From 1c1329fc7e256194369f9f6927ba8cd026bc0f37 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 28 Jun 2023 13:56:24 +0200 Subject: [PATCH] cli/flags: add EnvEnableTLS const for "DOCKER_TLS" Add a const to allow documenting the environment variable in code. The location of this const is a bit "unfortunate", due to CLI and Client-config to be spread over the cli/config, cli/config/configfile, and docker/docker/client packages (some options are for the client, others for the CLI), and some reorganizing may be useful for easier consumption. Signed-off-by: Sebastiaan van Stijn --- cli/flags/options.go | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/cli/flags/options.go b/cli/flags/options.go index 03c1f2db2a..6c21b74f8d 100644 --- a/cli/flags/options.go +++ b/cli/flags/options.go @@ -14,6 +14,18 @@ import ( ) const ( + // EnvEnableTLS is the name of the environment variable that can be used + // to enable TLS for client connections. When set to a non-empty value, TLS + // is enabled for API connections using TCP. For backward-compatibility, this + // environment-variable can only be used to enable TLS, not to disable. + // + // Note that TLS is always enabled implicitly if the "--tls-verify" option + // or "DOCKER_TLS_VERIFY" ([github.com/docker/docker/client.EnvTLSVerify]) + // env var is set to, which could be to either enable or disable TLS certification + // validation. In both cases, TLS is enabled but, depending on the setting, + // with verification disabled. + EnvEnableTLS = "DOCKER_TLS" + // DefaultCaFile is the default filename for the CA pem file DefaultCaFile = "ca.pem" // DefaultKeyFile is the default filename for the key pem file @@ -39,8 +51,7 @@ Refer to https://docs.docker.com/go/formatting/ for more information about forma var ( dockerCertPath = os.Getenv(client.EnvOverrideCertPath) dockerTLSVerify = os.Getenv(client.EnvTLSVerify) != "" - // TODO(thaJeztah) the 'DOCKER_TLS' environment variable is not documented, and does not have a const. - dockerTLS = os.Getenv("DOCKER_TLS") != "" + dockerTLS = os.Getenv(EnvEnableTLS) != "" ) // ClientOptions are the options used to configure the client cli.