docker related

docker/scripts/test-tls-connection.py

@@ -0,0 +1,113 @@
+#!/usr/bin/env python3
+"""
+Docker TLS Connection Test Script
+Tests the secure TLS connection to Docker daemon
+"""
+
+import os
+import sys
+import docker
+from pathlib import Path
+
+
+def test_tls_connection():
+    """Test Docker TLS connection"""
+    print("Testing Docker TLS connection...")
+
+    # Configuration from environment or defaults
+    docker_host = os.getenv("DOCKER_HOST", "tcp://host.docker.internal:2376")
+    ca_cert = os.getenv("DOCKER_CA_CERT", "/etc/docker/certs/ca.pem")
+    client_cert = os.getenv("DOCKER_CLIENT_CERT", "/etc/docker/certs/client-cert.pem")
+    client_key = os.getenv("DOCKER_CLIENT_KEY", "/etc/docker/certs/client-key.pem")
+
+    print(f"Docker host: {docker_host}")
+    print(f"CA cert: {ca_cert}")
+    print(f"Client cert: {client_cert}")
+    print(f"Client key: {client_key}")
+
+    # Check if certificate files exist
+    cert_files = [ca_cert, client_cert, client_key]
+    missing_files = [f for f in cert_files if not Path(f).exists()]
+
+    if missing_files:
+        print(f"❌ Missing certificate files: {', '.join(missing_files)}")
+        print("Run ./docker/scripts/generate-certs.sh to generate certificates")
+        return False
+
+    try:
+        # Configure TLS
+        tls_config = docker.tls.TLSConfig(
+            ca_cert=ca_cert, client_cert=(client_cert, client_key), verify=True
+        )
+
+        # Create Docker client
+        client = docker.from_env()
+
+        # Override with TLS configuration
+        client.api = docker.APIClient(
+            base_url=docker_host, tls=tls_config, version="auto"
+        )
+
+        # Test connection
+        client.ping()
+        print("✅ Docker TLS connection successful!")
+
+        # Get Docker info
+        info = client.info()
+        print(f"✅ Docker daemon info retrieved")
+        print(f"   Server Version: {info.get('ServerVersion', 'Unknown')}")
+        print(
+            f"   Containers: {info.get('Containers', 0)} running, {info.get('ContainersStopped', 0)} stopped"
+        )
+
+        return True
+
+    except docker.errors.DockerException as e:
+        print(f"❌ Docker TLS connection failed: {e}")
+        return False
+    except Exception as e:
+        print(f"❌ Unexpected error: {e}")
+        return False
+
+
+def test_container_operations():
+    """Test basic container operations over TLS"""
+    print("\nTesting container operations over TLS...")
+
+    try:
+        # This would use the same TLS configuration as the session manager
+        from main import SessionManager
+
+        manager = SessionManager()
+        print("✅ SessionManager initialized with TLS")
+
+        # Test listing containers
+        containers = manager.docker_client.containers.list(all=True)
+        print(f"✅ Successfully listed containers: {len(containers)} found")
+
+        return True
+
+    except Exception as e:
+        print(f"❌ Container operations test failed: {e}")
+        return False
+
+
+if __name__ == "__main__":
+    print("Docker TLS Security Test")
+    print("=" * 40)
+
+    # Change to the correct directory if running from project root
+    if Path("session-manager").exists():
+        os.chdir("session-manager")
+
+    # Run tests
+    tls_ok = test_tls_connection()
+    ops_ok = test_container_operations() if tls_ok else False
+
+    print("\n" + "=" * 40)
+    if tls_ok and ops_ok:
+        print("✅ All tests passed! Docker TLS is properly configured.")
+        sys.exit(0)
+    else:
+        print("❌ Some tests failed. Check configuration and certificates.")
+        sys.exit(1)