fix: Remove the temp cert files only after the docker client is initialized (#1030)

laurentluce · web-flow · commit 1a6bb747b99b · 2023-07-31T13:07:19.000-04:00
## Description:
The temp cert files were removed before the docker client got a chance
to read them to build a TLS config. Not sure if this was due to a race
condition or a recent change in the docker client.

## Is this change user facing?
NO
diff --git a/container-engine-lib/lib/backend_impls/docker/docker_kurtosis_backend/backend_creator/backend_creator.go b/container-engine-lib/lib/backend_impls/docker/docker_kurtosis_backend/backend_creator/backend_creator.go
@@ -86,30 +86,33 @@ func getRemoteDockerKurtosisBackend(
 	optionalApiContainerModeArgs *APIContainerModeArgs,
 	remoteBackendConfig *configs.KurtosisRemoteBackendConfig,
 ) (backend_interface.KurtosisBackend, error) {
-	remoteDockerClientOpts, err := buildRemoteDockerClientOpts(remoteBackendConfig)
+	remoteDockerClientOpts, cleanCertFilesFunc, err := buildRemoteDockerClientOpts(remoteBackendConfig)
 	if err != nil {
 		return nil, stacktrace.Propagate(err, "Error building client configuration for Docker remote backend")
 	}
+	defer cleanCertFilesFunc()
 	kurtosisRemoteBackend, err := getDockerKurtosisBackend(remoteDockerClientOpts, optionalApiContainerModeArgs)
 	if err != nil {
 		return nil, stacktrace.Propagate(err, "Error building Kurtosis remote Docker backend")
 	}
 	return kurtosisRemoteBackend, nil
 }
 
-func buildRemoteDockerClientOpts(remoteBackendConfig *configs.KurtosisRemoteBackendConfig) ([]client.Opt, error) {
+func buildRemoteDockerClientOpts(remoteBackendConfig *configs.KurtosisRemoteBackendConfig) ([]client.Opt, func(), error) {
 	var clientOptions []client.Opt
 
 	// host and port option
 	clientOptions = append(clientOptions, client.WithHost(remoteBackendConfig.Endpoint))
 
 	// TLS option if config is present
+	cleanCertFilesFunc := func() {}
 	if tlsConfig := remoteBackendConfig.Tls; tlsConfig != nil {
-		tlsFilesDir, cleanCertFilesFunc, err := writeTlsConfigToTempDir(tlsConfig.Ca, tlsConfig.ClientCert, tlsConfig.ClientKey)
+		var tlsFilesDir string
+		var err error
+		tlsFilesDir, cleanCertFilesFunc, err = writeTlsConfigToTempDir(tlsConfig.Ca, tlsConfig.ClientCert, tlsConfig.ClientKey)
 		if err != nil {
-			return nil, stacktrace.Propagate(err, "Error building TLS configuration to connect to remote Docker backend")
+			return nil, nil, stacktrace.Propagate(err, "Error building TLS configuration to connect to remote Docker backend")
 		}
-		defer cleanCertFilesFunc()
 		tlsOpt := client.WithTLSClientConfig(
 			path.Join(tlsFilesDir, caFileName),
 			path.Join(tlsFilesDir, certFileName),
@@ -119,7 +122,7 @@ func buildRemoteDockerClientOpts(remoteBackendConfig *configs.KurtosisRemoteBack
 
 	// Timeout and API version negotiation option
 	clientOptions = append(clientOptions, client.WithAPIVersionNegotiation())
-	return clientOptions, nil
+	return clientOptions, cleanCertFilesFunc, nil
 }
 
 // writeTlsConfigToTempDir writes the different TLS files to a directory, and returns the path to this directory.
