Guest24897
/
DockerCLI
mirror of https://github.com/docker/cli.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

login: don't print "unencrypted" warning when failing to save credentials 

If we fail to save credentials, make sure that the error about saving
doesn't get lost in the warning about credentials being stored unencrypted.

Also discard errors about printing the warning, as those would be unlikely,
and if they would occur, probably would fail to be printed as well.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2024-07-18 18:15:12 +02:00
parent 07baebe90b
commit a78ab63801
No known key found for this signature in database
GPG Key ID: 76698F39D527CE8C
1 changed files with 10 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
cli/command/registry/login.go
View File

@ -18,6 +18,11 @@ import (
"github.com/spf13/cobra" "github.com/spf13/cobra"
) )
// unencryptedWarning warns the user when using an insecure credential storage.
// After a deprecation period, user will get prompted if stdin and stderr are a terminal.
// Otherwise, we'll assume they want it (sadly), because people may have been scripting
// insecure logins and we don't want to break them. Maybe they'll see the warning in their
// logs and fix things.
const unencryptedWarning = `WARNING! Your password will be stored unencrypted in %s. const unencryptedWarning = `WARNING! Your password will be stored unencrypted in %s.
Configure a credential helper to remove this warning. See Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credential-stores https://docs.docker.com/engine/reference/commandline/login/#credential-stores
@ -60,17 +65,6 @@ func NewLoginCommand(dockerCli command.Cli) *cobra.Command {
return cmd return cmd
} }
// displayUnencryptedWarning warns the user when using an insecure credential storage.
// After a deprecation period, user will get prompted if stdin and stderr are a terminal.
// Otherwise, we'll assume they want it (sadly), because people may have been scripting
// insecure logins and we don't want to break them. Maybe they'll see the warning in their
// logs and fix things.
func displayUnencryptedWarning(dockerCli command.Streams, filename string) error {
_, err := fmt.Fprintln(dockerCli.Err(), fmt.Sprintf(unencryptedWarning, filename))
return err
}
type isFileStore interface { type isFileStore interface {
IsFileStore() bool IsFileStore() bool
GetFilename() string GetFilename() string
@ -143,19 +137,15 @@ func runLogin(ctx context.Context, dockerCli command.Cli, opts loginOptions) err
creds := dockerCli.ConfigFile().GetCredentialsStore(serverAddress) creds := dockerCli.ConfigFile().GetCredentialsStore(serverAddress)
store, isDefault := creds.(isFileStore)
// Display a warning if we're storing the users password (not a token)
if isDefault && authConfig.Password != "" {
err = displayUnencryptedWarning(dockerCli, store.GetFilename())
if err != nil {
return err
}
}
if err := creds.Store(configtypes.AuthConfig(authConfig)); err != nil { if err := creds.Store(configtypes.AuthConfig(authConfig)); err != nil {
return errors.Errorf("Error saving credentials: %v", err) return errors.Errorf("Error saving credentials: %v", err)
} }
if store, isDefault := creds.(isFileStore); isDefault && authConfig.Password != "" {
// Display a warning if we're storing the users password (not a token)
_, _ = fmt.Fprintln(dockerCli.Err(), fmt.Sprintf(unencryptedWarning, store.GetFilename()))
}
if response.Status != "" { if response.Status != "" {
fmt.Fprintln(dockerCli.Out(), response.Status) fmt.Fprintln(dockerCli.Out(), response.Status)
} }