would use HTTPS_PROXY, and any other
|
|
|
|
// scheme would use HTTP_PROXY. However, golang/net@7b1cca2 (per a request in
|
|
|
|
// golang/go#40909) changed this behavior to only use HTTP_PROXY for http://
|
|
|
|
// schemes, no longer using a proxy for any other scheme.
|
|
|
|
//
|
|
|
|
// Docker uses the tcp:// scheme as a default for API connections, to indicate
|
|
|
|
// that the API is not "purely" HTTP. Various parts in the code also *require*
|
|
|
|
// this scheme to be used. While we could change the default and allow http(s)
|
|
|
|
// schemes to be used, doing so will take time, taking into account that there
|
|
|
|
// are many installs in existence that have tcp:// configured as DOCKER_HOST.
|
|
|
|
//
|
|
|
|
// Note that due to Golang's use of sync.Once for proxy-detection, this test
|
|
|
|
// cannot be done as a unit-test, hence it being an e2e test.
|
|
|
|
func TestTCPSchemeUsesHTTPProxyEnv(t *testing.T) {
|
|
|
|
const responseJSON = `{"Version": "99.99.9", "ApiVersion": "1.41", "MinAPIVersion": "1.12"}`
|
|
|
|
var received string
|
|
|
|
proxyServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
received = r.Host
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
_, _ = w.Write([]byte(responseJSON))
|
|
|
|
}))
|
|
|
|
defer proxyServer.Close()
|
|
|
|
|
|
|
|
// Configure the CLI to use our proxyServer. DOCKER_HOST can point to any
|
|
|
|
// address (as it won't be connected to), but must use tcp:// for this test,
|
|
|
|
// to verify it's using HTTP_PROXY.
|
|
|
|
result := icmd.RunCmd(
|
|
|
|
icmd.Command("docker", "version", "--format", "{{ .Server.Version }}"),
|
|
|
|
icmd.WithEnv("HTTP_PROXY="+proxyServer.URL, "DOCKER_HOST=tcp://docker.acme.example.com:2376"),
|
|
|
|
)
|
|
|
|
// Verify the command ran successfully, and that it connected to the proxyServer
|
|
|
|
result.Assert(t, icmd.Success)
|
|
|
|
assert.Equal(t, strings.TrimSpace(result.Stdout()), "99.99.9")
|
|
|
|
assert.Equal(t, received, "docker.acme.example.com:2376")
|
|
|
|
}
|