114 lines
3.4 KiB
Python
Executable File
114 lines
3.4 KiB
Python
Executable File
#!/usr/bin/env python3
|
|
"""
|
|
Docker TLS Connection Test Script
|
|
Tests the secure TLS connection to Docker daemon
|
|
"""
|
|
|
|
import os
|
|
import sys
|
|
import docker
|
|
from pathlib import Path
|
|
|
|
|
|
def test_tls_connection():
|
|
"""Test Docker TLS connection"""
|
|
print("Testing Docker TLS connection...")
|
|
|
|
# Configuration from environment or defaults
|
|
docker_host = os.getenv("DOCKER_HOST", "tcp://host.docker.internal:2376")
|
|
ca_cert = os.getenv("DOCKER_CA_CERT", "/etc/docker/certs/ca.pem")
|
|
client_cert = os.getenv("DOCKER_CLIENT_CERT", "/etc/docker/certs/client-cert.pem")
|
|
client_key = os.getenv("DOCKER_CLIENT_KEY", "/etc/docker/certs/client-key.pem")
|
|
|
|
print(f"Docker host: {docker_host}")
|
|
print(f"CA cert: {ca_cert}")
|
|
print(f"Client cert: {client_cert}")
|
|
print(f"Client key: {client_key}")
|
|
|
|
# Check if certificate files exist
|
|
cert_files = [ca_cert, client_cert, client_key]
|
|
missing_files = [f for f in cert_files if not Path(f).exists()]
|
|
|
|
if missing_files:
|
|
print(f"❌ Missing certificate files: {', '.join(missing_files)}")
|
|
print("Run ./docker/scripts/generate-certs.sh to generate certificates")
|
|
return False
|
|
|
|
try:
|
|
# Configure TLS
|
|
tls_config = docker.tls.TLSConfig(
|
|
ca_cert=ca_cert, client_cert=(client_cert, client_key), verify=True
|
|
)
|
|
|
|
# Create Docker client
|
|
client = docker.from_env()
|
|
|
|
# Override with TLS configuration
|
|
client.api = docker.APIClient(
|
|
base_url=docker_host, tls=tls_config, version="auto"
|
|
)
|
|
|
|
# Test connection
|
|
client.ping()
|
|
print("✅ Docker TLS connection successful!")
|
|
|
|
# Get Docker info
|
|
info = client.info()
|
|
print(f"✅ Docker daemon info retrieved")
|
|
print(f" Server Version: {info.get('ServerVersion', 'Unknown')}")
|
|
print(
|
|
f" Containers: {info.get('Containers', 0)} running, {info.get('ContainersStopped', 0)} stopped"
|
|
)
|
|
|
|
return True
|
|
|
|
except docker.errors.DockerException as e:
|
|
print(f"❌ Docker TLS connection failed: {e}")
|
|
return False
|
|
except Exception as e:
|
|
print(f"❌ Unexpected error: {e}")
|
|
return False
|
|
|
|
|
|
def test_container_operations():
|
|
"""Test basic container operations over TLS"""
|
|
print("\nTesting container operations over TLS...")
|
|
|
|
try:
|
|
# This would use the same TLS configuration as the session manager
|
|
from main import SessionManager
|
|
|
|
manager = SessionManager()
|
|
print("✅ SessionManager initialized with TLS")
|
|
|
|
# Test listing containers
|
|
containers = manager.docker_client.containers.list(all=True)
|
|
print(f"✅ Successfully listed containers: {len(containers)} found")
|
|
|
|
return True
|
|
|
|
except Exception as e:
|
|
print(f"❌ Container operations test failed: {e}")
|
|
return False
|
|
|
|
|
|
if __name__ == "__main__":
|
|
print("Docker TLS Security Test")
|
|
print("=" * 40)
|
|
|
|
# Change to the correct directory if running from project root
|
|
if Path("session-manager").exists():
|
|
os.chdir("session-manager")
|
|
|
|
# Run tests
|
|
tls_ok = test_tls_connection()
|
|
ops_ok = test_container_operations() if tls_ok else False
|
|
|
|
print("\n" + "=" * 40)
|
|
if tls_ok and ops_ok:
|
|
print("✅ All tests passed! Docker TLS is properly configured.")
|
|
sys.exit(0)
|
|
else:
|
|
print("❌ Some tests failed. Check configuration and certificates.")
|
|
sys.exit(1)
|