mirror of https://github.com/docker/cli.git
Compare commits
1 Commits
de36109d22
...
4e75c0ad99
Author | SHA1 | Date |
---|---|---|
Sebastiaan van Stijn | 4e75c0ad99 |
|
@ -18,24 +18,20 @@ import (
|
|||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
const (
|
||||
registerSuggest = "Log in with your Docker ID or email address to push and pull images from Docker Hub. " +
|
||||
"If you don't have a Docker ID, head over to https://hub.docker.com/ to create one."
|
||||
patSuggest = "You can log in with your password or a Personal Access " +
|
||||
const patSuggest = "You can log in with your password or a Personal Access " +
|
||||
"Token (PAT). Using a limited-scope PAT grants better security and is required " +
|
||||
"for organizations using SSO. Learn more at https://docs.docker.com/go/access-tokens/"
|
||||
)
|
||||
|
||||
// RegistryAuthenticationPrivilegedFunc returns a RequestPrivilegeFunc from the specified registry index info
|
||||
// for the given command.
|
||||
func RegistryAuthenticationPrivilegedFunc(cli Cli, index *registrytypes.IndexInfo, cmdName string) registrytypes.RequestAuthConfig {
|
||||
return func(ctx context.Context) (string, error) {
|
||||
_, _ = fmt.Fprintf(cli.Out(), "\nLogin prior to %s:\n", cmdName)
|
||||
fmt.Fprintf(cli.Out(), "\nLogin prior to %s:\n", cmdName)
|
||||
indexServer := registry.GetAuthConfigKey(index)
|
||||
isDefaultRegistry := indexServer == registry.IndexServer
|
||||
authConfig, err := GetDefaultAuthConfig(cli.ConfigFile(), true, indexServer, isDefaultRegistry)
|
||||
if err != nil {
|
||||
_, _ = fmt.Fprintf(cli.Err(), "Unable to retrieve stored credentials for %s, error: %s.\n", indexServer, err)
|
||||
fmt.Fprintf(cli.Err(), "Unable to retrieve stored credentials for %s, error: %s.\n", indexServer, err)
|
||||
}
|
||||
|
||||
select {
|
||||
|
@ -115,7 +111,7 @@ func ConfigureAuth(ctx context.Context, cli Cli, flUser, flPassword string, auth
|
|||
// If defaultUsername is not empty, the username prompt includes that username
|
||||
// and the user can hit enter without inputting a username to use that default
|
||||
// username.
|
||||
func PromptUserForCredentials(ctx context.Context, cli Cli, argUser, argPassword, defaultUsername, serverAddress string) (registrytypes.AuthConfig, error) {
|
||||
func PromptUserForCredentials(ctx context.Context, cli Cli, argUser, argPassword, defaultUsername, serverAddress string) (authConfig registrytypes.AuthConfig, err error) {
|
||||
// On Windows, force the use of the regular OS stdin stream.
|
||||
//
|
||||
// See:
|
||||
|
@ -128,71 +124,57 @@ func PromptUserForCredentials(ctx context.Context, cli Cli, argUser, argPassword
|
|||
cli.SetIn(streams.NewIn(os.Stdin))
|
||||
}
|
||||
|
||||
argUser = strings.TrimSpace(argUser)
|
||||
if argUser == "" {
|
||||
if serverAddress == registry.IndexServer {
|
||||
// When signing in to the default (Docker Hub) registry, we display
|
||||
// hints for creating an account, and (if hints are enabled), using
|
||||
// a token instead of a password.
|
||||
_, _ = fmt.Fprintln(cli.Out(), registerSuggest)
|
||||
isDefaultRegistry := serverAddress == registry.IndexServer
|
||||
defaultUsername = strings.TrimSpace(defaultUsername)
|
||||
|
||||
if argUser = strings.TrimSpace(argUser); argUser == "" {
|
||||
if isDefaultRegistry {
|
||||
// if this is a default registry (docker hub), then display the following message.
|
||||
fmt.Fprintln(cli.Out(), "Log in with your Docker ID or email address to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com/ to create one.")
|
||||
if hints.Enabled() {
|
||||
_, _ = fmt.Fprintln(cli.Out(), patSuggest)
|
||||
_, _ = fmt.Fprintln(cli.Out())
|
||||
fmt.Fprintln(cli.Out(), patSuggest)
|
||||
fmt.Fprintln(cli.Out())
|
||||
}
|
||||
}
|
||||
|
||||
var prompt string
|
||||
defaultUsername = strings.TrimSpace(defaultUsername)
|
||||
if defaultUsername == "" {
|
||||
prompt = "Username: "
|
||||
} else {
|
||||
prompt = fmt.Sprintf("Username (%s): ", defaultUsername)
|
||||
}
|
||||
|
||||
var err error
|
||||
argUser, err = PromptForInput(ctx, cli.In(), cli.Out(), prompt)
|
||||
if err != nil {
|
||||
return registrytypes.AuthConfig{}, err
|
||||
return authConfig, err
|
||||
}
|
||||
if argUser == "" {
|
||||
argUser = defaultUsername
|
||||
}
|
||||
}
|
||||
if argUser == "" {
|
||||
return registrytypes.AuthConfig{}, errors.Errorf("Error: Non-null Username Required")
|
||||
return authConfig, errors.Errorf("Error: Non-null Username Required")
|
||||
}
|
||||
}
|
||||
|
||||
argPassword = strings.TrimSpace(argPassword)
|
||||
if argPassword == "" {
|
||||
restoreInput, err := DisableInputEcho(cli.In())
|
||||
if err != nil {
|
||||
return registrytypes.AuthConfig{}, err
|
||||
return authConfig, err
|
||||
}
|
||||
defer func() {
|
||||
if err := restoreInput(); err != nil {
|
||||
// TODO(thaJeztah): we should consider printing instructions how
|
||||
// to restore this manually (other than restarting the shell).
|
||||
// e.g., 'run stty echo' when in a Linux or macOS shell, but
|
||||
// PowerShell and CMD.exe may need different instructions.
|
||||
_, _ = fmt.Fprintln(cli.Err(), "Error: failed to restore terminal state to echo input:", err)
|
||||
}
|
||||
}()
|
||||
defer restoreInput()
|
||||
|
||||
argPassword, err = PromptForInput(ctx, cli.In(), cli.Out(), "Password: ")
|
||||
if err != nil {
|
||||
return registrytypes.AuthConfig{}, err
|
||||
return authConfig, err
|
||||
}
|
||||
_, _ = fmt.Fprintln(cli.Out())
|
||||
fmt.Fprint(cli.Out(), "\n")
|
||||
if argPassword == "" {
|
||||
return registrytypes.AuthConfig{}, errors.Errorf("Error: Password Required")
|
||||
return authConfig, errors.Errorf("Error: Password Required")
|
||||
}
|
||||
}
|
||||
|
||||
return registrytypes.AuthConfig{
|
||||
Username: argUser,
|
||||
Password: argPassword,
|
||||
ServerAddress: serverAddress,
|
||||
}, nil
|
||||
authConfig.Username = argUser
|
||||
authConfig.Password = argPassword
|
||||
authConfig.ServerAddress = serverAddress
|
||||
return authConfig, nil
|
||||
}
|
||||
|
||||
// RetrieveAuthTokenFromImage retrieves an encoded auth token given a complete
|
||||
|
|
|
@ -58,9 +58,9 @@ func NewLoginCommand(dockerCli command.Cli) *cobra.Command {
|
|||
return cmd
|
||||
}
|
||||
|
||||
func verifyLoginOptions(dockerCli command.Cli, opts *loginOptions) error {
|
||||
func verifyloginOptions(dockerCli command.Cli, opts *loginOptions) error {
|
||||
if opts.password != "" {
|
||||
_, _ = fmt.Fprintln(dockerCli.Err(), "WARNING! Using --password via the CLI is insecure. Use --password-stdin.")
|
||||
fmt.Fprintln(dockerCli.Err(), "WARNING! Using --password via the CLI is insecure. Use --password-stdin.")
|
||||
if opts.passwordStdin {
|
||||
return errors.New("--password and --password-stdin are mutually exclusive")
|
||||
}
|
||||
|
@ -83,7 +83,7 @@ func verifyLoginOptions(dockerCli command.Cli, opts *loginOptions) error {
|
|||
}
|
||||
|
||||
func runLogin(ctx context.Context, dockerCli command.Cli, opts loginOptions) error {
|
||||
if err := verifyLoginOptions(dockerCli, &opts); err != nil {
|
||||
if err := verifyloginOptions(dockerCli, &opts); err != nil {
|
||||
return err
|
||||
}
|
||||
var (
|
||||
|
@ -174,7 +174,7 @@ func loginUser(ctx context.Context, dockerCli command.Cli, opts loginOptions, de
|
|||
if !errors.Is(err, manager.ErrDeviceLoginStartFail) {
|
||||
return response, err
|
||||
}
|
||||
_, _ = fmt.Fprint(dockerCli.Err(), "Failed to start web-based login - falling back to command line login...\n\n")
|
||||
fmt.Fprint(dockerCli.Err(), "Failed to start web-based login - falling back to command line login...\n\n")
|
||||
}
|
||||
|
||||
return loginWithUsernameAndPassword(ctx, dockerCli, opts, defaultUsername, serverAddress)
|
||||
|
|
|
@ -199,7 +199,7 @@ func PruneFilters(dockerCli Cli, pruneFilters filters.Args) filters.Args {
|
|||
// AddPlatformFlag adds `platform` to a set of flags for API version 1.32 and later.
|
||||
func AddPlatformFlag(flags *pflag.FlagSet, target *string) {
|
||||
flags.StringVar(target, "platform", os.Getenv("DOCKER_DEFAULT_PLATFORM"), "Set platform if server is multi-platform capable")
|
||||
_ = flags.SetAnnotation("platform", "version", []string{"1.32"})
|
||||
flags.SetAnnotation("platform", "version", []string{"1.32"})
|
||||
}
|
||||
|
||||
// ValidateOutputPath validates the output paths of the `export` and `save` commands.
|
||||
|
|
|
@ -5,9 +5,7 @@ import (
|
|||
"strconv"
|
||||
)
|
||||
|
||||
// Enabled returns whether cli hints are enabled or not. Hints are enabled by
|
||||
// default, but can be disabled through the "DOCKER_CLI_HINTS" environment
|
||||
// variable.
|
||||
// Enabled returns whether cli hints are enabled or not
|
||||
func Enabled() bool {
|
||||
if v := os.Getenv("DOCKER_CLI_HINTS"); v != "" {
|
||||
enabled, err := strconv.ParseBool(v)
|
||||
|
|
|
@ -1,52 +0,0 @@
|
|||
package hints
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"gotest.tools/v3/assert"
|
||||
)
|
||||
|
||||
func TestEnabled(t *testing.T) {
|
||||
tests := []struct {
|
||||
doc string
|
||||
env string
|
||||
expected bool
|
||||
}{
|
||||
{
|
||||
doc: "default",
|
||||
expected: true,
|
||||
},
|
||||
{
|
||||
doc: "DOCKER_CLI_HINTS=1",
|
||||
env: "1",
|
||||
expected: true,
|
||||
},
|
||||
{
|
||||
doc: "DOCKER_CLI_HINTS=true",
|
||||
env: "true",
|
||||
expected: true,
|
||||
},
|
||||
{
|
||||
doc: "DOCKER_CLI_HINTS=0",
|
||||
env: "0",
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
doc: "DOCKER_CLI_HINTS=false",
|
||||
env: "false",
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
doc: "DOCKER_CLI_HINTS=not-a-bool",
|
||||
env: "not-a-bool",
|
||||
expected: true,
|
||||
},
|
||||
}
|
||||
|
||||
for _, tc := range tests {
|
||||
t.Run(tc.doc, func(t *testing.T) {
|
||||
t.Setenv("DOCKER_CLI_HINTS", tc.env)
|
||||
assert.Equal(t, Enabled(), tc.expected)
|
||||
})
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue