profile
viewpoint

Ask questionsCustom SSH Credentials

I can't rely on an ssh agent to provide a private key. Sometimes I need to provide a password, sometimes I need to manually load the key file. But the docker-py code only connects with this in SSHHTTPAdapter:

self.ssh_client.connect(
    parsed.hostname, parsed.port, parsed.username,
)

There is no flexibility here. How am I supposed to connect with a custom key or password? I thought I might hack my way in by reassigning APIClient._custom_adapter to my own subclass of SSHHTTPAdapter, but then I realized the APIClient.__init__ is a huge mess that does way too much. That method would always raise an exception so I would also have to totally reimplement that method in a subclass. This is too much maintenance overhead for my deployment script that I would like to keep as simple as possible.

It should be exposed in SSHHTTPAdapter. I might even recommend doing both of these:

  1. Add optional key and password parameters to SSHHTTPAdapter so you don't have to write your own subclass of it just to use custom credentials
  2. Add optional ssh_client parameter to SSHHTTPAdapter to be used instead of instantiating one in __init__.

It should also be exposed somehow in APIClient.__init__, for example:

  1. Expose password and private key with... a. Explicit parameters (a bit messy considering this is not an SSH specific class) b. General purpose configuration object (dict or better yet custom configuration class)
  2. Enable programmer to provide their own SSHClient to APIClient. This is not ideal for the same reason as 1a.
  3. Enable programmer to provide their own instance of a BaseHTTPAdapter to be used as self._custom_adapter. I think this is the best solution but there are some open questions. Like what's the best way to handle all the usages of base_url when it is no longer required to establish a connection.

I'm happy to take the lead on this and submit a PR, but I would like to get some feedback first.

docker/docker-py

Answer questions shin-

Hi!

You can already provide a custom password through the base_url parameter, e.g. ssh://user:mypassword@host.com:22. For more advanced uses, you should be able to write your own Adapter subclass and pass it to the APIClient through mount() (see the requests doc on that topic). For example,

ssh_adapter = MySSHAdapter(url, key_path)
client = APIClient(base_url='ssh://bogus:22')
client.mount('http+docker://ssh', ssh_adapter)

I think eventually we may want to have the option of passing a private key to the Client instantiation in some form (TBD - maybe something similar to the TLSConfig), but anything beyond that, like first-class adapter modularity, would probably be beyond the scope of what we're trying to do with the library.

Hope that helps!

useful!

Related questions

Not compatible with pywin32 version 225 hot 1
"addgroup: The GID `20' is already in use." when running `make docs` hot 1
build function gives broken pipe error hot 1
docker client on Python 3.8 is not working hot 1
pip install in virtualenv breaks virtualenv hot 1
pip install in virtualenv breaks virtualenv hot 1
TypeError: load_config() got an unexpected keyword argument 'config_dict' hot 1
requests.exceptions.ConnectionError: ('Connection aborted.', FileNotFoundError(2, 'No such file or directory')) hot 1
WaitNamedPipe API call in the npipesocket.py module doesn't work correctly from inside a Windows container hot 1
Issue with creating a docker container while inside a docker container hot 1
docker-py api client.images.load fails but the cli client works fine hot 1
AttributeError: 'module' object has no attribute 'PY34' hot 1
requests.exceptions.ConnectionError: ('Connection aborted.', FileNotFoundError(2, 'No such file or directory')) hot 1
docker.errors.DockerException: Error while fetching server API version: Timeout value connect was Timeout(connect=60, read=60, total=None), but it must be an int or float. hot 1
docker client on Python 3.8 is not working hot 1
Github User Rank List