mirror of https://github.com/docker/cli.git
cli/config/credentials: move warning to fileStore
The fileStore itself is aware that it's insecure, so we can make it responsible for printing the warning. It's not "perfect", as we use `os.Stderr` unconditionally (not `dockerCli.Err()`), but probably won't make a difference in _most_ cases. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
parent
26b412e491
commit
ab80ea355f
|
@ -18,17 +18,6 @@ import (
|
|||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
||||
// unencryptedWarning warns the user when using an insecure credential storage.
|
||||
// After a deprecation period, user will get prompted if stdin and stderr are a terminal.
|
||||
// Otherwise, we'll assume they want it (sadly), because people may have been scripting
|
||||
// insecure logins and we don't want to break them. Maybe they'll see the warning in their
|
||||
// logs and fix things.
|
||||
const unencryptedWarning = `
|
||||
WARNING! Your credentials are stored unencrypted in '%s'.
|
||||
Configure a credential helper to remove this warning. See
|
||||
https://docs.docker.com/go/credential-store/
|
||||
`
|
||||
|
||||
type loginOptions struct {
|
||||
serverAddress string
|
||||
user string
|
||||
|
@ -66,11 +55,6 @@ func NewLoginCommand(dockerCli command.Cli) *cobra.Command {
|
|||
return cmd
|
||||
}
|
||||
|
||||
type isFileStore interface {
|
||||
IsFileStore() bool
|
||||
GetFilename() string
|
||||
}
|
||||
|
||||
func verifyloginOptions(dockerCli command.Cli, opts *loginOptions) error {
|
||||
if opts.password != "" {
|
||||
fmt.Fprintln(dockerCli.Err(), "WARNING! Using --password via the CLI is insecure. Use --password-stdin.")
|
||||
|
@ -137,16 +121,10 @@ func runLogin(ctx context.Context, dockerCli command.Cli, opts loginOptions) err
|
|||
}
|
||||
|
||||
creds := dockerCli.ConfigFile().GetCredentialsStore(serverAddress)
|
||||
|
||||
if err := creds.Store(configtypes.AuthConfig(authConfig)); err != nil {
|
||||
return errors.Errorf("Error saving credentials: %v", err)
|
||||
}
|
||||
|
||||
if store, isDefault := creds.(isFileStore); isDefault && authConfig.Password != "" {
|
||||
// Display a warning if we're storing the users password (not a token)
|
||||
_, _ = fmt.Fprintln(dockerCli.Err(), fmt.Sprintf(unencryptedWarning, store.GetFilename()))
|
||||
}
|
||||
|
||||
if response.Status != "" {
|
||||
fmt.Fprintln(dockerCli.Out(), response.Status)
|
||||
}
|
||||
|
|
|
@ -1,8 +1,10 @@
|
|||
package credentials
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net"
|
||||
"net/url"
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
"github.com/docker/cli/cli/config/types"
|
||||
|
@ -52,19 +54,33 @@ func (c *fileStore) GetAll() (map[string]types.AuthConfig, error) {
|
|||
return c.file.GetAuthConfigs(), nil
|
||||
}
|
||||
|
||||
// unencryptedWarning warns the user when using an insecure credential storage.
|
||||
// After a deprecation period, user will get prompted if stdin and stderr are a terminal.
|
||||
// Otherwise, we'll assume they want it (sadly), because people may have been scripting
|
||||
// insecure logins and we don't want to break them. Maybe they'll see the warning in their
|
||||
// logs and fix things.
|
||||
const unencryptedWarning = `
|
||||
WARNING! Your credentials are stored unencrypted in '%s'.
|
||||
Configure a credential helper to remove this warning. See
|
||||
https://docs.docker.com/go/credential-store/
|
||||
`
|
||||
|
||||
// Store saves the given credentials in the file store.
|
||||
func (c *fileStore) Store(authConfig types.AuthConfig) error {
|
||||
authConfigs := c.file.GetAuthConfigs()
|
||||
authConfigs[authConfig.ServerAddress] = authConfig
|
||||
return c.file.Save()
|
||||
if err := c.file.Save(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
func (c *fileStore) GetFilename() string {
|
||||
return c.file.GetFilename()
|
||||
if authConfig.Password != "" {
|
||||
// Display a warning if we're storing the users password (not a token).
|
||||
//
|
||||
// FIXME(thaJeztah): make output configurable instead of hardcoding to os.Stderr
|
||||
_, _ = fmt.Fprintln(os.Stderr, fmt.Sprintf(unencryptedWarning, c.file.GetFilename()))
|
||||
}
|
||||
|
||||
func (c *fileStore) IsFileStore() bool {
|
||||
return true
|
||||
return nil
|
||||
}
|
||||
|
||||
// ConvertToHostname converts a registry url which has http|https prepended
|
||||
|
|
Loading…
Reference in New Issue