From 36f56605b7f2d8482ea70f4dc48b5b16b0cbe793 Mon Sep 17 00:00:00 2001 From: Nicolas De Loof Date: Wed, 24 Sep 2025 16:53:55 +0200 Subject: [PATCH] introduce ability to configure client with SecureContextOptions Signed-off-by: Nicolas De Loof --- lib/docker-client.ts | 31 ++++++++++++++++++++----------- lib/tls.ts | 9 +++------ 2 files changed, 23 insertions(+), 17 deletions(-) diff --git a/lib/docker-client.ts b/lib/docker-client.ts index 87c9dce..1fd94bd 100644 --- a/lib/docker-client.ts +++ b/lib/docker-client.ts @@ -17,6 +17,7 @@ import { isFileNotFoundError, parseDockerHost, } from './util.js'; +import type { SecureContextOptions } from 'tls'; export interface Credentials { username: string; @@ -40,12 +41,12 @@ export class DockerClient { /** * Create a DockerClient instance from a Docker host string * @param dockerHost Docker host string (e.g., "unix:/var/run/docker.sock", "tcp://localhost:2376", or "ssh://user@host[:port][/path/to/docker.sock]") - * @param certPath Optional path to directory containing TLS certificates (ca.pem, cert.pem, key.pem) for TCP connections + * @param certificates Optional path to directory containing TLS certificates (ca.pem, cert.pem, key.pem) for TCP connections * @returns Promise that resolves to a connected DockerClient instance */ static fromDockerHost( dockerHost: string, - certPath?: string, + certificates?: string | SecureContextOptions, ): Promise { return new Promise((resolve, reject) => { if (dockerHost.startsWith('unix:')) { @@ -66,18 +67,26 @@ export class DockerClient { } } else if (dockerHost.startsWith('tcp:')) { // TCP connection - use SocketAgent with TCP socket creation function - const defaultPort = certPath ? 2376 : 2375; // Default ports: 2376 for TLS, 2375 for plain + const defaultPort = certificates ? 2376 : 2375; // Default ports: 2376 for TLS, 2375 for plain const { host, port } = parseDockerHost(dockerHost, defaultPort); try { let agent: SocketAgent; - if (certPath) { - // Use SocketAgent with TLS socket creation function - const tlsOptions = TLS.loadCertificates(certPath); - agent = new SocketAgent(() => - tls.connect({ host, port, ...tlsOptions }), - ); + if (certificates) { + if (typeof certificates === 'string') { + // Use SocketAgent with TLS socket creation function + const tlsOptions = + TLS.loadCertificates(certificates); + agent = new SocketAgent(() => + tls.connect({ host, port, ...tlsOptions }), + ); + } else { + // certificates is a SecureContextOptions type + agent = new SocketAgent(() => + tls.connect({ host, port, ...certificates }), + ); + } } else { // Use SocketAgent with plain TCP socket creation function agent = new SocketAgent(() => @@ -345,7 +354,7 @@ export class DockerClient { public async containerArchive( id: string, path: string, - out: NodeJS.WritableStream, + out: stream.Writable, ): Promise { return this.api.get( `/containers/${id}/archive`, @@ -796,7 +805,7 @@ export class DockerClient { public async putContainerArchive( id: string, path: string, - tar: NodeJS.ReadableStream, + tar: stream.Readable, options?: { noOverwriteDirNonDir?: string; copyUIDGID?: string; diff --git a/lib/tls.ts b/lib/tls.ts index 6f77f95..0478e5c 100644 --- a/lib/tls.ts +++ b/lib/tls.ts @@ -1,6 +1,7 @@ import * as fs from 'fs'; import * as path from 'path'; import { getErrorMessage } from './util.js'; +import type { SecureContextOptions } from 'tls'; /** * TLS certificate utilities for secure Docker connections @@ -11,12 +12,8 @@ export class TLS { * @param certPath Path to directory containing ca.pem, cert.pem, and key.pem files * @returns TLS options object for HTTPS agent */ - static loadCertificates(certPath: string): { - ca?: Buffer; - cert?: Buffer; - key?: Buffer; - } { - const tlsOptions: { ca?: Buffer; cert?: Buffer; key?: Buffer } = {}; + static loadCertificates(certPath: string): SecureContextOptions { + const tlsOptions: SecureContextOptions = {}; try { // Load CA certificate