Update TLS version configuration code. Tests.

Signed-off-by: Joffrey F <joffrey@docker.com>
2016-06-03 11:01:20 -07:00 · 2016-06-03 11:01:20 -07:00 · e7a8b2fed5
commit e7a8b2fed5
parent 7763122ecb 7fc40dd7cc
4 changed files with 49 additions and 4 deletions
--- a/compose/cli/command.py
+++ b/compose/cli/command.py
@ -4,6 +4,7 @@ from __future__ import unicode_literals
 import logging
 import os
 import re
+import ssl

 import six

@ -46,10 +47,28 @@ def get_config_path_from_options(base_dir, options, environment):
    return None


-def get_client(environment, verbose=False, version=None, tls_config=None, host=None):
+def get_tls_version(environment):
+    compose_tls_version = environment.get('COMPOSE_TLS_VERSION', None)
+    if not compose_tls_version:
+        return None
+
+    tls_attr_name = "PROTOCOL_{}".format(compose_tls_version)
+    if not hasattr(ssl, tls_attr_name):
+        log.warn(
+            'The {} protocol is unavailable. You may need to update your '
+            'version of Python or OpenSSL. Falling back to TLSv1 (default).'
+        )
+        return None
+
+    return getattr(ssl, tls_attr_name)
+
+
+def get_client(environment, verbose=False, version=None, tls_config=None, host=None,
+               tls_version=None):
+
    client = docker_client(
        version=version, tls_config=tls_config, host=host,
-        environment=environment
+        environment=environment, tls_version=get_tls_version(environment)
    )
    if verbose:
        version_info = six.iteritems(client.version())
@ -74,6 +93,7 @@ def get_project(project_dir, config_path=None, project_name=None, verbose=False,
    api_version = environment.get(
        'COMPOSE_API_VERSION',
        API_VERSIONS[config_data.version])
+
    client = get_client(
        verbose=verbose, version=api_version, tls_config=tls_config,
        host=host, environment=environment
--- a/compose/cli/docker_client.py
+++ b/compose/cli/docker_client.py
@ -39,7 +39,8 @@ def tls_config_from_options(options):
    return None


-def docker_client(environment, version=None, tls_config=None, host=None):
+def docker_client(environment, version=None, tls_config=None, host=None,
+                  tls_version=None):
    """
    Returns a docker-py client configured using environment variables
    according to the same logic as the official Docker client.
@ -49,7 +50,7 @@ def docker_client(environment, version=None, tls_config=None, host=None):
                 "Please use COMPOSE_HTTP_TIMEOUT instead.")

    try:
-        kwargs = kwargs_from_env(environment=environment)
+        kwargs = kwargs_from_env(environment=environment, ssl_version=tls_version)
    except TLSParameterError:
        raise UserError(
            "TLS configuration is invalid - make sure your DOCKER_TLS_VERIFY "