Surfaced during the audit of #605 / #606.
Symptom
core/adapters/docker/client.go::createHTTPClient switches on the URL scheme to select a transport dialer:
switch {
case strings.HasPrefix(host, "unix://"):
// unix socket dialer
case strings.HasPrefix(host, "https://"):
// ForceAttemptHTTP2
default:
// plain TCP, no special dialer, no HTTP/2
}Schemes that fall into default and silently produce a broken or surprising transport:
| Scheme |
Valid Docker host? |
Result today |
npipe:// |
Yes (Windows default) |
Plain TCP transport tries to dial a named pipe; only works because the SDK's own fallback dialer rescues it — an implicit dependency. |
ssh:// |
Yes (Docker over SSH) |
Plain TCP transport cannot establish an SSH tunnel. Fails opaquely. |
fd:// |
Yes (systemd socket activation) |
Plain TCP. Fails opaquely. |
tcp+tls:// |
Yes (TLS over TCP) |
Plain TCP, no TLS. Silent downgrade. |
HTTP://, UNIX:// (uppercase) |
Conventionally lowercase but valid per RFC |
strings.HasPrefix is case-sensitive — falls into default. |
Suggested fix
Two options, in order of preference:
- Validate at construction: parse the host with
client.ParseHostURL, reject unsupported schemes with a clear error and a list of supported values. Operator gets an actionable failure at startup instead of an opaque dial error later.
- Add explicit cases for the schemes Ofelia actually intends to support, and document the contract. Anything else returns an explicit error.
Either way, normalize scheme casing before the switch.
Acceptance criteria
- Table-driven test covers
npipe://, ssh://, fd://, tcp+tls://, HTTP://, and one bogus scheme, asserting either: (a) explicit error at construction, or (b) documented working behavior.
- README / docs section listing the supported
DOCKER_HOST schemes.
Related
- TLS-config-clobber: #607
- This issue also folds in the request to add
ClientConfig.CertPath / TLSVerify / APIVersion fields surfaced during the same audit — together they would close the env-var-fragmentation gap.
Severity
Medium — operators using non-standard Docker hosts (SSH, systemd socket, TLS proxy) hit silent failures with no helpful diagnostics. Not a regression; latent since the adapter landed in v0.12.0.
Surfaced during the audit of #605 / #606.
Symptom
core/adapters/docker/client.go::createHTTPClientswitches on the URL scheme to select a transport dialer:Schemes that fall into
defaultand silently produce a broken or surprising transport:npipe://ssh://fd://tcp+tls://HTTP://,UNIX://(uppercase)strings.HasPrefixis case-sensitive — falls intodefault.Suggested fix
Two options, in order of preference:
client.ParseHostURL, reject unsupported schemes with a clear error and a list of supported values. Operator gets an actionable failure at startup instead of an opaque dial error later.Either way, normalize scheme casing before the switch.
Acceptance criteria
npipe://,ssh://,fd://,tcp+tls://,HTTP://, and one bogus scheme, asserting either: (a) explicit error at construction, or (b) documented working behavior.DOCKER_HOSTschemes.Related
ClientConfig.CertPath/TLSVerify/APIVersionfields surfaced during the same audit — together they would close the env-var-fragmentation gap.Severity
Medium — operators using non-standard Docker hosts (SSH, systemd socket, TLS proxy) hit silent failures with no helpful diagnostics. Not a regression; latent since the adapter landed in v0.12.0.