2018-07-11 08:39:20 +00:00
|
|
|
package docker
|
|
|
|
|
|
|
|
import (
|
2020-07-07 21:57:52 +00:00
|
|
|
"errors"
|
2019-07-25 22:38:07 +00:00
|
|
|
"fmt"
|
2018-07-11 08:39:20 +00:00
|
|
|
"net/http"
|
|
|
|
"strings"
|
2018-12-12 04:00:15 +00:00
|
|
|
"time"
|
2018-07-11 08:39:20 +00:00
|
|
|
|
|
|
|
"github.com/docker/docker/client"
|
2020-01-29 04:36:28 +00:00
|
|
|
portainer "github.com/portainer/portainer/api"
|
2019-03-21 01:20:14 +00:00
|
|
|
"github.com/portainer/portainer/api/crypto"
|
2018-07-11 08:39:20 +00:00
|
|
|
)
|
|
|
|
|
2020-07-07 21:57:52 +00:00
|
|
|
var errUnsupportedEnvironmentType = errors.New("Environment not supported")
|
|
|
|
|
2018-07-11 08:39:20 +00:00
|
|
|
const (
|
2019-07-23 23:56:31 +00:00
|
|
|
defaultDockerRequestTimeout = 60
|
2020-01-29 04:36:28 +00:00
|
|
|
dockerClientVersion = "1.37"
|
2018-07-11 08:39:20 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// ClientFactory is used to create Docker clients
|
|
|
|
type ClientFactory struct {
|
2019-07-25 22:38:07 +00:00
|
|
|
signatureService portainer.DigitalSignatureService
|
|
|
|
reverseTunnelService portainer.ReverseTunnelService
|
2018-07-11 08:39:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// NewClientFactory returns a new instance of a ClientFactory
|
2019-07-25 22:38:07 +00:00
|
|
|
func NewClientFactory(signatureService portainer.DigitalSignatureService, reverseTunnelService portainer.ReverseTunnelService) *ClientFactory {
|
2018-07-11 08:39:20 +00:00
|
|
|
return &ClientFactory{
|
2019-07-25 22:38:07 +00:00
|
|
|
signatureService: signatureService,
|
|
|
|
reverseTunnelService: reverseTunnelService,
|
2018-07-11 08:39:20 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-07-05 23:21:03 +00:00
|
|
|
// createClient is a generic function to create a Docker client based on
|
2018-10-28 06:06:50 +00:00
|
|
|
// a specific endpoint configuration. The nodeName parameter can be used
|
|
|
|
// with an agent enabled endpoint to target a specific node in an agent cluster.
|
|
|
|
func (factory *ClientFactory) CreateClient(endpoint *portainer.Endpoint, nodeName string) (*client.Client, error) {
|
2020-06-09 02:43:32 +00:00
|
|
|
if endpoint.Type == portainer.AzureEnvironment {
|
2020-07-07 21:57:52 +00:00
|
|
|
return nil, errUnsupportedEnvironmentType
|
2020-06-09 02:43:32 +00:00
|
|
|
} else if endpoint.Type == portainer.AgentOnDockerEnvironment {
|
2018-10-28 06:06:50 +00:00
|
|
|
return createAgentClient(endpoint, factory.signatureService, nodeName)
|
2020-07-05 23:21:03 +00:00
|
|
|
} else if endpoint.Type == portainer.EdgeAgentOnDockerEnvironment {
|
2021-08-09 05:22:41 +00:00
|
|
|
return createEdgeClient(endpoint, factory.signatureService, factory.reverseTunnelService, nodeName)
|
2018-07-11 08:39:20 +00:00
|
|
|
}
|
|
|
|
|
2018-07-20 09:02:06 +00:00
|
|
|
if strings.HasPrefix(endpoint.URL, "unix://") || strings.HasPrefix(endpoint.URL, "npipe://") {
|
|
|
|
return createLocalClient(endpoint)
|
2018-07-11 08:39:20 +00:00
|
|
|
}
|
|
|
|
return createTCPClient(endpoint)
|
|
|
|
}
|
|
|
|
|
2018-07-20 09:02:06 +00:00
|
|
|
func createLocalClient(endpoint *portainer.Endpoint) (*client.Client, error) {
|
2018-07-11 08:39:20 +00:00
|
|
|
return client.NewClientWithOpts(
|
|
|
|
client.WithHost(endpoint.URL),
|
2019-11-12 23:41:42 +00:00
|
|
|
client.WithVersion(dockerClientVersion),
|
2018-07-11 08:39:20 +00:00
|
|
|
)
|
|
|
|
}
|
|
|
|
|
|
|
|
func createTCPClient(endpoint *portainer.Endpoint) (*client.Client, error) {
|
|
|
|
httpCli, err := httpClient(endpoint)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return client.NewClientWithOpts(
|
|
|
|
client.WithHost(endpoint.URL),
|
2019-11-12 23:41:42 +00:00
|
|
|
client.WithVersion(dockerClientVersion),
|
2018-07-11 08:39:20 +00:00
|
|
|
client.WithHTTPClient(httpCli),
|
|
|
|
)
|
|
|
|
}
|
|
|
|
|
2021-08-09 05:22:41 +00:00
|
|
|
func createEdgeClient(endpoint *portainer.Endpoint, signatureService portainer.DigitalSignatureService, reverseTunnelService portainer.ReverseTunnelService, nodeName string) (*client.Client, error) {
|
2019-07-25 22:38:07 +00:00
|
|
|
httpCli, err := httpClient(endpoint)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2021-08-09 05:22:41 +00:00
|
|
|
signature, err := signatureService.CreateSignature(portainer.PortainerAgentSignatureMessage)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
headers := map[string]string{
|
|
|
|
portainer.PortainerAgentPublicKeyHeader: signatureService.EncodedPublicKey(),
|
|
|
|
portainer.PortainerAgentSignatureHeader: signature,
|
|
|
|
}
|
|
|
|
|
2019-07-25 22:38:07 +00:00
|
|
|
if nodeName != "" {
|
|
|
|
headers[portainer.PortainerAgentTargetHeader] = nodeName
|
|
|
|
}
|
|
|
|
|
|
|
|
tunnel := reverseTunnelService.GetTunnelDetails(endpoint.ID)
|
2020-04-27 01:54:37 +00:00
|
|
|
endpointURL := fmt.Sprintf("http://127.0.0.1:%d", tunnel.Port)
|
2019-07-25 22:38:07 +00:00
|
|
|
|
|
|
|
return client.NewClientWithOpts(
|
|
|
|
client.WithHost(endpointURL),
|
2019-11-12 23:41:42 +00:00
|
|
|
client.WithVersion(dockerClientVersion),
|
2019-07-25 22:38:07 +00:00
|
|
|
client.WithHTTPClient(httpCli),
|
|
|
|
client.WithHTTPHeaders(headers),
|
|
|
|
)
|
|
|
|
}
|
|
|
|
|
2018-10-28 06:06:50 +00:00
|
|
|
func createAgentClient(endpoint *portainer.Endpoint, signatureService portainer.DigitalSignatureService, nodeName string) (*client.Client, error) {
|
2018-07-11 08:39:20 +00:00
|
|
|
httpCli, err := httpClient(endpoint)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2018-12-11 22:19:23 +00:00
|
|
|
signature, err := signatureService.CreateSignature(portainer.PortainerAgentSignatureMessage)
|
2018-07-11 08:39:20 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
headers := map[string]string{
|
|
|
|
portainer.PortainerAgentPublicKeyHeader: signatureService.EncodedPublicKey(),
|
|
|
|
portainer.PortainerAgentSignatureHeader: signature,
|
|
|
|
}
|
|
|
|
|
2018-10-28 06:06:50 +00:00
|
|
|
if nodeName != "" {
|
|
|
|
headers[portainer.PortainerAgentTargetHeader] = nodeName
|
|
|
|
}
|
|
|
|
|
2018-07-11 08:39:20 +00:00
|
|
|
return client.NewClientWithOpts(
|
|
|
|
client.WithHost(endpoint.URL),
|
2019-11-12 23:41:42 +00:00
|
|
|
client.WithVersion(dockerClientVersion),
|
2018-07-11 08:39:20 +00:00
|
|
|
client.WithHTTPClient(httpCli),
|
|
|
|
client.WithHTTPHeaders(headers),
|
|
|
|
)
|
|
|
|
}
|
|
|
|
|
|
|
|
func httpClient(endpoint *portainer.Endpoint) (*http.Client, error) {
|
|
|
|
transport := &http.Transport{}
|
|
|
|
|
|
|
|
if endpoint.TLSConfig.TLS {
|
|
|
|
tlsConfig, err := crypto.CreateTLSConfigurationFromDisk(endpoint.TLSConfig.TLSCACertPath, endpoint.TLSConfig.TLSCertPath, endpoint.TLSConfig.TLSKeyPath, endpoint.TLSConfig.TLSSkipVerify)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
transport.TLSClientConfig = tlsConfig
|
|
|
|
}
|
|
|
|
|
|
|
|
return &http.Client{
|
|
|
|
Transport: transport,
|
2019-07-23 23:56:31 +00:00
|
|
|
Timeout: defaultDockerRequestTimeout * time.Second,
|
2018-07-11 08:39:20 +00:00
|
|
|
}, nil
|
|
|
|
}
|