DockerCLI/cli/command/registry/logout.go

package registry

import (
	"context"
	"fmt"

	"github.com/docker/cli/cli"
	"github.com/docker/cli/cli/command"
	"github.com/docker/cli/cli/config/credentials"
	"github.com/docker/cli/cli/internal/oauth/manager"
	"github.com/docker/docker/registry"
	"github.com/spf13/cobra"
)

// NewLogoutCommand creates a new `docker logout` command
func NewLogoutCommand(dockerCli command.Cli) *cobra.Command {
	cmd := &cobra.Command{
		Use:   "logout [SERVER]",
		Short: "Log out from a registry",
		Long:  "Log out from a registry.\nIf no server is specified, the default is defined by the daemon.",
		Args:  cli.RequiresMaxArgs(1),
		RunE: func(cmd *cobra.Command, args []string) error {
			var serverAddress string
			if len(args) > 0 {
				serverAddress = args[0]
			}
			return runLogout(cmd.Context(), dockerCli, serverAddress)
		},
		Annotations: map[string]string{
			"category-top": "9",
		},
		// TODO (thaJeztah) add completion for registries we have authentication stored for
	}

	return cmd
}

func runLogout(ctx context.Context, dockerCli command.Cli, serverAddress string) error {
	var isDefaultRegistry bool

	if serverAddress == "" {
		serverAddress = registry.IndexServer
		isDefaultRegistry = true
	}

	var (
		regsToLogout    = []string{serverAddress}
		hostnameAddress = serverAddress
	)
	if !isDefaultRegistry {
		hostnameAddress = credentials.ConvertToHostname(serverAddress)
		// the tries below are kept for backward compatibility where a user could have
		// saved the registry in one of the following format.
		regsToLogout = append(regsToLogout, hostnameAddress, "http://"+hostnameAddress, "https://"+hostnameAddress)
	}

	if isDefaultRegistry {
		store := dockerCli.ConfigFile().GetCredentialsStore(registry.IndexServer)
		if err := manager.NewManager(store).Logout(ctx); err != nil {
			fmt.Fprintf(dockerCli.Err(), "WARNING: %v\n", err)
		}
	}

	fmt.Fprintf(dockerCli.Out(), "Removing login credentials for %s\n", hostnameAddress)
	errs := make(map[string]error)
	for _, r := range regsToLogout {
		if err := dockerCli.ConfigFile().GetCredentialsStore(r).Erase(r); err != nil {
			errs[r] = err
		}
	}

	// if at least one removal succeeded, report success. Otherwise report errors
	if len(errs) == len(regsToLogout) {
		fmt.Fprintln(dockerCli.Err(), "WARNING: could not erase credentials:")
		for k, v := range errs {
			fmt.Fprintf(dockerCli.Err(), "%s: %s\n", k, v)
		}
	}

	return nil
}
Move api/client -> cli/command Using gomvpkg -from github.com/docker/docker/api/client -to github.com/docker/docker/cli/command -vcs_mv_cmd 'git mv {{.Src}} {{.Dst}}' Signed-off-by: Daniel Nephin <dnephin@docker.com> 2016-09-08 13:11:39 -04:00			`package registry`

			`import (`
Plumb contexts through commands This is to prepare for otel support. Signed-off-by: Brian Goff <cpuguy83@gmail.com> Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2023-09-09 18:27:44 -04:00			`"context"`
Move api/client -> cli/command Using gomvpkg -from github.com/docker/docker/api/client -to github.com/docker/docker/cli/command -vcs_mv_cmd 'git mv {{.Src}} {{.Dst}}' Signed-off-by: Daniel Nephin <dnephin@docker.com> 2016-09-08 13:11:39 -04:00			`"fmt"`

Update imports. Signed-off-by: Daniel Nephin <dnephin@docker.com> 2017-04-17 18:07:56 -04:00			`"github.com/docker/cli/cli"`
			`"github.com/docker/cli/cli/command"`
use local ConvertToHostname() implementation Commit 27b2797f7deb3ca5b7f80371d825113deb1faca1 added a local implementation of this function, so let's use the local variant to (slightly) reduce the dependency on moby's registry package. Also made some minor cleanups. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2022-02-26 14:10:38 -05:00			`"github.com/docker/cli/cli/config/credentials"`
auth: add support for oauth device-code login This commit adds support for the oauth [device-code](https://auth0.com/docs/get-started/authentication-and-authorization-flow/device-authorization-flow) login flow when authenticating against the official registry. This is achieved by adding `cli/internal/oauth`, which contains code to manage interacting with the Docker OAuth tenant (`login.docker.com`), including launching the device-code flow, refreshing access using the refresh-token, and logging out. The `OAuthManager` introduced here is also made available through the `command.Cli` interface method `OAuthManager()`. In order to maintain compatibility with any clients manually accessing the credentials through `~/.docker/config.json` or via credential helpers, the added `OAuthManager` uses the retrieved access token to automatically generate a PAT with Hub, and store that in the credentials. Signed-off-by: Laura Brehm <laurabrehm@hey.com> 2024-07-08 08:50:12 -04:00			`"github.com/docker/cli/cli/internal/oauth/manager"`
Move api/client -> cli/command Using gomvpkg -from github.com/docker/docker/api/client -to github.com/docker/docker/cli/command -vcs_mv_cmd 'git mv {{.Src}} {{.Dst}}' Signed-off-by: Daniel Nephin <dnephin@docker.com> 2016-09-08 13:11:39 -04:00			`"github.com/docker/docker/registry"`
			`"github.com/spf13/cobra"`
			`)`

change minor mistake of spelling Signed-off-by: allencloud <allen.sun@daocloud.io> 2016-12-19 01:45:48 -05:00			// NewLogoutCommand creates a new `docker logout` command
Add interfacer linter Signed-off-by: Daniel Nephin <dnephin@docker.com> 2017-05-03 17:58:52 -04:00			`func NewLogoutCommand(dockerCli command.Cli) *cobra.Command {`
Move api/client -> cli/command Using gomvpkg -from github.com/docker/docker/api/client -to github.com/docker/docker/cli/command -vcs_mv_cmd 'git mv {{.Src}} {{.Dst}}' Signed-off-by: Daniel Nephin <dnephin@docker.com> 2016-09-08 13:11:39 -04:00			`cmd := &cobra.Command{`
			`Use: "logout [SERVER]",`
tweak description of login/logout Remove "Docker" from registry, as the registry specification is no longer docker-specific, but part of the OCI distribution spec. Also removed "Register" from one of the docs pages, as the login command hasn't supported creating a new acccount on Docker Hub for a long time. I'm wondering if we should be more explicit about what log in / out does (effectively; authenticate, and on success store the credentials or token, and on log out; remove credentials/token). Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2022-04-01 09:32:55 -04:00			`Short: "Log out from a registry",`
			`Long: "Log out from a registry.\nIf no server is specified, the default is defined by the daemon.",`
Move api/client -> cli/command Using gomvpkg -from github.com/docker/docker/api/client -to github.com/docker/docker/cli/command -vcs_mv_cmd 'git mv {{.Src}} {{.Dst}}' Signed-off-by: Daniel Nephin <dnephin@docker.com> 2016-09-08 13:11:39 -04:00			`Args: cli.RequiresMaxArgs(1),`
			`RunE: func(cmd *cobra.Command, args []string) error {`
			`var serverAddress string`
			`if len(args) > 0 {`
			`serverAddress = args[0]`
			`}`
Plumb contexts through commands This is to prepare for otel support. Signed-off-by: Brian Goff <cpuguy83@gmail.com> Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2023-09-09 18:27:44 -04:00			`return runLogout(cmd.Context(), dockerCli, serverAddress)`
Move api/client -> cli/command Using gomvpkg -from github.com/docker/docker/api/client -to github.com/docker/docker/cli/command -vcs_mv_cmd 'git mv {{.Src}} {{.Dst}}' Signed-off-by: Daniel Nephin <dnephin@docker.com> 2016-09-08 13:11:39 -04:00			`},`
move commonly used top-level commands to the top of --help This adds a new annotation to commands that are known to be frequently used, and allows setting a custom weight/order for these commands to influence in what order they appear in the --help output. I'm not entirely happy with the implementation (we could at least use some helpers for this, and/or make it more generic to group commands in output), but it could be a start. For now, limiting this to only be used for the top-level --help, but we can expand this to subcommands as well if we think it makes sense to highlight "common" / "commonly used" commands. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2022-03-30 03:37:08 -04:00			`Annotations: map[string]string{`
			`"category-top": "9",`
			`},`
completion v2: some small follow-ups - Prevent completion on "create" subcommands to prevent them from completing with local filenames - Add completion for "docker image save" - Add completion for "docker image tag" - Disable completion for "docker login" - Exclude "paused" containers for "docker container attach" and "docker container exec" Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2022-05-12 07:18:48 -04:00			`// TODO (thaJeztah) add completion for registries we have authentication stored for`
Move api/client -> cli/command Using gomvpkg -from github.com/docker/docker/api/client -to github.com/docker/docker/cli/command -vcs_mv_cmd 'git mv {{.Src}} {{.Dst}}' Signed-off-by: Daniel Nephin <dnephin@docker.com> 2016-09-08 13:11:39 -04:00			`}`

			`return cmd`
			`}`

auth: add support for oauth device-code login This commit adds support for the oauth [device-code](https://auth0.com/docs/get-started/authentication-and-authorization-flow/device-authorization-flow) login flow when authenticating against the official registry. This is achieved by adding `cli/internal/oauth`, which contains code to manage interacting with the Docker OAuth tenant (`login.docker.com`), including launching the device-code flow, refreshing access using the refresh-token, and logging out. The `OAuthManager` introduced here is also made available through the `command.Cli` interface method `OAuthManager()`. In order to maintain compatibility with any clients manually accessing the credentials through `~/.docker/config.json` or via credential helpers, the added `OAuthManager` uses the retrieved access token to automatically generate a PAT with Hub, and store that in the credentials. Signed-off-by: Laura Brehm <laurabrehm@hey.com> 2024-07-08 08:50:12 -04:00			`func runLogout(ctx context.Context, dockerCli command.Cli, serverAddress string) error {`
Move api/client -> cli/command Using gomvpkg -from github.com/docker/docker/api/client -to github.com/docker/docker/cli/command -vcs_mv_cmd 'git mv {{.Src}} {{.Dst}}' Signed-off-by: Daniel Nephin <dnephin@docker.com> 2016-09-08 13:11:39 -04:00			`var isDefaultRegistry bool`

			`if serverAddress == "" {`
registry: don't call "/info" API endpoint to get default registry The CLI currenly calls the `/info` endpoint to get the address of the default registry to use. This functionality was added as part of the initial Windows implementation of the engine. For legal reasons, Microsoft Windows (and thus Docker images based on Windows) were not allowed to be distributed through non-Microsoft infrastructure. As a temporary solution, a dedicated "registry-win-tp3.docker.io" registry was created to serve Windows images. As a result, the default registry was no longer "fixed", so a helper function (`ElectAuthServer`) was added to allow the CLI to get the correct registry address from the daemon. (docker/docker PR's/issues 18019, 19891, 19973) Using separate registries was not an ideal solution, and a more permanent solution was created by introducing "foreign image layers" in the distribution spec, after which the "registry-win-tp3.docker.io" ceased to exist, and removed from the engine through docker/docker PR 21100. However, the `ElectAuthServer` was left in place, quoting from that PR; > make the client check which default registry the daemon uses is still > more correct than leaving it up to the client, even if it won't technically > matter after this PR. There may be some backward compatibility scenarios > where `ElectAuthServer` [sic] is still helpful. That comment was 5 years ago, and given that the engine and cli are released in tandem, and the default registry is not configurable, we can save the extra roundtrip to the daemon by using a fixed value. This patch deprecates the `ElectAuthServer` function, and makes it return the default registry without calling (potentially expensie) `/info` API endpoint. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2020-10-28 20:00:50 -04:00			`serverAddress = registry.IndexServer`
Move api/client -> cli/command Using gomvpkg -from github.com/docker/docker/api/client -to github.com/docker/docker/cli/command -vcs_mv_cmd 'git mv {{.Src}} {{.Dst}}' Signed-off-by: Daniel Nephin <dnephin@docker.com> 2016-09-08 13:11:39 -04:00			`isDefaultRegistry = true`
			`}`

			`var (`
Don't filter out registries to logout from with config file contents Previously, if a registry AuthInfo was not present in the CLI config file, docker logout could not be used to ask the credential helper to forget about it. It causes problem for people working with multiple alternative config files, and it causes problems for cases like Docker Desktop w/ WSL 2, as it uses the same win32 credential helper as the Windows CLI, but a different config file, leading to bugs where I cannot logout from a registry from wsl2 if I logged in from Windows and vice-versa. Signed-off-by: Simon Ferquel <simon.ferquel@docker.com> 2020-06-15 08:01:17 -04:00			`regsToLogout = []string{serverAddress}`
Move api/client -> cli/command Using gomvpkg -from github.com/docker/docker/api/client -to github.com/docker/docker/cli/command -vcs_mv_cmd 'git mv {{.Src}} {{.Dst}}' Signed-off-by: Daniel Nephin <dnephin@docker.com> 2016-09-08 13:11:39 -04:00			`hostnameAddress = serverAddress`
			`)`
			`if !isDefaultRegistry {`
use local ConvertToHostname() implementation Commit 27b2797f7deb3ca5b7f80371d825113deb1faca1 added a local implementation of this function, so let's use the local variant to (slightly) reduce the dependency on moby's registry package. Also made some minor cleanups. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2022-02-26 14:10:38 -05:00			`hostnameAddress = credentials.ConvertToHostname(serverAddress)`
Fix bunch of typos Signed-off-by: Qiang Huang <h.huangqiang@huawei.com> 2016-10-29 03:03:26 -04:00			`// the tries below are kept for backward compatibility where a user could have`
Move api/client -> cli/command Using gomvpkg -from github.com/docker/docker/api/client -to github.com/docker/docker/cli/command -vcs_mv_cmd 'git mv {{.Src}} {{.Dst}}' Signed-off-by: Daniel Nephin <dnephin@docker.com> 2016-09-08 13:11:39 -04:00			`// saved the registry in one of the following format.`
Don't filter out registries to logout from with config file contents Previously, if a registry AuthInfo was not present in the CLI config file, docker logout could not be used to ask the credential helper to forget about it. It causes problem for people working with multiple alternative config files, and it causes problems for cases like Docker Desktop w/ WSL 2, as it uses the same win32 credential helper as the Windows CLI, but a different config file, leading to bugs where I cannot logout from a registry from wsl2 if I logged in from Windows and vice-versa. Signed-off-by: Simon Ferquel <simon.ferquel@docker.com> 2020-06-15 08:01:17 -04:00			`regsToLogout = append(regsToLogout, hostnameAddress, "http://"+hostnameAddress, "https://"+hostnameAddress)`
Move api/client -> cli/command Using gomvpkg -from github.com/docker/docker/api/client -to github.com/docker/docker/cli/command -vcs_mv_cmd 'git mv {{.Src}} {{.Dst}}' Signed-off-by: Daniel Nephin <dnephin@docker.com> 2016-09-08 13:11:39 -04:00			`}`

auth: add support for oauth device-code login This commit adds support for the oauth [device-code](https://auth0.com/docs/get-started/authentication-and-authorization-flow/device-authorization-flow) login flow when authenticating against the official registry. This is achieved by adding `cli/internal/oauth`, which contains code to manage interacting with the Docker OAuth tenant (`login.docker.com`), including launching the device-code flow, refreshing access using the refresh-token, and logging out. The `OAuthManager` introduced here is also made available through the `command.Cli` interface method `OAuthManager()`. In order to maintain compatibility with any clients manually accessing the credentials through `~/.docker/config.json` or via credential helpers, the added `OAuthManager` uses the retrieved access token to automatically generate a PAT with Hub, and store that in the credentials. Signed-off-by: Laura Brehm <laurabrehm@hey.com> 2024-07-08 08:50:12 -04:00			`if isDefaultRegistry {`
			`store := dockerCli.ConfigFile().GetCredentialsStore(registry.IndexServer)`
			`if err := manager.NewManager(store).Logout(ctx); err != nil {`
			`fmt.Fprintf(dockerCli.Err(), "WARNING: %v\n", err)`
			`}`
			`}`

Move api/client -> cli/command Using gomvpkg -from github.com/docker/docker/api/client -to github.com/docker/docker/cli/command -vcs_mv_cmd 'git mv {{.Src}} {{.Dst}}' Signed-off-by: Daniel Nephin <dnephin@docker.com> 2016-09-08 13:11:39 -04:00			`fmt.Fprintf(dockerCli.Out(), "Removing login credentials for %s\n", hostnameAddress)`
Don't filter out registries to logout from with config file contents Previously, if a registry AuthInfo was not present in the CLI config file, docker logout could not be used to ask the credential helper to forget about it. It causes problem for people working with multiple alternative config files, and it causes problems for cases like Docker Desktop w/ WSL 2, as it uses the same win32 credential helper as the Windows CLI, but a different config file, leading to bugs where I cannot logout from a registry from wsl2 if I logged in from Windows and vice-versa. Signed-off-by: Simon Ferquel <simon.ferquel@docker.com> 2020-06-15 08:01:17 -04:00			`errs := make(map[string]error)`
Move api/client -> cli/command Using gomvpkg -from github.com/docker/docker/api/client -to github.com/docker/docker/cli/command -vcs_mv_cmd 'git mv {{.Src}} {{.Dst}}' Signed-off-by: Daniel Nephin <dnephin@docker.com> 2016-09-08 13:11:39 -04:00			`for _, r := range regsToLogout {`
Move credential getting functions to the ConfigFile. Signed-off-by: Daniel Nephin <dnephin@docker.com> 2017-06-21 17:20:49 -04:00			`if err := dockerCli.ConfigFile().GetCredentialsStore(r).Erase(r); err != nil {`
Don't filter out registries to logout from with config file contents Previously, if a registry AuthInfo was not present in the CLI config file, docker logout could not be used to ask the credential helper to forget about it. It causes problem for people working with multiple alternative config files, and it causes problems for cases like Docker Desktop w/ WSL 2, as it uses the same win32 credential helper as the Windows CLI, but a different config file, leading to bugs where I cannot logout from a registry from wsl2 if I logged in from Windows and vice-versa. Signed-off-by: Simon Ferquel <simon.ferquel@docker.com> 2020-06-15 08:01:17 -04:00			`errs[r] = err`
			`}`
			`}`

			`// if at least one removal succeeded, report success. Otherwise report errors`
			`if len(errs) == len(regsToLogout) {`
			`fmt.Fprintln(dockerCli.Err(), "WARNING: could not erase credentials:")`
			`for k, v := range errs {`
			`fmt.Fprintf(dockerCli.Err(), "%s: %s\n", k, v)`
Move api/client -> cli/command Using gomvpkg -from github.com/docker/docker/api/client -to github.com/docker/docker/cli/command -vcs_mv_cmd 'git mv {{.Src}} {{.Dst}}' Signed-off-by: Daniel Nephin <dnephin@docker.com> 2016-09-08 13:11:39 -04:00			`}`
			`}`

			`return nil`
			`}`