Merge pull request #5258 from thaJeztah/cleanup_unencrypted_warning

login: slightly cleanup warning about unencrypted store
This commit is contained in:
Sebastiaan van Stijn 2024-07-19 01:41:35 +02:00 committed by GitHub
commit 26b412e491
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 13 additions and 22 deletions

View File

@ -18,9 +18,15 @@ import (
"github.com/spf13/cobra"
)
const unencryptedWarning = `WARNING! Your password will be stored unencrypted in %s.
// unencryptedWarning warns the user when using an insecure credential storage.
// After a deprecation period, user will get prompted if stdin and stderr are a terminal.
// Otherwise, we'll assume they want it (sadly), because people may have been scripting
// insecure logins and we don't want to break them. Maybe they'll see the warning in their
// logs and fix things.
const unencryptedWarning = `
WARNING! Your credentials are stored unencrypted in '%s'.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credential-stores
https://docs.docker.com/go/credential-store/
`
type loginOptions struct {
@ -60,17 +66,6 @@ func NewLoginCommand(dockerCli command.Cli) *cobra.Command {
return cmd
}
// displayUnencryptedWarning warns the user when using an insecure credential storage.
// After a deprecation period, user will get prompted if stdin and stderr are a terminal.
// Otherwise, we'll assume they want it (sadly), because people may have been scripting
// insecure logins and we don't want to break them. Maybe they'll see the warning in their
// logs and fix things.
func displayUnencryptedWarning(dockerCli command.Streams, filename string) error {
_, err := fmt.Fprintln(dockerCli.Err(), fmt.Sprintf(unencryptedWarning, filename))
return err
}
type isFileStore interface {
IsFileStore() bool
GetFilename() string
@ -143,19 +138,15 @@ func runLogin(ctx context.Context, dockerCli command.Cli, opts loginOptions) err
creds := dockerCli.ConfigFile().GetCredentialsStore(serverAddress)
store, isDefault := creds.(isFileStore)
// Display a warning if we're storing the users password (not a token)
if isDefault && authConfig.Password != "" {
err = displayUnencryptedWarning(dockerCli, store.GetFilename())
if err != nil {
return err
}
}
if err := creds.Store(configtypes.AuthConfig(authConfig)); err != nil {
return errors.Errorf("Error saving credentials: %v", err)
}
if store, isDefault := creds.(isFileStore); isDefault && authConfig.Password != "" {
// Display a warning if we're storing the users password (not a token)
_, _ = fmt.Fprintln(dockerCli.Err(), fmt.Sprintf(unencryptedWarning, store.GetFilename()))
}
if response.Status != "" {
fmt.Fprintln(dockerCli.Out(), response.Status)
}