providers/docker: support DOCKER_CERT_PATH

builtin/providers/docker/config.go

@@ -1,10 +1,15 @@
 package docker
 
-import dc "github.com/fsouza/go-dockerclient"
+import (
+	"path/filepath"
+
+	dc "github.com/fsouza/go-dockerclient"
+)
 
 type Config struct {
-	DockerHost string
-	SkipPull   bool
+	Host     string
+	CertPath string
+	SkipPull bool
 }
 
 type Data struct {
@@ -13,7 +18,16 @@ type Data struct {
 
 // NewClient() returns a new Docker client.
 func (c *Config) NewClient() (*dc.Client, error) {
-	return dc.NewClient(c.DockerHost)
+	// If there is no cert information, then just return the direct client
+	if c.CertPath == "" {
+		return dc.NewClient(c.Host)
+	}
+
+	// If there is cert information, load it and use it.
+	ca := filepath.Join(c.CertPath, "ca.pem")
+	cert := filepath.Join(c.CertPath, "cert.pem")
+	key := filepath.Join(c.CertPath, "key.pem")
+	return dc.NewTLSClient(c.Host, cert, key, ca)
 }
 
 // NewData() returns a new data struct.

builtin/providers/docker/provider.go

@@ -8,11 +8,18 @@ import (
 func Provider() terraform.ResourceProvider {
 	return &schema.Provider{
 		Schema: map[string]*schema.Schema{
-			"docker_host": &schema.Schema{
+			"host": &schema.Schema{
 				Type:        schema.TypeString,
 				Required:    true,
 				DefaultFunc: schema.EnvDefaultFunc("DOCKER_HOST", "unix:/run/docker.sock"),
-				Description: "The Docker daemon endpoint",
+				Description: "The Docker daemon address",
+			},
+
+			"cert_path": &schema.Schema{
+				Type:        schema.TypeString,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("DOCKER_CERT_PATH", nil),
+				Description: "Path to directory with Docker TLS config",
 			},
 		},
 
@@ -27,7 +34,8 @@ func Provider() terraform.ResourceProvider {
 
 func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 	config := Config{
-		DockerHost: d.Get("docker_host").(string),
+		Host:     d.Get("host").(string),
+		CertPath: d.Get("cert_path").(string),
 	}
 
 	return &config, nil