docker
Allow users to create TLS config from arbitrary sources of PEM data
Fix #52
This introduce an abstraction for accessing PEM Data (that can come from files, or from anything else, including byte slice in memory).
Wow, that's a lot of changes.
Just some quick thoughts;
- could this be possibly be handled by a
config()function (feature that was added in https://github.com/docker/go-connections/pull/45); i.e. have the function read the data and add it to the config - passing a
Readercloserinstead of filepath to load the certificates (reader could read from memory or a file)
Basically we want to replace tls.LoadX509KeyPair() (currently used, assumes a filename is passed), with tls.X509KeyPair() which just loads the data, correct?
So for the config() function-parameters, if this part of the code didn't expect it has to load a file, but checks if ..Certificates is already propagated; https://github.com/docker/go-connections/blob/eed1c499cef34e358f4a10f8de1ce1b1a945556f/tlsconfig/config.go#L231-L240
Would it then be possible to just load the data upfront?
Just really thinking out loud
@thaJeztah
- problem with config, is that the option struct itself assumes it references files. So we would need to modify everything with the assumption that everything has already been loaded.
- ReaderCloser implementations can only be read once. I can't guarantee that an option object ould be used only once (and anyway, I am not completely sure that some files are not already read twice in some Client or Server calls).
I also wanted to keep the error messages as untouched as possible (the only purpose of the PEMSource interface to have a Name() method is to keep the same error messages everywhere it is possible)
I think @thaJeztah thinks more of something like the following diff : https://github.com/docker/go-connections/compare/master...vdemeester:more-opts
This would allow to pass read/load certificates from memory (or really anywhere) without requiring any more changes in that repository for that matter.
