本文整理汇总了Python中docker.tls.TLSConfig方法的典型用法代码示例。如果您正苦于以下问题:Python tls.TLSConfig方法的具体用法?Python tls.TLSConfig怎么用?Python tls.TLSConfig使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类docker.tls的用法示例。
在下文中一共展示了tls.TLSConfig方法的11个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_assert_hostname
# 需要导入模块: from docker import tls [as 别名]
# 或者: from docker.tls import TLSConfig [as 别名]
def test_assert_hostname(tmpdir):
path = str(tmpdir.join('no-manifest'))
create_repo(path)
args = get_defaults()
args['--x-assert-hostname'] = True
tls_config = tls.TLSConfig()
_, _, _, _, _, client = cli.process_arguments(
path, args,
client_cfg={
'base_url': 'https://example.com:443/api/v1/',
'tls': tls_config,
},
environ={'SW_NAMESPACE': 'eg'},
)
assert not client.adapters['https://'].assert_hostname 示例2: create_client
# 需要导入模块: from docker import tls [as 别名]
# 或者: from docker.tls import TLSConfig [as 别名]
def create_client():
"""
Create a client to either a Docker instance.
"""
kwargs = {
"base_url": os.environ.get("DOCKER_HOST"),
"timeout": 15, # wait a bit, but give up before 30s Heroku request timeout
}
if os.environ.get("DOCKER_TLS_VERIFY"):
kwargs["tls"] = TLSConfig(
client_cert=(
env_to_file("DOCKER_CLIENT_CERT"),
env_to_file("DOCKER_CLIENT_KEY"),
),
ca_cert=env_to_file("DOCKER_CA_CERT"),
verify=True,
)
return docker.DockerClient(**kwargs) 示例3: __init__
# 需要导入模块: from docker import tls [as 别名]
# 或者: from docker.tls import TLSConfig [as 别名]
def __init__(self,url='unix://var/run/docker.sock', cert=None, key=None):
super(HostConfAudit, self).__init__()
if cert and key:
tls_config = tls.TLSConfig(verify=False, assert_hostname = False,\
client_cert = (cert, key))
self.cli = Client(base_url = url, tls = tls_config)
else:
self.cli = Client(base_url = url) 示例4: __init__
# 需要导入模块: from docker import tls [as 别名]
# 或者: from docker.tls import TLSConfig [as 别名]
def __init__(self,url='unix://var/run/docker.sock', cert=None, key=None):
super(ContainerImgAudit, self).__init__()
if cert and key:
tls_config = tls.TLSConfig(verify=False, assert_hostname = False,\
client_cert = (cert, key))
print tls_config
self.cli = Client(base_url = url, tls = tls_config)
else:
self.cli = Client(base_url = url)
self.running = self.running_containers() 示例5: __get_tls_config
# 需要导入模块: from docker import tls [as 别名]
# 或者: from docker.tls import TLSConfig [as 别名]
def __get_tls_config(self):
tls_config = None
if self.tls_ca_cert and self.tls_client_cert and self.tls_client_key:
# Ignore type error on SSL version here - it is deprecated and type annotation is wrong
# it should be string
# noinspection PyTypeChecker
tls_config = tls.TLSConfig(
ca_cert=self.tls_ca_cert,
client_cert=(self.tls_client_cert, self.tls_client_key),
verify=True,
ssl_version=self.tls_ssl_version, # type: ignore
assert_hostname=self.tls_hostname
)
self.docker_url = self.docker_url.replace('tcp://', 'https://')
return tls_config 示例6: get_docker_client
# 需要导入模块: from docker import tls [as 别名]
# 或者: from docker.tls import TLSConfig [as 别名]
def get_docker_client(cluster, address):
"""
Open a Docker client to the given address.
:param Cluster cluster: Description of the cluster we're talking to.
:param bytes address: The public IP of the node to connect to.
:return: Docker ``Client`` instance.
"""
def get_path(name):
return cluster.certificates_path.child(name).path
tls = TLSConfig(
# XXX Hardcoded certificate filenames mean that this will only work on
# clusters where Docker is configured to use the Flocker certificates.
client_cert=(get_path(b"user.crt"), get_path(b"user.key")),
# Blows up if not set
# (https://github.com/shazow/urllib3/issues/695):
ssl_version=ssl.PROTOCOL_TLSv1,
# Don't validate hostname, we don't generate it correctly, but
# do verify certificate authority signed the server certificate:
assert_hostname=False,
verify=get_path(b"cluster.crt"))
return dockerpy_client(
base_url="https://{}:{}".format(address, DOCKER_PORT),
tls=tls, timeout=100, version='1.21',
) 示例7: connect
# 需要导入模块: from docker import tls [as 别名]
# 或者: from docker.tls import TLSConfig [as 别名]
def connect(self):
if self.config.docker_tls:
try:
cert_paths = {
'cert_top_dir': '/etc/docker/certs.d/',
'clean_socket': self.socket.split('//')[1]
}
cert_paths['cert_dir'] = join(cert_paths['cert_top_dir'], cert_paths['clean_socket'])
cert_paths['cert_files'] = {
'client_cert': join(cert_paths['cert_dir'], 'client.cert'),
'client_key': join(cert_paths['cert_dir'], 'client.key'),
'ca_crt': join(cert_paths['cert_dir'], 'ca.crt')
}
if not isdir(cert_paths['cert_dir']):
self.logger.error('%s is not a valid cert folder', cert_paths['cert_dir'])
raise ValueError
for cert_file in cert_paths['cert_files'].values():
if not isfile(cert_file):
self.logger.error('%s does not exist', cert_file)
raise ValueError
tls_config = tls.TLSConfig(
ca_cert=cert_paths['cert_files']['ca_crt'],
verify=cert_paths['cert_files']['ca_crt'] if self.config.docker_tls_verify else False,
client_cert=(cert_paths['cert_files']['client_cert'], cert_paths['cert_files']['client_key'])
)
client = DockerClient(base_url=self.socket, tls=tls_config)
except ValueError:
self.logger.error('Invalid Docker TLS config for %s, reverting to unsecured', self.socket)
client = DockerClient(base_url=self.socket)
else:
client = DockerClient(base_url=self.socket)
return client 示例8: __init__
# 需要导入模块: from docker import tls [as 别名]
# 或者: from docker.tls import TLSConfig [as 别名]
def __init__(self, swarm_url, swarm_tls_ca_cert, swarm_tls_cert,
swarm_tls_key, swarm_allow_insecure, app_info, netscaler):
tls_config = False
if not swarm_allow_insecure:
if swarm_url.startswith("tcp"):
swarm_url = swarm_url.replace("tcp", "https")
logger.info("Using swarm url %s" % swarm_url)
tls_config = tls.TLSConfig(client_cert=(swarm_tls_cert,
swarm_tls_key),
verify=swarm_tls_ca_cert,
assert_hostname=False)
self.client = Client(base_url=swarm_url, tls=tls_config)
self.app_info = app_info
self.netskaler = netscaler
self.lock = threading.Lock() 示例9: __get_tls_config
# 需要导入模块: from docker import tls [as 别名]
# 或者: from docker.tls import TLSConfig [as 别名]
def __get_tls_config(self):
tls_config = None
if self.tls_ca_cert and self.tls_client_cert and self.tls_client_key:
tls_config = tls.TLSConfig(
ca_cert=self.tls_ca_cert,
client_cert=(self.tls_client_cert, self.tls_client_key),
verify=True,
ssl_version=self.tls_ssl_version,
assert_hostname=self.tls_hostname,
)
self.docker_url = self.docker_url.replace('tcp://', 'https://')
return tls_config 示例10: connect
# 需要导入模块: from docker import tls [as 别名]
# 或者: from docker.tls import TLSConfig [as 别名]
def connect(self):
if self.config.docker_tls:
try:
cert_paths = {
'cert_top_dir': '/etc/docker/certs.d/',
'clean_socket': self.socket.split('//')[1],
}
cert_paths['cert_dir'] = join(cert_paths['cert_top_dir'], cert_paths['clean_socket'])
cert_paths['cert_files'] = {
'client_cert': join(cert_paths['cert_dir'], 'client.cert'),
'client_key': join(cert_paths['cert_dir'], 'client.key'),
'ca_crt': join(cert_paths['cert_dir'], 'ca.crt'),
}
if not isdir(cert_paths['cert_dir']):
self.logger.error('%s is not a valid cert folder', cert_paths['cert_dir'])
raise ValueError
for cert_file in cert_paths['cert_files'].values():
if not isfile(cert_file):
self.logger.error('%s does not exist', cert_file)
raise ValueError
tls_config = tls.TLSConfig(
ca_cert=cert_paths['cert_files']['ca_crt'],
verify=cert_paths['cert_files']['ca_crt'] if self.config.docker_tls_verify else False,
client_cert=(cert_paths['cert_files']['client_cert'], cert_paths['cert_files']['client_key']),
)
client = DockerClient(base_url=self.socket, tls=tls_config)
except ValueError:
self.logger.error('Invalid Docker TLS config for %s, reverting to unsecured', self.socket)
client = DockerClient(base_url=self.socket)
else:
client = DockerClient(base_url=self.socket)
return client 示例11: tls_config_from_options
# 需要导入模块: from docker import tls [as 别名]
# 或者: from docker.tls import TLSConfig [as 别名]
def tls_config_from_options(options, environment=None):
environment = environment or Environment()
cert_path = environment.get('DOCKER_CERT_PATH') or None
tls = options.get('--tls', False)
ca_cert = unquote_path(options.get('--tlscacert'))
cert = unquote_path(options.get('--tlscert'))
key = unquote_path(options.get('--tlskey'))
# verify is a special case - with docopt `--tlsverify` = False means it
# wasn't used, so we set it if either the environment or the flag is True
# see https://github.com/docker/compose/issues/5632
verify = options.get('--tlsverify') or environment.get_boolean('DOCKER_TLS_VERIFY')
skip_hostname_check = options.get('--skip-hostname-check', False)
if cert_path is not None and not any((ca_cert, cert, key)):
# FIXME: Modify TLSConfig to take a cert_path argument and do this internally
cert = os.path.join(cert_path, 'cert.pem')
key = os.path.join(cert_path, 'key.pem')
ca_cert = os.path.join(cert_path, 'ca.pem')
if verify and not any((ca_cert, cert, key)):
# Default location for cert files is ~/.docker
ca_cert = os.path.join(default_cert_path(), 'ca.pem')
cert = os.path.join(default_cert_path(), 'cert.pem')
key = os.path.join(default_cert_path(), 'key.pem')
tls_version = get_tls_version(environment)
advanced_opts = any([ca_cert, cert, key, verify, tls_version])
if tls is True and not advanced_opts:
return True
elif advanced_opts: # --tls is a noop
client_cert = None
if cert or key:
client_cert = (cert, key)
return TLSConfig(
client_cert=client_cert, verify=verify, ca_cert=ca_cert,
assert_hostname=False if skip_hostname_check else None,
ssl_version=tls_version
)
return None