From 2cc87555cb1e1c1c8322ca4dcae21f00025800aa Mon Sep 17 00:00:00 2001
From: Joffrey F <joffrey@docker.com>
Date: Mon, 21 Mar 2016 14:23:31 -0700
Subject: [PATCH] tls_config_from_options unit tests

Signed-off-by: Joffrey F <joffrey@docker.com>
---
 compose/cli/docker_client.py         |  2 +-
 tests/fixtures/tls/ca.pem            |  0
 tests/fixtures/tls/cert.pem          |  0
 tests/fixtures/tls/key.key           |  0
 tests/unit/cli/docker_client_test.py | 89 +++++++++++++++++++++++++++-
 5 files changed, 87 insertions(+), 4 deletions(-)
 create mode 100644 tests/fixtures/tls/ca.pem
 create mode 100644 tests/fixtures/tls/cert.pem
 create mode 100644 tests/fixtures/tls/key.key

diff --git a/compose/cli/docker_client.py b/compose/cli/docker_client.py
index d47bd2dbbe..deb5686601 100644
--- a/compose/cli/docker_client.py
+++ b/compose/cli/docker_client.py
@@ -22,7 +22,7 @@ def tls_config_from_options(options):
     cert = options.get('--tlscert')
     key = options.get('--tlskey')
     verify = options.get('--tlsverify')
-    hostname = urlparse(options.get('--host', '')).hostname
+    hostname = urlparse(options.get('--host') or '').hostname
 
     advanced_opts = any([ca_cert, cert, key, verify])
 
diff --git a/tests/fixtures/tls/ca.pem b/tests/fixtures/tls/ca.pem
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/tests/fixtures/tls/cert.pem b/tests/fixtures/tls/cert.pem
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/tests/fixtures/tls/key.key b/tests/fixtures/tls/key.key
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/tests/unit/cli/docker_client_test.py b/tests/unit/cli/docker_client_test.py
index d497495b40..b55f1d1799 100644
--- a/tests/unit/cli/docker_client_test.py
+++ b/tests/unit/cli/docker_client_test.py
@@ -3,7 +3,11 @@ from __future__ import unicode_literals
 
 import os
 
-from compose.cli import docker_client
+import docker
+import pytest
+
+from compose.cli.docker_client import docker_client
+from compose.cli.docker_client import tls_config_from_options
 from tests import mock
 from tests import unittest
 
@@ -13,10 +17,89 @@ class DockerClientTestCase(unittest.TestCase):
     def test_docker_client_no_home(self):
         with mock.patch.dict(os.environ):
             del os.environ['HOME']
-            docker_client.docker_client()
+            docker_client()
 
     def test_docker_client_with_custom_timeout(self):
         timeout = 300
         with mock.patch('compose.cli.docker_client.HTTP_TIMEOUT', 300):
-            client = docker_client.docker_client()
+            client = docker_client()
             self.assertEqual(client.timeout, int(timeout))
+
+
+class TLSConfigTestCase(unittest.TestCase):
+    ca_cert = 'tests/fixtures/tls/ca.pem'
+    client_cert = 'tests/fixtures/tls/cert.pem'
+    key = 'tests/fixtures/tls/key.key'
+
+    def test_simple_tls(self):
+        options = {'--tls': True}
+        result = tls_config_from_options(options)
+        assert result is True
+
+    def test_tls_ca_cert(self):
+        options = {
+            '--tlscacert': self.ca_cert, '--tlsverify': True
+        }
+        result = tls_config_from_options(options)
+        assert isinstance(result, docker.tls.TLSConfig)
+        assert result.ca_cert == options['--tlscacert']
+        assert result.verify is True
+
+    def test_tls_ca_cert_explicit(self):
+        options = {
+            '--tlscacert': self.ca_cert, '--tls': True,
+            '--tlsverify': True
+        }
+        result = tls_config_from_options(options)
+        assert isinstance(result, docker.tls.TLSConfig)
+        assert result.ca_cert == options['--tlscacert']
+        assert result.verify is True
+
+    def test_tls_client_cert(self):
+        options = {
+            '--tlscert': self.client_cert, '--tlskey': self.key
+        }
+        result = tls_config_from_options(options)
+        assert isinstance(result, docker.tls.TLSConfig)
+        assert result.cert == (options['--tlscert'], options['--tlskey'])
+
+    def test_tls_client_cert_explicit(self):
+        options = {
+            '--tlscert': self.client_cert, '--tlskey': self.key,
+            '--tls': True
+        }
+        result = tls_config_from_options(options)
+        assert isinstance(result, docker.tls.TLSConfig)
+        assert result.cert == (options['--tlscert'], options['--tlskey'])
+
+    def test_tls_client_and_ca(self):
+        options = {
+            '--tlscert': self.client_cert, '--tlskey': self.key,
+            '--tlsverify': True, '--tlscacert': self.ca_cert
+        }
+        result = tls_config_from_options(options)
+        assert isinstance(result, docker.tls.TLSConfig)
+        assert result.cert == (options['--tlscert'], options['--tlskey'])
+        assert result.ca_cert == options['--tlscacert']
+        assert result.verify is True
+
+    def test_tls_client_and_ca_explicit(self):
+        options = {
+            '--tlscert': self.client_cert, '--tlskey': self.key,
+            '--tlsverify': True, '--tlscacert': self.ca_cert,
+            '--tls': True
+        }
+        result = tls_config_from_options(options)
+        assert isinstance(result, docker.tls.TLSConfig)
+        assert result.cert == (options['--tlscert'], options['--tlskey'])
+        assert result.ca_cert == options['--tlscacert']
+        assert result.verify is True
+
+    def test_tls_client_missing_key(self):
+        options = {'--tlscert': self.client_cert}
+        with pytest.raises(docker.errors.TLSParameterError):
+            tls_config_from_options(options)
+
+        options = {'--tlskey': self.key}
+        with pytest.raises(docker.errors.TLSParameterError):
+            tls_config_from_options(options)