Add TLS and Docker 1.3 support

Dockerfile

@@ -1,6 +1,7 @@
 FROM golang:1.3-cross
-ADD . /opt/docker-volumes
-WORKDIR /opt/docker-volumes
+ADD . /go/src/github.com/cpuguy83/docker-volumes
+WORKDIR /go/src/github.com/cpuguy83/docker-volumes
 ENV GOOS linux
 ENV GOARCH amd64
-ENTRYPOINT ["/opt/docker-volumes/make.sh"]
+RUN go get
+ENTRYPOINT ["/go/src/github.com/cpuguy83/docker-volumes/make.sh"]

README.md

@@ -42,14 +42,14 @@ yourself.
 ```bash
 docker build -t docker-volumes git@github.com:cpuguy83/docker-volumes.git
 docker run --name docker-volumes docker-volumes
-docker cp docker-volumes:/opt/docker-volumes/docker-volumes ./
+docker cp docker-volumes:/docker-volumes ./
 ```
 
 By default when compiling from the Dockerfile it will compile for linux/amd64.
 You can customize this using environment variables as such:
 
 ```bash
-docker run -d --name docker-volumes -e GOOS=darwin -e GOARCH=amd64 docker-volumes
+docker run --name docker-volumes -e GOOS=darwin -e GOARCH=amd64 docker-volumes
 ```
 
 This would make a binary for darwin/amd64 (OSX), available for `docker cp` at the

commands.go

@@ -16,7 +16,7 @@ import (
 func volumeList(ctx *cli.Context) {
 	docker := getDockerClient(ctx)
 
-	volumes := setup(docker)
+	volumes := setup(docker, ctx.GlobalString("docker-root"))
 
 	if ctx.Bool("quiet") {
 		var out []string
@@ -51,7 +51,7 @@ func volumeInspect(ctx *cli.Context) {
 	}
 
 	docker := getDockerClient(ctx)
-	volumes := setup(docker)
+	volumes := setup(docker, ctx.GlobalString("docker-root"))
 
 	v := volumes.Find(ctx.Args()[0])
 	vJson, err := json.MarshalIndent(v, "", "	")
@@ -70,7 +70,7 @@ func volumeRm(ctx *cli.Context) {
 	}
 
 	docker := getDockerClient(ctx)
-	volumes := setup(docker)
+	volumes := setup(docker, ctx.GlobalString("docker-root"))
 	for _, name := range ctx.Args() {
 
 		v := volumes.Find(name)
@@ -118,7 +118,7 @@ func volumeExport(ctx *cli.Context) {
 		os.Exit(1)
 	}
 	docker := getDockerClient(ctx)
-	volumes := setup(docker)
+	volumes := setup(docker, ctx.GlobalString("docker-root"))
 
 	name := ctx.Args()[0]
 	v := volumes.Find(name)

main.go

@@ -3,7 +3,10 @@ package main
 import (
 	"bufio"
 	"bytes"
+	"crypto/tls"
+	"crypto/x509"
 	"fmt"
+	"io/ioutil"
 	"os"
 	"path/filepath"
 
@@ -17,16 +20,50 @@ func main() {
 	app := cli.NewApp()
 	app.Name = "docker-volumes"
 	app.Usage = "The missing volume manager for Docker"
-	app.Version = "1.0.2"
+	app.Version = "1.1.0"
 	app.Author = "Brian Goff"
 	app.Email = "cpuguy83@gmail.com"
+	certPath := os.Getenv("DOCKER_CERT_PATH")
+	if certPath == "" {
+		certPath = filepath.Join(os.Getenv("HOME"), ".docker")
+	}
 	app.Flags = []cli.Flag{
 		cli.StringFlag{
 			Name:   "host, H",
 			Value:  "/var/run/docker.sock",
 			Usage:  "Location of the Docker socket",
 			EnvVar: "DOCKER_HOST",
 		},
+		cli.BoolFlag{
+			Name:   "tls",
+			Usage:  "Enable TLS",
+			EnvVar: "DOCKER_TLS",
+		},
+		cli.StringFlag{
+			Name:   "tlsverify",
+			Usage:  "Enable TLS Server Verification",
+			EnvVar: "DOCKER_TLS_VERIFY",
+		},
+		cli.StringFlag{
+			Name:  "tlscacert",
+			Value: filepath.Join(certPath, "ca.pem"),
+			Usage: "Location of tls ca cert",
+		},
+		cli.StringFlag{
+			Name:  "tlscert",
+			Value: filepath.Join(certPath, "cert.pem"),
+			Usage: "Location of tls cert",
+		},
+		cli.StringFlag{
+			Name:  "tlskey",
+			Value: filepath.Join(certPath, "key.pem"),
+			Usage: "Location of tls key",
+		},
+		cli.StringFlag{
+			Name:  "docker-root",
+			Value: "/var/lib/docker",
+			Usage: "Location of the Docker root path",
+		},
 	}
 
 	app.Commands = []cli.Command{
@@ -74,27 +111,55 @@ func main() {
 
 func getDockerClient(ctx *cli.Context) docker.Docker {
 	docker, err := docker.NewClient(ctx.GlobalString("host"))
+	var tlsConfig tls.Config
+	tlsConfig.InsecureSkipVerify = true
+	if ctx.GlobalBool("tls") || ctx.GlobalString("tlsverify") != "" {
+		if ctx.GlobalString("tlsverify") != "" {
+			certPool := x509.NewCertPool()
+			file, err := ioutil.ReadFile(ctx.GlobalString("tlscacert"))
+			if err != nil {
+				fmt.Fprintln(os.Stderr, err)
+				os.Exit(1)
+			}
+			certPool.AppendCertsFromPEM(file)
+			tlsConfig.RootCAs = certPool
+			tlsConfig.InsecureSkipVerify = false
+		}
+
+		_, errCert := os.Stat(ctx.GlobalString("tlscert"))
+		_, errKey := os.Stat(ctx.GlobalString("tlskey"))
+		if errCert == nil || errKey == nil {
+			cert, err := tls.LoadX509KeyPair(ctx.GlobalString("tlscert"), ctx.GlobalString("tlskey"))
+			if err != nil {
+				fmt.Fprintf(os.Stderr, "Couldn't load X509 key pair: %s. Key encrpyted?\n", err)
+				os.Exit(1)
+			}
+			tlsConfig.Certificates = []tls.Certificate{cert}
+		}
+		tlsConfig.MinVersion = tls.VersionTLS10
+		docker.SetTlsConfig(&tlsConfig)
+	}
 	if err != nil {
-		fmt.Println(err)
+		fmt.Fprintln(os.Stderr, err)
 		os.Exit(1)
 	}
 	return docker
 }
 
-func setup(client docker.Docker) *volStore {
+func setup(client docker.Docker, rootPath string) *volStore {
 	var volumes = &volStore{
 		s: make(map[string]*Volume),
 	}
 	containers, err := client.FetchAllContainers(true)
 	if err != nil {
-		fmt.Println(err)
+		fmt.Fprintln(os.Stderr, err)
 		os.Exit(1)
 	}
 
 	for _, c := range containers {
 		c, err = client.FetchContainer(c.Id)
 		if err != nil {
-			fmt.Println(err)
+			fmt.Fprintln(os.Stderr, err)
 		}
 		vols, err := c.GetVolumes()
 		if err != nil {
@@ -120,17 +185,20 @@ func setup(client docker.Docker) *volStore {
 
 	info, err := client.Info()
 	if err != nil {
-		fmt.Println(err)
+		fmt.Fprint(os.Stderr, err)
 		os.Exit(1)
 	}
 
 	path := info.RootPath()
 	path = strings.TrimSuffix(path, "/"+filepath.Base(path))
-	path = path + "/vfs/dir"
+	if path == "" {
+		path = rootPath
+	}
+	path = filepath.Join(path, "/vfs/dir")
 
 	volDirs, err := volumesFromDisk(path, client)
 	if err != nil {
-		fmt.Println(err)
+		fmt.Fprint(os.Stderr, err)
 		os.Exit(1)
 	}
 

make.sh

@@ -1,7 +1,8 @@
 #!/bin/bash
-go get
 if [ "$1" == "dyn" ]; then
   go build
 else
   CGO_ENABLED=0 go build -a -ldflags -d
 fi
+
+mv docker-volumes /docker-volumes