search

arquillian / arquillian-cube

Control (docker, kubernetes, openshift) containers in your tests with ease!
http://arquillian.org/arquillian-cube/
120 stars 98 forks source link

TLS verification is not configured correctly #662

Closed jamesnetherton closed 7 years ago

jamesnetherton commented 7 years ago
Issue Overview

I chose to run my test suite against a Docker daemon that's running within a VM. I have the following environment variables configured:

DOCKER_HOST=tcp://192.168.42.10:2376
DOCKER_TLS_VERIFY=1
DOCKER_CERT_PATH=/home/james/.minishift/certs

My expectation would be that Arquillian Cube uses HTTPs to talk to the Docker REST API. But it seems to be trying to use plain HTTP.

If I debug my way through CubeDockerConfigurationResolver.resolveTlsVerification it seems DOCKER_TLS_VERIFY is ignored and my DOCKER_CERT_PATH configuration is eventually removed from the config map.

Is the following code correct? The TLS_VERIFY config map key will never equal true if DOCKER_HOST has the tcp:// scheme. Should we not be checking for the presence of DOCKER_TLS_VERIFY?

config.put(CubeDockerConfiguration.TLS_VERIFY, Boolean.toString(scheme.equals(HTTPS_SCHEME)));
Expected Behaviour

DOCKER_TLS_VERIFY is respected and HTTPS is used.

Current Behaviour

DOCKER_TLS_VERIFY is not respected and HTTP is used.

Steps To Reproduce
  1. Create a simple Arquillian Cube unit test
  2. Test against a remote Docker Dameon. I used the Minishift VM with env vars set via eval $(minishift docker-env)
lordofthejars commented 7 years ago

Are you running the test in IDE or CLI?

jamesnetherton commented 7 years ago

From the command line.

lordofthejars commented 7 years ago

Ok, thanks I am going to try to reproduce with a JUnit test :)

lordofthejars commented 7 years ago

your arquillian.xml is empty right? I mean you are not setting there any cert path

lordofthejars commented 7 years ago

And you are running in Linux or Mac/Windows?

jamesnetherton commented 7 years ago

Running on Linux. Here's my arquillian.xml config for the docker extension:

    <extension qualifier="docker">
        <property name="autoStartContainers">[none]</property>
        <property name="definitionFormat">CUBE</property>
        <property name="dockerContainers">
            nats:
                image: nats:0.9.6
                portBindings: [
                    4222->4222/tcp
                ]
                await:
                    strategy: log
                    match: 'Server is ready'
                    stdOut: true
                    stdErr: true
                    timeout: 15
        </property>
    </extension>

Then I have the following environment variables set:

DOCKER_TLS_VERIFY=1
DOCKER_HOST=tcp://192.168.42.76:2376
DOCKER_CERT_PATH=/home/james/.minishift/certs
DOCKER_API_VERSION=1.23

Should also mention that the test is running in-container with WildFly.

lordofthejars commented 7 years ago

Can you try if this version https://github.com/arquillian/arquillian-cube/pull/667 works for you? I have been able to reproduce in a unit test but I have no linux to test it.

jamesnetherton commented 7 years ago

That seems to work much better. Thanks!

jamesnetherton commented 7 years ago

Any chance of having a new release soon?

lordofthejars commented 7 years ago

Let's see if we can do it this week. cc/ @bartoszmajsak

bartoszmajsak commented 7 years ago

Whenever you say it's ready @lordofthejars