support for Docker contexts to connect to the Docker engine; use --crt-context global flag or DOCKER_CONTEXT env var

kcq · kcq · commit a1e54d612e29 · 2024-09-28T19:59:54.000-07:00
Signed-off-by: Kyle Quest &lt;kcq.public@gmail.com&gt;
diff --git a/README.md b/README.md
@@ -326,6 +326,7 @@ Global options:
 - `--log` - log file to store logs
 - `--host` - Docker host address or socket (prefix with `tcp://` or `unix://`)
 - `--crt-connection` - Container runtime connection (for non-Docker runtimes / for Docker user --host)
+- `--crt-context` - Container runtime context name if supported (for Docker similar to setting '--context' or DOCKER_CONTEXT)
 - `--tls` - use TLS connecting to Docker
 - `--tls-verify` - do TLS verification
 - `--tls-cert-path` - path to TLS cert files
@@ -999,7 +1000,9 @@ If the Docker environment variables are configured to use TLS and to verify the
 
 `mint --tls-verify=false build my/sample-node-app-multi`
 
-You can override all Docker connection options using these flags: `--host`, `--tls`, `--tls-verify`, `--tls-cert-path`. These flags correspond to the standard Docker options (and the environment variables). Note that you can also use the `--host` flag (similar to `DOCKER_HOST`) to point to a Unix socket (e.g., `--host=unix:///var/run/docker.sock`).
+You can override all Docker connection options using these flags: `--host`, `--tls`, `--tls-verify`, `--tls-cert-path`, `--crt-context`. These flags correspond to the standard Docker options (and the environment variables). Note that you can also use the `--host` flag (similar to `DOCKER_HOST`) to point to a Unix socket (e.g., `--host=unix:///var/run/docker.sock`).
+
+The `--crt-context` flag is currently supported with the Docker runtime and it's similar to using the `--context` flag or `DOCKER_CONTEXT`. Note that Mint will use `DOCKER_CONTEXT` if it's configured.
 
 If you want to use TLS with verification:
 
diff --git a/pkg/app/master/command/cliflags.go b/pkg/app/master/command/cliflags.go
@@ -29,6 +29,7 @@ const (
 	FlagTLSCertPath   = "tls-cert-path"
 	FlagHost          = "host"
 	FlagCRTConnection = "crt-connection"
+	FlagCRTContext    = "crt-context"
 	FlagStatePath     = "state-path"
 	FlagInContainer   = "in-container"
 	FlagArchiveState  = "archive-state"
@@ -58,6 +59,7 @@ const (
 	FlagAPIVersionUsage    = "Container runtime API version"
 	FlagHostUsage          = "Docker host address or socket (prefix with 'tcp://' or 'unix://')"
 	FlagCRTConnectionUsage = "Container runtime connection (for non-Docker runtimes / for Docker user --host)"
+	FlagCRTContextUsage    = "Container runtime context name if supported (for Docker similar to setting '--context' or DOCKER_CONTEXT)"
 	FlagStatePathUsage     = "app state base path"
 	FlagInContainerUsage   = "app is running in a container"
 	FlagArchiveStateUsage  = "archive app state to the selected Docker volume (default volume - mint-state). By default, enabled when app is running in a container (disabled otherwise). Set it to 'off' to disable explicitly."
@@ -394,6 +396,12 @@ func GlobalFlags() []cli.Flag {
 			Usage:   FlagCRTConnectionUsage,
 			EnvVars: []string{"DSLIM_CRT_CONN"},
 		},
+		&cli.StringFlag{
+			Name:    FlagCRTContext,
+			Value:   "",
+			Usage:   FlagCRTContextUsage,
+			EnvVars: []string{"DSLIM_CRT_CTX"},
+		},
 		&cli.StringFlag{
 			Name:  FlagStatePath,
 			Value: "",
diff --git a/pkg/app/master/command/clifvgetter.go b/pkg/app/master/command/clifvgetter.go
@@ -392,6 +392,10 @@ func UpdateGlobalFlagValues(appOpts *config.AppOptions, values *GenericParams) *
 		values.CRTConnection = *appOpts.Global.CRTConnection
 	}
 
+	if appOpts.Global.CRTContext != nil {
+		values.CRTContext = *appOpts.Global.CRTContext
+	}
+
 	if appOpts.Global.UseTLS != nil {
 		values.ClientConfig.UseTLS = *appOpts.Global.UseTLS
 	}
@@ -429,6 +433,7 @@ func GlobalFlagValues(ctx *cli.Context) *GenericParams {
 		StatePath:      ctx.String(FlagStatePath),
 		ReportLocation: ctx.String(FlagCommandReport),
 		CRTConnection:  ctx.String(FlagCRTConnection),
+		CRTContext:     ctx.String(FlagCRTContext),
 	}
 
 	if values.ReportLocation == "off" {
@@ -444,16 +449,23 @@ func GlobalFlagValues(ctx *cli.Context) *GenericParams {
 }
 
 func GetDockerClientConfig(ctx *cli.Context) *config.DockerClient {
+	const op = "commands.GetDockerClientConfig"
+
 	config := &config.DockerClient{
+		Context:     ctx.String(FlagCRTContext),
+		Host:        ctx.String(FlagHost),
 		APIVersion:  ctx.String(FlagAPIVersion),
 		UseTLS:      ctx.Bool(FlagUseTLS),
 		VerifyTLS:   ctx.Bool(FlagVerifyTLS),
 		TLSCertPath: ctx.String(FlagTLSCertPath),
-		Host:        ctx.String(FlagHost),
 		Env:         map[string]string{},
 	}
 
 	getEnv := func(name string) {
+		log.WithFields(log.Fields{
+			"op":  op,
+			"var": name,
+		}).Trace("loading")
 		if value, exists := os.LookupEnv(name); exists {
 			config.Env[name] = value
 		}
diff --git a/pkg/app/master/command/cliprompt.go b/pkg/app/master/command/cliprompt.go
@@ -365,6 +365,7 @@ var GlobalFlagSuggestions = []prompt.Suggest{
 	{Text: FullFlagName(FlagTLSCertPath), Description: FlagTLSCertPathUsage},
 	{Text: FullFlagName(FlagHost), Description: FlagHostUsage},
 	{Text: FullFlagName(FlagCRTConnection), Description: FlagCRTConnectionUsage},
+	{Text: FullFlagName(FlagCRTContext), Description: FlagCRTContextUsage},
 	{Text: FullFlagName(FlagAPIVersion), Description: FlagAPIVersionUsage},
 	{Text: FullFlagName(FlagArchiveState), Description: FlagArchiveStateUsage},
 	{Text: FullFlagName(FlagInContainer), Description: FlagInContainerUsage},
diff --git a/pkg/app/master/command/common.go b/pkg/app/master/command/common.go
@@ -72,6 +72,7 @@ type GenericParams struct {
 	IsDSImage      bool
 	ArchiveState   string
 	CRTConnection  string
+	CRTContext     string
 	ClientConfig   *config.DockerClient
 }
 
diff --git a/pkg/app/master/config/config.go b/pkg/app/master/config/config.go
@@ -41,6 +41,7 @@ type GlobalAppOptions struct {
 	StatePath      *string `json:"state_path,omitempty"`
 	ReportLocation *string `json:"report_location,omitempty"`
 	CRTConnection  *string `json:"crt_connection,omitempty"`
+	CRTContext     *string `json:"crt_context,omitempty"`
 	ArchiveState   *string `json:"archive_state,omitempty"`
 }
 
@@ -145,6 +146,7 @@ type DockerClient struct {
 	TLSCertPath string
 	Host        string
 	APIVersion  string
+	Context     string
 	Env         map[string]string
 }
 
diff --git a/pkg/crt/docker/dockerclient/client.go b/pkg/crt/docker/dockerclient/client.go
@@ -4,6 +4,7 @@ import (
 	"errors"
 	"fmt"
 	"os"
+	"os/user"
 	"path/filepath"
 	"strings"
 
@@ -17,6 +18,8 @@ import (
 )
 
 const (
+	EnvDockerConfig      = "DOCKER_CONFIG"
+	EnvDockerContext     = "DOCKER_CONTEXT"
 	EnvDockerAPIVer      = "DOCKER_API_VERSION"
 	EnvDockerHost        = "DOCKER_HOST"
 	EnvDockerTLSVerify   = "DOCKER_TLS_VERIFY"
@@ -31,14 +34,34 @@ var EnvVarNames = []string{
 	EnvDockerTLSVerify,
 	EnvDockerCertPath,
 	EnvDockerAPIVer,
+	EnvDockerContext,
 }
 
 var (
 	ErrNoDockerInfo = errors.New("no docker info")
 )
 
+func UserHomeDir() string {
+	output, err := os.UserHomeDir()
+	if err != nil {
+		log.Debugf("dockerclient.UserHomeDir: os.UserHomeDir error - %v", err)
+	}
+
+	if output != "" {
+		return output
+	}
+
+	info, err := user.Current()
+	if err == nil {
+		return info.HomeDir
+	}
+
+	log.Debugf("dockerclient.UserHomeDir: user.Current error - %v", err)
+	return ""
+}
+
 func UserDockerSocket() string {
-	home, _ := os.UserHomeDir()
+	home := UserHomeDir()
 	return filepath.Join(home, unixUserSocketSuffix)
 }
 
@@ -182,6 +205,62 @@ func New(config *config.DockerClient) (*docker.Client, error) {
 		return docker.NewVersionedTLSClientFromBytes(host, cert, key, ca, apiVersion)
 	}
 
+	//NOTE:
+	//go-dockerclient doesn't support DOCKER_CONTEXT natively
+	//so we need to lookup the context first to extract its connection info
+	var currentDockerContext string
+	if dcf, err := ReadConfigFile(ConfigFilePath()); err == nil {
+		currentDockerContext = dcf.CurrentContext
+		log.Debugf("dockerclient.New: currentDockerContext - '%s'", currentDockerContext)
+	} else {
+		log.Debugf("dockerclient.New: ReadConfigFile error - %v", err)
+	}
+
+	contextName := config.Context
+	if contextName == "" {
+		contextName = config.Env[EnvDockerContext]
+	}
+	if contextName == "" &&
+		currentDockerContext != "" &&
+		currentDockerContext != DefaultContextName {
+		contextName = currentDockerContext
+	}
+
+	//note: don't use context host if the host parameter is specified explicitly
+	var contextHost string
+	var contextVerifyTLS bool
+	if contextName != "" {
+		log.Debugf("dockerclient.New: contextName - '%s' - loading contexts", contextName)
+		cmList, err := ListContextsMetadata(ContextsMetaDir())
+		if err == nil {
+			var targetContext *DockerContextMetadata
+			for _, cm := range cmList {
+				if cm.Name == contextName {
+					targetContext = cm
+					break
+				}
+			}
+
+			if targetContext != nil {
+				info := targetContext.Endpoint()
+				if info != nil {
+					contextHost = info.Host
+					if info.SkipTLSVerify {
+						contextVerifyTLS = false
+					} else {
+						contextVerifyTLS = true
+					}
+				} else {
+					log.Debugf("dockerclient.New: endpoint in target context ('%s') not found - %+v", contextName, targetContext)
+				}
+			} else {
+				log.Debugf("dockerclient.New: target context ('%s') not found - %+v", contextName, cmList)
+			}
+		} else {
+			log.Debugf("dockerclient.New: ListContextsMetadata error - %v", err)
+		}
+	}
+
 	switch {
 	case config.Host != "" &&
 		config.UseTLS &&
@@ -268,6 +347,43 @@ func New(config *config.DockerClient) (*docker.Client, error) {
 			client.SkipServerVersionCheck = true
 		}
 
+	case config.Host == "" && config.Env[EnvDockerHost] == "" && contextHost != "":
+		log.Debugf("dockerclient.New: new Docker client - from context ('%s') contextVerifyTLS=%v", contextHost, contextVerifyTLS)
+		if strings.HasPrefix(contextHost, "/") ||
+			strings.HasPrefix(contextHost, "unix://") {
+
+			socketPath := strings.TrimPrefix(contextHost, "unix://")
+			if !HasSocket(socketPath) {
+				log.Errorf("dockerclient.New: new Docker client - from context ('%s') - no unix socket => '%s'", contextHost, socketPath)
+				return nil, ErrNoDockerInfo
+			}
+
+			socketInfo, err := getSocketInfo(socketPath)
+			if err != nil {
+				return nil, err
+			}
+
+			socketInfo.Address = fmt.Sprintf("unix://%s", socketPath)
+
+			if socketInfo.CanRead == false || socketInfo.CanWrite == false {
+				return nil, fmt.Errorf("insufficient socket permissions (can_read=%v can_write=%v)", socketInfo.CanRead, socketInfo.CanWrite)
+			}
+
+			config.Host = socketInfo.Address
+			client, err = docker.NewVersionedClient(config.Host, config.APIVersion)
+			if err != nil {
+				return nil, err
+			}
+
+			if config.APIVersion != "" {
+				client.SkipServerVersionCheck = true
+			}
+
+			log.Debugf("dockerclient.New: new Docker client - from context ('%s') - [7]", contextHost)
+		} else {
+			log.Debugf("dockerclient.New: new Docker client - from context - non-unix socket host (%s) [todo]", contextHost)
+		}
+
 	case config.Host == "" && config.Env[EnvDockerHost] == "":
 		socketInfo, err := GetUnixSocketAddr()
 		if err != nil {
diff --git a/pkg/crt/docker/dockerclient/dockercontext.go b/pkg/crt/docker/dockerclient/dockercontext.go

Original file line number	Diff line number	Diff line change
`@@ -72,6 +72,7 @@ type GenericParams struct {`
`72`	`72`	`IsDSImage bool`
`73`	`73`	`ArchiveState string`
`74`	`74`	`CRTConnection string`
	`75`	`+ CRTContext string`
`75`	`76`	`ClientConfig *config.DockerClient`
`76`	`77`	`}`
`77`	`78`
Original file line number	Diff line number	Diff line change
`@@ -41,6 +41,7 @@ type GlobalAppOptions struct {`
`41`	`41`	StatePath *string `json:"state_path,omitempty"`
`42`	`42`	ReportLocation *string `json:"report_location,omitempty"`
`43`	`43`	CRTConnection *string `json:"crt_connection,omitempty"`
	`44`	+ CRTContext *string `json:"crt_context,omitempty"`
`44`	`45`	ArchiveState *string `json:"archive_state,omitempty"`
`45`	`46`	`}`
`46`	`47`
`@@ -145,6 +146,7 @@ type DockerClient struct {`
`145`	`146`	`TLSCertPath string`
`146`	`147`	`Host string`
`147`	`148`	`APIVersion string`
	`149`	`+ Context string`
`148`	`150`	`Env map[string]string`
`149`	`151`	`}`
`150`	`152`