profile
viewpoint

Ask questionsCustom SSH Credentials

I can't rely on an ssh agent to provide a private key. Sometimes I need to provide a password, sometimes I need to manually load the key file. But the docker-py code only connects with this in SSHHTTPAdapter:

self.ssh_client.connect(
    parsed.hostname, parsed.port, parsed.username,
)

There is no flexibility here. How am I supposed to connect with a custom key or password? I thought I might hack my way in by reassigning APIClient._custom_adapter to my own subclass of SSHHTTPAdapter, but then I realized the APIClient.__init__ is a huge mess that does way too much. That method would always raise an exception so I would also have to totally reimplement that method in a subclass. This is too much maintenance overhead for my deployment script that I would like to keep as simple as possible.

It should be exposed in SSHHTTPAdapter. I might even recommend doing both of these:

  1. Add optional key and password parameters to SSHHTTPAdapter so you don't have to write your own subclass of it just to use custom credentials
  2. Add optional ssh_client parameter to SSHHTTPAdapter to be used instead of instantiating one in __init__.

It should also be exposed somehow in APIClient.__init__, for example:

  1. Expose password and private key with... a. Explicit parameters (a bit messy considering this is not an SSH specific class) b. General purpose configuration object (dict or better yet custom configuration class)
  2. Enable programmer to provide their own SSHClient to APIClient. This is not ideal for the same reason as 1a.
  3. Enable programmer to provide their own instance of a BaseHTTPAdapter to be used as self._custom_adapter. I think this is the best solution but there are some open questions. Like what's the best way to handle all the usages of base_url when it is no longer required to establish a connection.

I'm happy to take the lead on this and submit a PR, but I would like to get some feedback first.

docker/docker-py

Answer questions shin-

Hi!

You can already provide a custom password through the base_url parameter, e.g. ssh://user:mypassword@host.com:22. For more advanced uses, you should be able to write your own Adapter subclass and pass it to the APIClient through mount() (see the requests doc on that topic). For example,

ssh_adapter = MySSHAdapter(url, key_path)
client = APIClient(base_url='ssh://bogus:22')
client.mount('http+docker://ssh', ssh_adapter)

I think eventually we may want to have the option of passing a private key to the Client instantiation in some form (TBD - maybe something similar to the TLSConfig), but anything beyond that, like first-class adapter modularity, would probably be beyond the scope of what we're trying to do with the library.

Hope that helps!

Related questions

docker.errors.DockerException: Error while fetching server API version: Timeout value connect was Timeout(connect=60, read=60, total=None), but it must be an int or float. hot 42
pip install in virtualenv breaks virtualenv hot 40
AttributeError: 'module' object has no attribute 'PY34' hot 38
pip install in virtualenv breaks virtualenv hot 33
'ImportError: No module named ssl_match_hostname' upon 'import docker' in a Python script hot 28
Not compatible with pywin32 version 225 hot 17
docker client on Python 3.8 is not working hot 11
docker client on Python 3.8 is not working hot 7
TypeError: load_config() got an unexpected keyword argument 'config_dict' hot 6
Issue with creating a docker container while inside a docker container hot 6
"addgroup: The GID `20' is already in use." when running `make docs`
build function gives broken pipe error
ResourceWarning: unclosed <socket.socket>
How to create a mount point in a docker container. hot 4
Support for stacks hot 4
Github User Rank List