Support remote Docker daemon for building images

Prior to this commit, the build plugin goal/task for building images
required a locally running Docker daemon that was accessed via a
non-networked socket or pipe.

This commit adds support for remote Docker daemons at a location
specified by the environment variable `DOCKER_HOST`. Additional
environment variables `DOCKER_TLS_VERIFY` and `DOCKER_CERT_PATH`
are recognized for configuring a secure TLS connection to the daemon.

Fixes gh-20538

Author: scottfrederick

spring-boot-project/spring-boot-tools/spring-boot-buildpack-platform/src/main/java/org/springframework/boot/buildpack/platform/docker/DockerApi.java

@@ -44,6 +44,7 @@
  * Provides access to the limited set of Docker APIs needed by pack.
  *
  * @author Phillip Webb
+ * @author Scott Frederick
  * @since 2.3.0
  */
 public class DockerApi {
@@ -96,7 +97,7 @@ private URI buildUrl(String path, Collection<String> params) {
 
 	private URI buildUrl(String path, String... params) {
 		try {
-			URIBuilder builder = new URIBuilder("docker://localhost/" + API_VERSION + path);
+			URIBuilder builder = new URIBuilder("/" + API_VERSION + path);
 			int param = 0;
 			while (param < params.length) {
 				builder.addParameter(params[param++], params[param++]);

spring-boot-project/spring-boot-tools/spring-boot-buildpack-platform/src/main/java/org/springframework/boot/buildpack/platform/docker/DockerException.java

@@ -24,6 +24,7 @@
  * Exception throw when the Docker API fails.
  *
  * @author Phillip Webb
+ * @author Scott Frederick
  * @since 2.3.0
  */
 public class DockerException extends RuntimeException {
@@ -34,8 +35,8 @@ public class DockerException extends RuntimeException {
 
 	private final Errors errors;
 
-	DockerException(URI uri, int statusCode, String reasonPhrase, Errors errors) {
-		super(buildMessage(uri, statusCode, reasonPhrase, errors));
+	DockerException(String host, URI uri, int statusCode, String reasonPhrase, Errors errors) {
+		super(buildMessage(host, uri, statusCode, reasonPhrase, errors));
 		this.statusCode = statusCode;
 		this.reasonPhrase = reasonPhrase;
 		this.errors = errors;
@@ -66,10 +67,11 @@ public Errors getErrors() {
 		return this.errors;
 	}
 
-	private static String buildMessage(URI uri, int statusCode, String reasonPhrase, Errors errors) {
+	private static String buildMessage(String host, URI uri, int statusCode, String reasonPhrase, Errors errors) {
+		Assert.notNull(host, "host must not be null");
 		Assert.notNull(uri, "URI must not be null");
 		StringBuilder message = new StringBuilder(
-				"Docker API call to '" + uri + "' failed with status code " + statusCode);
+				"Docker API call to '" + host + uri + "' failed with status code " + statusCode);
 		if (reasonPhrase != null && !reasonPhrase.isEmpty()) {
 			message.append(" \"" + reasonPhrase + "\"");
 		}

spring-boot-project/spring-boot-tools/spring-boot-buildpack-platform/src/main/java/org/springframework/boot/buildpack/platform/docker/HttpClientHttp.java

@@ -23,6 +23,7 @@
 
 import org.apache.http.HttpEntity;
 import org.apache.http.HttpHeaders;
+import org.apache.http.HttpHost;
 import org.apache.http.StatusLine;
 import org.apache.http.client.HttpClient;
 import org.apache.http.client.methods.CloseableHttpResponse;
@@ -34,9 +35,9 @@
 import org.apache.http.client.methods.HttpUriRequest;
 import org.apache.http.entity.AbstractHttpEntity;
 import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.HttpClientBuilder;
-import org.apache.http.impl.client.HttpClients;
 
+import org.springframework.boot.buildpack.platform.docker.httpclient.DelegatingDockerHttpClientConnection;
+import org.springframework.boot.buildpack.platform.docker.httpclient.DockerHttpClientConnection;
 import org.springframework.boot.buildpack.platform.io.Content;
 import org.springframework.boot.buildpack.platform.io.IOConsumer;
 import org.springframework.boot.buildpack.platform.json.SharedObjectMapper;
@@ -50,17 +51,14 @@
  */
 class HttpClientHttp implements Http {
 
-	private final CloseableHttpClient client;
+	private final DockerHttpClientConnection clientConnection;
 
 	HttpClientHttp() {
-		HttpClientBuilder builder = HttpClients.custom();
-		builder.setConnectionManager(new DockerHttpClientConnectionManager());
-		builder.setSchemePortResolver(new DockerSchemePortResolver());
-		this.client = builder.build();
+		this.clientConnection = DelegatingDockerHttpClientConnection.create();
 	}
 
-	HttpClientHttp(CloseableHttpClient client) {
-		this.client = client;
+	HttpClientHttp(DockerHttpClientConnection clientConnection) {
+		this.clientConnection = clientConnection;
 	}
 
 	/**
@@ -90,7 +88,6 @@ public Response post(URI uri) {
 	 * @param writer a content writer
 	 * @return the operation response
 	 */
-
 	@Override
 	public Response post(URI uri, String contentType, IOConsumer<OutputStream> writer) {
 		return execute(new HttpPost(uri), contentType, writer);
@@ -103,7 +100,6 @@ public Response post(URI uri, String contentType, IOConsumer<OutputStream> write
 	 * @param writer a content writer
 	 * @return the operation response
 	 */
-
 	@Override
 	public Response put(URI uri, String contentType, IOConsumer<OutputStream> writer) {
 		return execute(new HttpPut(uri), contentType, writer);
@@ -114,7 +110,6 @@ public Response put(URI uri, String contentType, IOConsumer<OutputStream> writer
 	 * @param uri the destination URI
 	 * @return the operation response
 	 */
-
 	@Override
 	public Response delete(URI uri) {
 		return execute(new HttpDelete(uri));
@@ -128,23 +123,36 @@ private Response execute(HttpEntityEnclosingRequestBase request, String contentT
 	}
 
 	private Response execute(HttpUriRequest request) {
+		HttpHost host = this.clientConnection.getHttpHost();
+		CloseableHttpClient client = this.clientConnection.getHttpClient();
+
 		try {
-			CloseableHttpResponse response = this.client.execute(request);
+			CloseableHttpResponse response = client.execute(host, request);
 			StatusLine statusLine = response.getStatusLine();
 			int statusCode = statusLine.getStatusCode();
 			HttpEntity entity = response.getEntity();
 
 			if (statusCode >= 400 && statusCode < 500) {
-				Errors errors = SharedObjectMapper.get().readValue(entity.getContent(), Errors.class);
-				throw new DockerException(request.getURI(), statusCode, statusLine.getReasonPhrase(), errors);
+				throw new DockerException(host.toHostString(), request.getURI(), statusCode,
+						statusLine.getReasonPhrase(), getErrorsFromResponse(entity));
 			}
 			if (statusCode == 500) {
-				throw new DockerException(request.getURI(), statusCode, statusLine.getReasonPhrase(), null);
+				throw new DockerException(host.toHostString(), request.getURI(), statusCode,
+						statusLine.getReasonPhrase(), null);
 			}
 			return new HttpClientResponse(response);
 		}
 		catch (IOException ioe) {
-			throw new DockerException(request.getURI(), 500, ioe.getMessage(), null);
+			throw new DockerException(host.toHostString(), request.getURI(), 500, ioe.getMessage(), null);
+		}
+	}
+
+	private Errors getErrorsFromResponse(HttpEntity entity) {
+		try {
+			return SharedObjectMapper.get().readValue(entity.getContent(), Errors.class);
+		}
+		catch (IOException ioe) {
+			return null;
 		}
 	}
 

spring-boot-project/spring-boot-tools/spring-boot-buildpack-platform/src/main/java/org/springframework/boot/buildpack/platform/docker/httpclient/DelegatingDockerHttpClientConnection.java

@@ -0,0 +1,74 @@
+/*
+ * Copyright 2012-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.boot.buildpack.platform.docker.httpclient;
+
+import org.apache.http.HttpHost;
+import org.apache.http.client.HttpClient;
+import org.apache.http.impl.client.CloseableHttpClient;
+
+/**
+ * A {@code DockerHttpClientConnection} that determines an appropriate connection to a
+ * Docker host by detecting whether a remote Docker host is configured or if a default
+ * local connection should be used.
+ *
+ * @author Scott Frederick
+ * @since 2.3.0
+ */
+public final class DelegatingDockerHttpClientConnection implements DockerHttpClientConnection {
+
+	private static final RemoteEnvironmentDockerHttpClientConnection REMOTE_FACTORY = new RemoteEnvironmentDockerHttpClientConnection();
+
+	private static final LocalDockerHttpClientConnection LOCAL_FACTORY = new LocalDockerHttpClientConnection();
+
+	private final DockerHttpClientConnection delegate;
+
+	private DelegatingDockerHttpClientConnection(DockerHttpClientConnection delegate) {
+		this.delegate = delegate;
+	}
+
+	/**
+	 * Get an {@link HttpHost} describing the Docker host connection.
+	 * @return the {@code HttpHost}
+	 */
+	public HttpHost getHttpHost() {
+		return this.delegate.getHttpHost();
+	}
+
+	/**
+	 * Get an {@link HttpClient} that can be used to communicate with the Docker host.
+	 * @return the {@code HttpClient}
+	 */
+	public CloseableHttpClient getHttpClient() {
+		return this.delegate.getHttpClient();
+	}
+
+	/**
+	 * Create a {@link DockerHttpClientConnection} by detecting the connection
+	 * configuration.
+	 * @return the {@code DockerHttpClientConnection}
+	 */
+	public static DockerHttpClientConnection create() {
+		if (REMOTE_FACTORY.accept()) {
+			return new DelegatingDockerHttpClientConnection(REMOTE_FACTORY);
+		}
+		if (LOCAL_FACTORY.accept()) {
+			return new DelegatingDockerHttpClientConnection(LOCAL_FACTORY);
+		}
+		return null;
+	}
+
+}

spring-boot-project/spring-boot-tools/spring-boot-buildpack-platform/src/main/java/org/springframework/boot/buildpack/platform/docker/httpclient/DockerHttpClientConnection.java

@@ -0,0 +1,43 @@
+/*
+ * Copyright 2012-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.boot.buildpack.platform.docker.httpclient;
+
+import org.apache.http.HttpHost;
+import org.apache.http.client.HttpClient;
+import org.apache.http.impl.client.CloseableHttpClient;
+
+/**
+ * Describes a connection to a Docker host.
+ *
+ * @author Scott Frederick
+ * @since 2.3.0
+ */
+public interface DockerHttpClientConnection {
+
+	/**
+	 * Create an {@link HttpHost} describing the Docker host connection.
+	 * @return the {@code HttpHost}
+	 */
+	HttpHost getHttpHost();
+
+	/**
+	 * Create an {@link HttpClient} that can be used to communicate with the Docker host.
+	 * @return the {@code HttpClient}
+	 */
+	CloseableHttpClient getHttpClient();
+
+}

spring-boot-project/spring-boot-tools/spring-boot-buildpack-platform/src/main/java/org/springframework/boot/buildpack/platform/docker/DockerConnectionSocketFactory.java renamed to spring-boot-project/spring-boot-tools/spring-boot-buildpack-platform/src/main/java/org/springframework/boot/buildpack/platform/docker/httpclient/LocalDockerConnectionSocketFactory.java

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.boot.buildpack.platform.docker;
+package org.springframework.boot.buildpack.platform.docker.httpclient;
 
 import java.io.IOException;
 import java.net.InetSocketAddress;
@@ -33,8 +33,9 @@
  * pipe.
  *
  * @author Phillip Webb
+ * @author Scott Frederick
  */
-class DockerConnectionSocketFactory implements ConnectionSocketFactory {
+class LocalDockerConnectionSocketFactory implements ConnectionSocketFactory {
 
 	private static final String DOMAIN_SOCKET_PATH = "/var/run/docker.sock";
 

spring-boot-project/spring-boot-tools/spring-boot-buildpack-platform/src/main/java/org/springframework/boot/buildpack/platform/docker/DockerDnsResolver.java renamed to spring-boot-project/spring-boot-tools/spring-boot-buildpack-platform/src/main/java/org/springframework/boot/buildpack/platform/docker/httpclient/LocalDockerDnsResolver.java

@@ -14,20 +14,21 @@
  * limitations under the License.
  */
 
-package org.springframework.boot.buildpack.platform.docker;
+package org.springframework.boot.buildpack.platform.docker.httpclient;
 
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 
 import org.apache.http.conn.DnsResolver;
 
 /**
- * {@link DnsResolver} used by the {@link DockerHttpClientConnectionManager} to ensure
- * only the loopback address is used.
+ * {@link DnsResolver} used by the {@link LocalDockerHttpClientConnectionManager} to
+ * ensure only the loopback address is used.
  *
  * @author Phillip Webb
+ * @author Scott Frederick
  */
-class DockerDnsResolver implements DnsResolver {
+class LocalDockerDnsResolver implements DnsResolver {
 
 	private static final InetAddress[] LOOPBACK = new InetAddress[] { InetAddress.getLoopbackAddress() };
 

spring-boot-project/spring-boot-tools/spring-boot-buildpack-platform/src/main/java/org/springframework/boot/buildpack/platform/docker/httpclient/LocalDockerHttpClientConnection.java

@@ -0,0 +1,75 @@
+/*
+ * Copyright 2012-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.boot.buildpack.platform.docker.httpclient;
+
+import org.apache.http.HttpHost;
+import org.apache.http.client.HttpClient;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.impl.client.HttpClients;
+
+import org.springframework.util.Assert;
+
+/**
+ * A {@link DockerHttpClientConnection} that describes a connection to a local Docker
+ * host.
+ *
+ * @author Scott Frederick
+ * @since 2.3.0
+ */
+public class LocalDockerHttpClientConnection implements DockerHttpClientConnection {
+
+	private HttpHost httpHost;
+
+	private CloseableHttpClient httpClient;
+
+	/**
+	 * Indicate that this factory can be used as a default.
+	 * @return {@code true} always
+	 */
+	public boolean accept() {
+		this.httpHost = HttpHost.create("docker://localhost");
+
+		HttpClientBuilder builder = HttpClients.custom();
+		builder.setConnectionManager(new LocalDockerHttpClientConnectionManager());
+		builder.setSchemePortResolver(new LocalDockerSchemePortResolver());
+		this.httpClient = builder.build();
+
+		return true;
+	}
+
+	/**
+	 * Get an {@link HttpHost} describing a local Docker host connection.
+	 * @return the {@code HttpHost}
+	 */
+	@Override
+	public HttpHost getHttpHost() {
+		Assert.state(this.httpHost != null, "DockerHttpClientConnection was not properly initialized");
+		return this.httpHost;
+	}
+
+	/**
+	 * Get an {@link HttpClient} that can be used to communicate with a local Docker host.
+	 * @return the {@code HttpClient}
+	 */
+	@Override
+	public CloseableHttpClient getHttpClient() {
+		Assert.state(this.httpClient != null, "DockerHttpClientConnection was not properly initialized");
+		return this.httpClient;
+	}
+
+}