package main import ( "bytes" "context" "encoding/json" "fmt" "io/ioutil" "net" "net/http" "net/url" "os" "golang.org/x/crypto/ssh" ) // remote PODMAN_HOST=ssh://<user>@<host>[:port]/run/podman/podman.sock // local PODMAN_HOST=unix://run/podman/podman.sock var ( DefaultURL = "unix://root@localhost/run/podman/podman.sock" ) func main() { connectionURL := DefaultURL if value, found := os.LookupEnv("PODMAN_HOST"); found { connectionURL = value } _url, err := url.Parse(connectionURL) if err != nil { die("Value of PODMAN_HOST is not a valid url: %s\n", connectionURL) } if _url.Scheme != "ssh" && _url.Scheme != "unix" { die("Scheme from PODMAN_HOST is not supported: %s\n", _url.Scheme) } // Now we setup the http client to use the connection above client := &http.Client{} if _url.Scheme == "ssh" { var auth ssh.AuthMethod if value, found := os.LookupEnv("PODMAN_SSHKEY"); found { auth, err = publicKey(value) if err != nil { die("Failed to parse %s: %v\n", value, err) } } else { die("PODMAN_SSHKEY was not defined\n") } // Connect to sshd bastion, err := ssh.Dial("tcp", net.JoinHostPort(_url.Hostname(), _url.Port()), &ssh.ClientConfig{ User: _url.User.Username(), Auth: []ssh.AuthMethod{auth}, HostKeyCallback: ssh.InsecureIgnoreHostKey(), }, ) if err != nil { die("Failed to build ssh tunnel") } defer bastion.Close() client.Transport = &http.Transport{ DialContext: func(_ context.Context, _, _ string) (net.Conn, error) { // Now we make the connection to the unix domain socket on the server using the ssh tunnel return bastion.Dial("unix", _url.Path) }, } } else { client.Transport = &http.Transport{ DialContext: func(ctx context.Context, _, _ string) (net.Conn, error) { d := net.Dialer{} return d.DialContext(ctx, "unix", _url.Path) }, DisableCompression: true, } } resp, err := client.Get("http://localhost/v1.24/images/json") if err != nil { die(err.Error()) } defer resp.Body.Close() body, _ := ioutil.ReadAll(resp.Body) var output bytes.Buffer _ = json.Indent(&output, body, "", " ") fmt.Printf("%s\n", output.String()) os.Exit(0) } func die(format string, a ...interface{}) { fmt.Fprintf(os.Stderr, format, a...) fmt.Fprintf(os.Stderr, "\n") os.Exit(1) } func publicKey(path string) (ssh.AuthMethod, error) { key, err := ioutil.ReadFile(path) if err != nil { return nil, err } signer, err := ssh.ParsePrivateKey(key) if err != nil { return nil, err } return ssh.PublicKeys(signer), nil }