From 453964466741a1c85fc420c8b40fb5710f40b017 Mon Sep 17 00:00:00 2001 From: Joffrey F Date: Thu, 1 Dec 2016 18:00:15 -0800 Subject: Move ssladapter to transport module Signed-off-by: Joffrey F --- docker/api/client.py | 8 ++--- docker/ssladapter.py | 67 ------------------------------------------ docker/tls.py | 5 ++-- docker/transport/__init__.py | 1 + docker/transport/ssladapter.py | 67 ++++++++++++++++++++++++++++++++++++++++++ tests/unit/ssladapter_test.py | 2 +- 6 files changed, 75 insertions(+), 75 deletions(-) delete mode 100644 docker/ssladapter.py create mode 100644 docker/transport/ssladapter.py diff --git a/docker/api/client.py b/docker/api/client.py index 23e239c..0b4d161 100644 --- a/docker/api/client.py +++ b/docker/api/client.py @@ -17,7 +17,7 @@ from .network import NetworkApiMixin from .service import ServiceApiMixin from .swarm import SwarmApiMixin from .volume import VolumeApiMixin -from .. import auth, ssladapter +from .. import auth from ..constants import (DEFAULT_TIMEOUT_SECONDS, DEFAULT_USER_AGENT, IS_WINDOWS_PLATFORM, DEFAULT_DOCKER_API_VERSION, STREAM_HEADER_SIZE_BYTES, DEFAULT_NUM_POOLS, @@ -25,7 +25,7 @@ from ..constants import (DEFAULT_TIMEOUT_SECONDS, DEFAULT_USER_AGENT, from ..errors import (DockerException, TLSParameterError, create_api_error_from_http_exception) from ..tls import TLSConfig -from ..transport import UnixAdapter +from ..transport import SSLAdapter, UnixAdapter from ..utils import utils, check_resource, update_headers from ..utils.socket import frames_iter try: @@ -121,9 +121,7 @@ class APIClient( if isinstance(tls, TLSConfig): tls.configure_client(self) elif tls: - self._custom_adapter = ssladapter.SSLAdapter( - pool_connections=num_pools - ) + self._custom_adapter = SSLAdapter(pool_connections=num_pools) self.mount('https://', self._custom_adapter) self.base_url = base_url diff --git a/docker/ssladapter.py b/docker/ssladapter.py deleted file mode 100644 index 31f45fc..0000000 --- a/docker/ssladapter.py +++ /dev/null @@ -1,67 +0,0 @@ -""" Resolves OpenSSL issues in some servers: - https://lukasa.co.uk/2013/01/Choosing_SSL_Version_In_Requests/ - https://github.com/kennethreitz/requests/pull/799 -""" -import sys - -from distutils.version import StrictVersion -from requests.adapters import HTTPAdapter - -try: - import requests.packages.urllib3 as urllib3 -except ImportError: - import urllib3 - - -PoolManager = urllib3.poolmanager.PoolManager - -# Monkey-patching match_hostname with a version that supports -# IP-address checking. Not necessary for Python 3.5 and above -if sys.version_info[0] < 3 or sys.version_info[1] < 5: - from backports.ssl_match_hostname import match_hostname - urllib3.connection.match_hostname = match_hostname - - -class SSLAdapter(HTTPAdapter): - '''An HTTPS Transport Adapter that uses an arbitrary SSL version.''' - - def __init__(self, ssl_version=None, assert_hostname=None, - assert_fingerprint=None, **kwargs): - self.ssl_version = ssl_version - self.assert_hostname = assert_hostname - self.assert_fingerprint = assert_fingerprint - super(SSLAdapter, self).__init__(**kwargs) - - def init_poolmanager(self, connections, maxsize, block=False): - kwargs = { - 'num_pools': connections, - 'maxsize': maxsize, - 'block': block, - 'assert_hostname': self.assert_hostname, - 'assert_fingerprint': self.assert_fingerprint, - } - if self.ssl_version and self.can_override_ssl_version(): - kwargs['ssl_version'] = self.ssl_version - - self.poolmanager = PoolManager(**kwargs) - - def get_connection(self, *args, **kwargs): - """ - Ensure assert_hostname is set correctly on our pool - - We already take care of a normal poolmanager via init_poolmanager - - But we still need to take care of when there is a proxy poolmanager - """ - conn = super(SSLAdapter, self).get_connection(*args, **kwargs) - if conn.assert_hostname != self.assert_hostname: - conn.assert_hostname = self.assert_hostname - return conn - - def can_override_ssl_version(self): - urllib_ver = urllib3.__version__.split('-')[0] - if urllib_ver is None: - return False - if urllib_ver == 'dev': - return True - return StrictVersion(urllib_ver) > StrictVersion('1.5') diff --git a/docker/tls.py b/docker/tls.py index 3a0827a..6488bbc 100644 --- a/docker/tls.py +++ b/docker/tls.py @@ -1,7 +1,8 @@ import os import ssl -from . import errors, ssladapter +from . import errors +from .transport import SSLAdapter class TLSConfig(object): @@ -84,7 +85,7 @@ class TLSConfig(object): if self.cert: client.cert = self.cert - client.mount('https://', ssladapter.SSLAdapter( + client.mount('https://', SSLAdapter( ssl_version=self.ssl_version, assert_hostname=self.assert_hostname, assert_fingerprint=self.assert_fingerprint, diff --git a/docker/transport/__init__.py b/docker/transport/__init__.py index d5560b6..abbee18 100644 --- a/docker/transport/__init__.py +++ b/docker/transport/__init__.py @@ -1,5 +1,6 @@ # flake8: noqa from .unixconn import UnixAdapter +from .ssladapter import SSLAdapter try: from .npipeconn import NpipeAdapter from .npipesocket import NpipeSocket diff --git a/docker/transport/ssladapter.py b/docker/transport/ssladapter.py new file mode 100644 index 0000000..31f45fc --- /dev/null +++ b/docker/transport/ssladapter.py @@ -0,0 +1,67 @@ +""" Resolves OpenSSL issues in some servers: + https://lukasa.co.uk/2013/01/Choosing_SSL_Version_In_Requests/ + https://github.com/kennethreitz/requests/pull/799 +""" +import sys + +from distutils.version import StrictVersion +from requests.adapters import HTTPAdapter + +try: + import requests.packages.urllib3 as urllib3 +except ImportError: + import urllib3 + + +PoolManager = urllib3.poolmanager.PoolManager + +# Monkey-patching match_hostname with a version that supports +# IP-address checking. Not necessary for Python 3.5 and above +if sys.version_info[0] < 3 or sys.version_info[1] < 5: + from backports.ssl_match_hostname import match_hostname + urllib3.connection.match_hostname = match_hostname + + +class SSLAdapter(HTTPAdapter): + '''An HTTPS Transport Adapter that uses an arbitrary SSL version.''' + + def __init__(self, ssl_version=None, assert_hostname=None, + assert_fingerprint=None, **kwargs): + self.ssl_version = ssl_version + self.assert_hostname = assert_hostname + self.assert_fingerprint = assert_fingerprint + super(SSLAdapter, self).__init__(**kwargs) + + def init_poolmanager(self, connections, maxsize, block=False): + kwargs = { + 'num_pools': connections, + 'maxsize': maxsize, + 'block': block, + 'assert_hostname': self.assert_hostname, + 'assert_fingerprint': self.assert_fingerprint, + } + if self.ssl_version and self.can_override_ssl_version(): + kwargs['ssl_version'] = self.ssl_version + + self.poolmanager = PoolManager(**kwargs) + + def get_connection(self, *args, **kwargs): + """ + Ensure assert_hostname is set correctly on our pool + + We already take care of a normal poolmanager via init_poolmanager + + But we still need to take care of when there is a proxy poolmanager + """ + conn = super(SSLAdapter, self).get_connection(*args, **kwargs) + if conn.assert_hostname != self.assert_hostname: + conn.assert_hostname = self.assert_hostname + return conn + + def can_override_ssl_version(self): + urllib_ver = urllib3.__version__.split('-')[0] + if urllib_ver is None: + return False + if urllib_ver == 'dev': + return True + return StrictVersion(urllib_ver) > StrictVersion('1.5') diff --git a/tests/unit/ssladapter_test.py b/tests/unit/ssladapter_test.py index 90d4c32..2b7ce52 100644 --- a/tests/unit/ssladapter_test.py +++ b/tests/unit/ssladapter_test.py @@ -1,5 +1,5 @@ import unittest -from docker import ssladapter +from docker.transport import ssladapter try: from backports.ssl_match_hostname import ( -- cgit v1.2.1