Commit Graph

86 Commits

Author SHA1 Message Date
Sebastiaan van Stijn f75abad8a1
Merge pull request #5401 from laurazard/login-non-tty-standardize
login: handle non-tty scenario consistently
2024-09-03 16:36:14 +02:00
Laura Brehm bbb6e7643d
login: handle non-tty scenario consistently
Running `docker login` in a non-interactive environment sometimes errors
out if no username/pwd is provided. This handling is somewhat
inconsistent – this commit addresses that.

Before:
| `--username` | `--password` | Result                                                             |
|:------------:|:------------:| ------------------------------------------------------------------ |
|            |            |                                                                  |
|            |            | `Error: Cannot perform an interactive login from a non TTY device` |
|            |            | `Error: Cannot perform an interactive login from a non TTY device` |
|            |            | hangs                                                              |

After:
| `--username` | `--password` | Result                                                             |
|:------------:|:------------:| ------------------------------------------------------------------ |
|            |            |                                                                  |
|            |            | `Error: Cannot perform an interactive login from a non TTY device` |
|            |            | `Error: Cannot perform an interactive login from a non TTY device` |
|            |            | `Error: Cannot perform an interactive login from a non TTY device` |

It's worth calling out a separate scenario – if there are previous,
valid credentials, then running `docker login` with no username or
password provided will use the previously stored credentials, and not
error out.

```console
cat ~/.docker/config.json
{
        "auths": {
                "https://index.docker.io/v1/": {
                        "auth": "xxxxxxxxxxx"
                }
        }
}
⭑ docker login 0>/dev/null
Authenticating with existing credentials...

Login Succeeded
```

This commit also applies the same non-interactive handling logic to the
new web-based login flow, which means that now, if there are no prior
credentials stored and a user runs `docker login`, instead of initiating
the new web-based login flow, an error is returned.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-09-03 14:26:11 +01:00
Sebastiaan van Stijn e3676d233e
Merge pull request #5386 from dvdksn/docker-login-docs-touchup
docs: update docker login reference
2024-09-03 12:15:08 +02:00
David Karlsson 2f206fff3c docs: update docker login reference
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-09-03 11:38:05 +02:00
Laura Brehm e532eead91
login: use normalized hostname when storing
Normalization/converting the registry address to just a hostname happens
inside of `command.GetDefaultAuthConfig`. Use this value for the rest of
the login flow/storage.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-08-30 15:43:20 +01:00
Laura Brehm dab9674db9
Revert "login: normalize `registry-1.docker.io`"
This reverts commit e6624676e0.

Since e6624676e0, during login, we started
normalizing `registry-1.docker.io` to `index.docker.io`. This means that
if a user logs in with `docker login -u [username]
registry-1.docker.io`, the user's credentials get stored in
credhelpers/config.json under `https://index.docker.io/v1/`.

However, while the registry code normalizes an image reference without
registry (`docker pull alpine:latest`) and image references explicitly for
`index.docker.io` (`docker pull index.docker.io/library/alpine:latest`)
to the official index server (`https://index.docker.io/v1/`), and
fetches credentials for that auth key, it does not normalize
`registry-1.docker.io`, which means pulling explicitly from there
(`docker pull registry-1.docker.io/alpine:latest`) will not use
credentials stored under `https://index.docker.io/v1/`.

As such, until changes are made to the registry/pull/push code to
normalize `registry-1.docker.io` to `https://index.docker.io/v1/`, we
should not normalize this during login.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-08-29 12:16:05 +01:00
Laura Brehm 846ecf59ff
login: add oauth escape hatch
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-08-20 11:16:55 +01:00
Laura Brehm c3fe7bc336
fallback to regular login if oauth login fails to start
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-08-14 19:48:09 +01:00
Laura Brehm e6624676e0
login: normalize `registry-1.docker.io`
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-08-14 19:48:07 +01:00
Laura Brehm 6e4818e7d6
Refactor `cli/command/registry`
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-08-14 19:48:05 +01:00
Laura Brehm fcfdd7b91f
auth: add support for oauth device-code login
This commit adds support for the oauth [device-code](https://auth0.com/docs/get-started/authentication-and-authorization-flow/device-authorization-flow)
login flow when authenticating against the official registry.

This is achieved by adding `cli/internal/oauth`, which contains code to manage
interacting with the Docker OAuth tenant (`login.docker.com`), including launching
the device-code flow, refreshing access using the refresh-token, and logging out.

The `OAuthManager` introduced here is also made available through the `command.Cli`
interface method `OAuthManager()`.

In order to maintain compatibility with any clients manually accessing
the credentials through `~/.docker/config.json` or via credential
helpers, the added `OAuthManager` uses the retrieved access token to
automatically generate a PAT with Hub, and store that in the
credentials.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-08-14 19:48:04 +01:00
Sebastiaan van Stijn ab80ea355f
cli/config/credentials: move warning to fileStore
The fileStore itself is aware that it's insecure, so we can make it
responsible for printing the warning. It's not "perfect", as we use
`os.Stderr` unconditionally (not `dockerCli.Err()`), but probably won't
make a difference in _most_ cases.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-19 01:42:01 +02:00
Sebastiaan van Stijn fcefe44bda
login: slightly cleanup warning about unencrypted store
- Add an empty line before the warning to separate it from the command's output
- Use the `/go/` redirect URL that we have available.
- Put quotes around the filename used for storage.
- Use present tense for the message, as the message is printed while saving.
- User "credentials" instead of "password" for consistency with "credentials-store"

Before:

    docker login myregistry.example.com
    Username: thajeztah
    Password:
    WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
    Configure a credential helper to remove this warning. See
    https://docs.docker.com/engine/reference/commandline/login/#credential-stores

    Login Succeeded

After:

    docker login myregistry.example.com
    Username: thajeztah
    Password:

    WARNING! Your credentials are stored unencrypted in '/root/.docker/config.json'.
    Configure a credential helper to remove this warning. See
    https://docs.docker.com/go/credential-store/

    Login Succeeded

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-18 18:22:13 +02:00
Sebastiaan van Stijn a78ab63801
login: don't print "unencrypted" warning when failing to save credentials
If we fail to save credentials, make sure that the error about saving
doesn't get lost in the warning about credentials being stored unencrypted.

Also discard errors about printing the warning, as those would be unlikely,
and if they would occur, probably would fail to be printed as well.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-18 18:15:12 +02:00
Alano Terblanche c15ade0c64
fix: ctx cancellation on login prompt
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
2024-07-02 12:07:16 +02:00
Paweł Gronowski d8cdcaee23
Merge pull request #3599 from thaJeztah/use_local_ConvertToHostname
use local ConvertToHostname() implementation
2024-06-20 16:29:30 +02:00
Paweł Gronowski d1cb7d41c2
cli/command: Don't copy fakeClient
The embedded `client.Client` has mutexes and it shouldn't be copied.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-06-20 14:59:38 +02:00
Sebastiaan van Stijn 8376b3e428
use local ConvertToHostname() implementation
Commit 27b2797f7d added a local implementation
of this function, so let's use the local variant to (slightly) reduce the
dependency on moby's registry package.

Also made some minor cleanups.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-06-14 00:25:21 +02:00
Sebastiaan van Stijn 8c6e43fd07
Merge pull request #5143 from vvoland/cli-err-wrapstream
cli: Wrap Err stream
2024-06-12 02:24:48 +02:00
Marius Meschter 6e7266a72a
cli/command/registry: fix link to credential stores
Signed-off-by: Marius Meschter <marius@meschter.me>
2024-06-11 18:31:25 +02:00
Paweł Gronowski 6b93cf221a
cli: Wrap Err stream
This wraps the cli stderr stream the same way as stdin and stdout, which
extends the stream with TTY-related methods.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-06-11 17:59:48 +02:00
Sebastiaan van Stijn dfec976e84
linting: fmt.Errorf can be replaced with errors.New (perfsprint)
internal/test/cli.go:175:14: fmt.Errorf can be replaced with errors.New (perfsprint)
        return nil, fmt.Errorf("no notary client available unless defined")
                    ^
    cli/command/cli.go:318:29: fmt.Errorf can be replaced with errors.New (perfsprint)
            return docker.Endpoint{}, fmt.Errorf("no context store initialized")
                                      ^
    cli/command/container/attach.go:161:11: fmt.Errorf can be replaced with errors.New (perfsprint)
                return fmt.Errorf(result.Error.Message)
                       ^
    cli/command/container/opts.go:577:16: fmt.Errorf can be replaced with errors.New (perfsprint)
                return nil, fmt.Errorf("--health-start-period cannot be negative")
                            ^
    cli/command/container/opts.go:580:16: fmt.Errorf can be replaced with errors.New (perfsprint)
                return nil, fmt.Errorf("--health-start-interval cannot be negative")
                            ^
    cli/command/container/stats.go:221:11: fmt.Errorf can be replaced with errors.New (perfsprint)
                return fmt.Errorf("filtering is not supported when specifying a list of containers")
                       ^
    cli/command/container/attach_test.go:82:17: fmt.Errorf can be replaced with errors.New (perfsprint)
            expectedErr = fmt.Errorf("unexpected error")
                          ^
    cli/command/container/create_test.go:234:40: fmt.Errorf can be replaced with errors.New (perfsprint)
                    return container.CreateResponse{}, fmt.Errorf("shouldn't try to pull image")
                                                       ^
    cli/command/container/list_test.go:150:17: fmt.Errorf can be replaced with errors.New (perfsprint)
                    return nil, fmt.Errorf("error listing containers")
                                ^
    cli/command/container/rm_test.go:40:31: fmt.Errorf can be replaced with errors.New (perfsprint)
                            return errdefs.NotFound(fmt.Errorf("Error: no such container: " + container))
                                                    ^
    cli/command/container/run_test.go:138:40: fmt.Errorf can be replaced with errors.New (perfsprint)
                    return container.CreateResponse{}, fmt.Errorf("shouldn't try to pull image")
                                                       ^
    cli/command/image/pull_test.go:115:49: fmt.Errorf can be replaced with errors.New (perfsprint)
                    return io.NopCloser(strings.NewReader("")), fmt.Errorf("shouldn't try to pull image")
                                                                ^
    cli/command/network/connect.go:88:16: fmt.Errorf can be replaced with errors.New (perfsprint)
                return nil, fmt.Errorf("invalid key/value pair format in driver options")
                            ^
    cli/command/plugin/create_test.go:96:11: fmt.Errorf can be replaced with errors.New (perfsprint)
                return fmt.Errorf("Error creating plugin")
                       ^
    cli/command/plugin/disable_test.go:32:12: fmt.Errorf can be replaced with errors.New (perfsprint)
                    return fmt.Errorf("Error disabling plugin")
                           ^
    cli/command/plugin/enable_test.go:32:12: fmt.Errorf can be replaced with errors.New (perfsprint)
                    return fmt.Errorf("failed to enable plugin")
                           ^
    cli/command/plugin/inspect_test.go:55:22: fmt.Errorf can be replaced with errors.New (perfsprint)
                    return nil, nil, fmt.Errorf("error inspecting plugin")
                                     ^
    cli/command/plugin/install_test.go:43:17: fmt.Errorf can be replaced with errors.New (perfsprint)
                    return nil, fmt.Errorf("Error installing plugin")
                                ^
    cli/command/plugin/install_test.go:51:17: fmt.Errorf can be replaced with errors.New (perfsprint)
                    return nil, fmt.Errorf("(image) when fetching")
                                ^
    cli/command/plugin/install_test.go:95:17: fmt.Errorf can be replaced with errors.New (perfsprint)
                    return nil, fmt.Errorf("should not try to install plugin")
                                ^
    cli/command/plugin/list_test.go:35:41: fmt.Errorf can be replaced with errors.New (perfsprint)
                    return types.PluginsListResponse{}, fmt.Errorf("error listing plugins")
                                                        ^
    cli/command/plugin/remove_test.go:27:12: fmt.Errorf can be replaced with errors.New (perfsprint)
                    return fmt.Errorf("Error removing plugin")
                           ^
    cli/command/registry/login_test.go:36:46: fmt.Errorf can be replaced with errors.New (perfsprint)
            return registrytypes.AuthenticateOKBody{}, fmt.Errorf("Invalid Username or Password")
                                                       ^
    cli/command/registry/login_test.go:44:46: fmt.Errorf can be replaced with errors.New (perfsprint)
            return registrytypes.AuthenticateOKBody{}, fmt.Errorf(errUnknownUser)
                                                       ^
    cli/command/system/info.go:190:10: fmt.Errorf can be replaced with errors.New (perfsprint)
            return fmt.Errorf("errors pretty printing info")
                   ^
    cli/command/system/prune.go:77:10: fmt.Errorf can be replaced with errors.New (perfsprint)
            return fmt.Errorf(`ERROR: The "until" filter is not supported with "--volumes"`)
                   ^
    cli/command/system/version_test.go:19:28: fmt.Errorf can be replaced with errors.New (perfsprint)
                return types.Version{}, fmt.Errorf("no server")
                                        ^
    cli/command/trust/key_load.go:112:22: fmt.Errorf can be replaced with errors.New (perfsprint)
                    return []byte{}, fmt.Errorf("could not decrypt key")
                                     ^
    cli/command/trust/revoke.go:44:10: fmt.Errorf can be replaced with errors.New (perfsprint)
            return fmt.Errorf("cannot use a digest reference for IMAGE:TAG")
                   ^
    cli/command/trust/revoke.go:105:10: fmt.Errorf can be replaced with errors.New (perfsprint)
            return fmt.Errorf("no signed tags to remove")
                   ^
    cli/command/trust/signer_add.go:56:10: fmt.Errorf can be replaced with errors.New (perfsprint)
            return fmt.Errorf("releases is a reserved keyword, please use a different signer name")
                   ^
    cli/command/trust/signer_add.go:60:10: fmt.Errorf can be replaced with errors.New (perfsprint)
            return fmt.Errorf("path to a public key must be provided using the `--key` flag")
                   ^
    opts/config.go:71:10: fmt.Errorf can be replaced with errors.New (perfsprint)
            return fmt.Errorf("source is required")
                   ^
    opts/mount.go:168:10: fmt.Errorf can be replaced with errors.New (perfsprint)
            return fmt.Errorf("type is required")
                   ^
    opts/mount.go:172:10: fmt.Errorf can be replaced with errors.New (perfsprint)
            return fmt.Errorf("target is required")
                   ^
    opts/network.go:90:11: fmt.Errorf can be replaced with errors.New (perfsprint)
                return fmt.Errorf("network name/id is not specified")
                       ^
    opts/network.go:129:18: fmt.Errorf can be replaced with errors.New (perfsprint)
            return "", "", fmt.Errorf("invalid key value pair format in driver options")
                           ^
    opts/opts.go:404:13: fmt.Errorf can be replaced with errors.New (perfsprint)
            return 0, fmt.Errorf("value is too precise")
                      ^
    opts/opts.go:412:18: fmt.Errorf can be replaced with errors.New (perfsprint)
            return "", "", fmt.Errorf("empty string specified for links")
                           ^
    opts/parse.go:84:37: fmt.Errorf can be replaced with errors.New (perfsprint)
            return container.RestartPolicy{}, fmt.Errorf("invalid restart policy format: no policy provided before colon")
                                              ^
    opts/parse.go:89:38: fmt.Errorf can be replaced with errors.New (perfsprint)
                return container.RestartPolicy{}, fmt.Errorf("invalid restart policy format: maximum retry count must be an integer")
                                                  ^
    opts/port.go:105:13: fmt.Errorf can be replaced with errors.New (perfsprint)
                        return fmt.Errorf("hostip is not supported")
                               ^
    opts/secret.go:70:10: fmt.Errorf can be replaced with errors.New (perfsprint)
            return fmt.Errorf("source is required")
                   ^
    opts/env_test.go:57:11: fmt.Errorf can be replaced with errors.New (perfsprint)
                err:   fmt.Errorf("invalid environment variable: =a"),
                       ^
    opts/env_test.go:93:11: fmt.Errorf can be replaced with errors.New (perfsprint)
                err:   fmt.Errorf("invalid environment variable: ="),
                       ^
    cli-plugins/manager/error_test.go:16:11: fmt.Errorf can be replaced with errors.New (perfsprint)
        inner := fmt.Errorf("testing")
                 ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-06-10 21:19:31 +02:00
Sebastiaan van Stijn 43b840ed93
vendor: github.com/docker/docker a736d0701c41 (master, v27.0.0-dev)
full diff: 59996a493c...a736d0701c

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-06-10 17:41:09 +02:00
Sebastiaan van Stijn dfdff11a22
cli/command: don't use pflags.XXXVarP for flags without shorthand
Use the `XXXVar` equivalent for flags that don't have a shorthand flag
instead of passing an empty string for the shorthand flag.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-29 11:16:38 +01:00
Brian Goff 5400a48aaf
Plumb contexts through commands
This is to prepare for otel support.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-12 22:30:16 +01:00
Sebastiaan van Stijn 4e2477f85f
golangci-lint: enable more linters
fix some nolintlint false positives

For some reason, nolintlint doesn't consider these used, but they seem to be
legitimate cases where deprecated fields are used.

    templates/templates.go:27:29: directive `//nolint:staticcheck // strings.Title is deprecated, but we only use it for ASCII, so replacing with golang.org/x/text is out of scope` is unused for linter "staticcheck" (nolintlint)
        "title":    strings.Title, //nolint:staticcheck // strings.Title is deprecated, but we only use it for ASCII, so replacing with golang.org/x/text is out of scope
                                   ^
    cli/command/formatter/image_test.go:75:31: directive `//nolint:staticcheck // ignore SA1019: field is deprecated, but still set on API < v1.44.` is unused for linter "staticcheck" (nolintlint)
                call:     ctx.VirtualSize, //nolint:staticcheck // ignore SA1019: field is deprecated, but still set on API < v1.44.
                                           ^
    cli/command/registry/formatter_search.go💯39: directive `//nolint:staticcheck // ignore SA1019 (IsAutomated is deprecated).` is unused for linter "staticcheck" (nolintlint)
        return c.formatBool(c.s.IsAutomated) //nolint:staticcheck // ignore SA1019 (IsAutomated is deprecated).
                                             ^
    cli/command/registry/formatter_search_test.go:50:55: directive `//nolint:staticcheck // ignore SA1019 (IsAutomated is deprecated).` is unused for linter "staticcheck" (nolintlint)
                    s: registrytypes.SearchResult{IsAutomated: true}, //nolint:staticcheck // ignore SA1019 (IsAutomated is deprecated).
                                                                      ^
    cli/command/registry/formatter_search_test.go:53:31: directive `//nolint:staticcheck // ignore SA1019 (IsAutomated is deprecated).` is unused for linter "staticcheck" (nolintlint)
                call:     ctx.IsAutomated, //nolint:staticcheck // ignore SA1019 (IsAutomated is deprecated).
                                           ^
    cli/command/registry/formatter_search_test.go:59:27: directive `//nolint:staticcheck // ignore SA1019 (IsAutomated is deprecated).` is unused for linter "staticcheck" (nolintlint)
                call: ctx.IsAutomated, //nolint:staticcheck // ignore SA1019 (IsAutomated is deprecated).
                                       ^
    cli/command/registry/formatter_search_test.go:202:84: directive `//nolint:staticcheck // ignore SA1019 (IsAutomated is deprecated).` is unused for linter "staticcheck" (nolintlint)
            {Name: "result2", Description: "Not official", StarCount: 5, IsAutomated: true}, //nolint:staticcheck // ignore SA1019 (IsAutomated is deprecated).
                                                                                             ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 19:52:46 +01:00
Sebastiaan van Stijn 888df09879
linting: address assorted issues found by gocritic
internal/test/builders/config.go:36:15: captLocal: `ID' should not be capitalized (gocritic)
    func ConfigID(ID string) func(config *swarm.Config) {
                  ^
    internal/test/builders/secret.go:45:15: captLocal: `ID' should not be capitalized (gocritic)
    func SecretID(ID string) func(secret *swarm.Secret) {
                  ^
    internal/test/builders/service.go:21:16: captLocal: `ID' should not be capitalized (gocritic)
    func ServiceID(ID string) func(*swarm.Service) {
                   ^
    cli/command/image/formatter_history.go💯15: wrapperFunc: use strings.ReplaceAll method in `strings.Replace(c.h.CreatedBy, "\t", " ", -1)` (gocritic)
        createdBy := strings.Replace(c.h.CreatedBy, "\t", " ", -1)
                     ^
    e2e/image/push_test.go:246:34: badCall: suspicious Join on 1 argument (gocritic)
        assert.NilError(t, os.RemoveAll(filepath.Join(dir.Join("trust"))))
                                        ^
    e2e/image/push_test.go:313:34: badCall: suspicious Join on 1 argument (gocritic)
        assert.NilError(t, os.RemoveAll(filepath.Join(dir.Join("trust"))))
                                        ^
    cli/config/configfile/file_test.go:185:2: assignOp: replace `c.GetAllCallCount = c.GetAllCallCount + 1` with `c.GetAllCallCount++` (gocritic)
        c.GetAllCallCount = c.GetAllCallCount + 1
        ^
    cli/command/context/inspect_test.go:20:58: wrapperFunc: use strings.ReplaceAll method in `strings.Replace(si.MetadataPath, `\`, `\\`, -1)` (gocritic)
        expected = strings.Replace(expected, "<METADATA_PATH>", strings.Replace(si.MetadataPath, `\`, `\\`, -1), 1)
                                                                ^
    cli/command/context/inspect_test.go:21:53: wrapperFunc: use strings.ReplaceAll method in `strings.Replace(si.TLSPath, `\`, `\\`, -1)` (gocritic)
        expected = strings.Replace(expected, "<TLS_PATH>", strings.Replace(si.TLSPath, `\`, `\\`, -1), 1)
                                                           ^
    cli/command/container/formatter_stats.go:119:46: captLocal: `Stats' should not be capitalized (gocritic)
    func statsFormatWrite(ctx formatter.Context, Stats []StatsEntry, osType string, trunc bool) error {
                                                 ^
    cli/command/container/stats_helpers.go:209:4: assignOp: replace `blkRead = blkRead + bioEntry.Value` with `blkRead += bioEntry.Value` (gocritic)
                blkRead = blkRead + bioEntry.Value
                ^
    cli/command/container/stats_helpers.go:211:4: assignOp: replace `blkWrite = blkWrite + bioEntry.Value` with `blkWrite += bioEntry.Value` (gocritic)
                blkWrite = blkWrite + bioEntry.Value
                ^
    cli/command/registry/formatter_search.go:67:10: wrapperFunc: use strings.ReplaceAll method in `strings.Replace(c.s.Description, "\n", " ", -1)` (gocritic)
        desc := strings.Replace(c.s.Description, "\n", " ", -1)
                ^
    cli/command/registry/formatter_search.go:68:9: wrapperFunc: use strings.ReplaceAll method in `strings.Replace(desc, "\r", " ", -1)` (gocritic)
        desc = strings.Replace(desc, "\r", " ", -1)
               ^
    cli/command/service/list_test.go:164:5: assignOp: replace `tc.doc = tc.doc + " with quiet"` with `tc.doc += " with quiet"` (gocritic)
                    tc.doc = tc.doc + " with quiet"
                    ^
    cli/command/service/progress/progress.go:274:11: wrapperFunc: use strings.ReplaceAll method in `strings.Replace(errMsg, "\n", " ", -1)` (gocritic)
        errMsg = strings.Replace(errMsg, "\n", " ", -1)
                 ^
    cli/manifest/store/store.go:153:9: wrapperFunc: use strings.ReplaceAll method in `strings.Replace(fileName, "/", "_", -1)` (gocritic)
        return strings.Replace(fileName, "/", "_", -1)
               ^
    cli/manifest/store/store.go:152:14: wrapperFunc: use strings.ReplaceAll method in `strings.Replace(ref, ":", "-", -1)` (gocritic)
        fileName := strings.Replace(ref, ":", "-", -1)
                    ^
    cli/command/plugin/formatter.go:79:10: wrapperFunc: use strings.ReplaceAll method in `strings.Replace(c.p.Config.Description, "\n", "", -1)` (gocritic)
        desc := strings.Replace(c.p.Config.Description, "\n", "", -1)
                ^
    cli/command/plugin/formatter.go:80:9: wrapperFunc: use strings.ReplaceAll method in `strings.Replace(desc, "\r", "", -1)` (gocritic)
        desc = strings.Replace(desc, "\r", "", -1)
               ^
    cli/compose/convert/service.go:642:23: captLocal: `DNS' should not be capitalized (gocritic)
    func convertDNSConfig(DNS []string, DNSSearch []string) *swarm.DNSConfig {
                          ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 16:02:16 +01:00
Sebastiaan van Stijn 4fc3f0e6f6
search: deprecate "is-automated" filter and "IsAutomated" field
The IsAutomated field is being deprecated by Docker Hub's search API and
will always be "false" in future.

This patch:

- Deprecates the field and the related "is-automated" filter
- Removes the "AUTOMATED" column from the default output of "docker search"

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-09 12:11:05 +02:00
Sebastiaan van Stijn 53671c2fef
Merge pull request #4488 from thaJeztah/registry_test_cleanups
cli/command/registry: cleanup "search" and "login" tests
2023-08-09 12:04:54 +02:00
Sebastiaan van Stijn 211220cbb0
cli/command: ResolveAuthConfig, GetDefaultAuthConfig: take ConfigFile as arg
Both these functions took the whole DockerCLI as argument, but only needed
the ConfigFile. ResolveAuthConfig also had an unused context.Context as
argument.

This patch updates both functions to accept a ConfigFile, and removes the
unused context.Context.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 17:35:16 +02:00
Sebastiaan van Stijn 57f0e46de1
cli/command/registry: cleanup login tests
- use consts for fixed values, and rename some for clarity
- remove testAuthErrors map and inline the logic (same as we do for other cases)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 17:32:03 +02:00
Sebastiaan van Stijn 84c956a171
cli/command/registry: cleanup search tests
- TestSearchContext: don't use un-keyed structs
- TestSearchContext: don't use CompareMultipleValues as it was not needed
- TestSearchContextDescription: don't use un-keyed structs
- TestSearchContextDescription: don't use CompareMultipleValues as it was not needed
- TestSearchContextWrite: don't use un-keyed structs, and include the
  code-comments into the test-table as names for the tests to give them
  some context.
- TestSearchContextWriteJSON and TestSearchContextWriteJSONField were not
  validating the output format, but validating if the JSON output could
  be marshalled back to a struct. Let's just role them into TestSearchContextWrite.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 17:32:03 +02:00
Sebastiaan van Stijn 3d0b14c3e3
vendor: github.com/docker/docker 4b19b2f4babd (25.0-dev)
full diff: dab9ffb252...4b19b2f4ba

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 09:41:47 +02:00
Sebastiaan van Stijn 3469beb80d
replace uses of deprecated api/types that moved to api/types/system
These types were moved to api/types/system:

- types.Info
- types.Commit
- types.PluginsInfo
- types.NetworkAddressPool
- types.Runtime
- types.SecurityOpt
- types/KeyValue
- types.DecodeSecurityOptions()

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 01:20:49 +02:00
Sebastiaan van Stijn 372bb56ade
cli/command: replace EncodeAuthToBase64 for registry.EncodeAuthConfig
Replace uses of this function in favor of the implementation in the
API types, so that we have a single, canonical implementation.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-12 21:17:15 +02:00
Sebastiaan van Stijn 534bfc2301
cli/command/registry: remove intermediate var that collided
This also simplifies the code a bit.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-12 21:17:14 +02:00
Sebastiaan van Stijn 7189716d5a
replace uses of deprecated api/types.AuthConfig
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-30 19:57:16 +02:00
Sebastiaan van Stijn 5254081fd6
cli/command/registry: fakeClient: remove name for unused arg (revive)
cli/command/registry/login_test.go:37:26: unused-parameter: parameter 'ctx' seems to be unused, consider removing or renaming it as _ (revive)
    func (c fakeClient) Info(ctx context.Context) (types.Info, error) {
                             ^
    cli/command/registry/login_test.go:41:35: unused-parameter: parameter 'ctx' seems to be unused, consider removing or renaming it as _ (revive)
    func (c fakeClient) RegistryLogin(ctx context.Context, auth types.AuthConfig) (registrytypes.AuthenticateOKBody, error) {
                                      ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-30 17:22:08 +02:00
Sebastiaan van Stijn 1da95ff6aa
format code with gofumpt
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 11:59:11 +02:00
Sebastiaan van Stijn 82427d1a07
format (GoDoc) comments with Go 1.19 to prepare for go updates
Older versions of Go do not format these comments, so we can already
reformat them ahead of time to prevent gofmt linting failing once
we update to Go 1.19 or up.

Result of:

    gofmt -s -w $(find . -type f -name '*.go' | grep -v "/vendor/")

With some manual adjusting.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-19 19:10:16 +02:00
Sebastiaan van Stijn a4caf8e89d
remove uses of client.IsErrUnauthorized()
This function is scheduled to be deprecated, so replacing its use.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-13 10:49:00 +02:00
Sebastiaan van Stijn 66b9056500
completion v2: some small follow-ups
- Prevent completion on "create" subcommands to prevent them
  from completing with local filenames
- Add completion for "docker image save"
- Add completion for "docker image tag"
- Disable completion for "docker login"
- Exclude "paused" containers for "docker container attach" and
  "docker container exec"

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-05-12 13:25:15 +02:00
Sebastiaan van Stijn aaa912c9f7
move commonly used top-level commands to the top of --help
This adds a new annotation to commands that are known to be frequently
used, and allows setting a custom weight/order for these commands to
influence in what order they appear in the --help output.

I'm not entirely happy with the implementation (we could at least use
some helpers for this, and/or make it more generic to group commands
in output), but it could be a start.

For now, limiting this to only be used for the top-level --help, but
we can expand this to subcommands as well if we think it makes sense
to highlight "common" / "commonly used" commands.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-08 16:55:41 +02:00
Sebastiaan van Stijn bcd4101f3d
tweak description of login/logout
Remove "Docker" from registry, as the registry specification is no
longer docker-specific, but part of the OCI distribution spec.

Also removed "Register" from one of the docs pages, as the login
command hasn't supported creating a new acccount on Docker Hub for
a long time.

I'm wondering if we should be more explicit about what log in / out
does (effectively; authenticate, and on success store the credentials
or token, and on log out; remove credentials/token).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-04 10:44:11 +02:00
Sebastiaan van Stijn ccbaaf0722
search: remove client-side default for --limit
The daemon (and registry) already have a default limit. This patch
removes the default from the client side, to not duplicate setting
these defaults.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-30 10:05:43 +02:00
Sebastiaan van Stijn 2dc178c802
search: change "the Docker Hub" to just "Docker Hub"
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-30 10:05:12 +02:00
Sebastiaan van Stijn a1e67401d2
vendor: github.com/docker/docker 8941dcfcc5db4aefc351cd5b5bb4d524823035c0
- updated the default value for `--limit` on `docker search` as the const has been
  removed (added a todo to remove it)
- updated some fixtures to account for `KernelMemoryTCP` no longer being included
  in the output.

full diff: 83b51522df...8941dcfcc5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-28 17:21:59 +02:00
Sebastiaan van Stijn 4ab70bf61e
linting: fix incorrectly formatted errors (revive)
cli/compose/interpolation/interpolation.go:102:4: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
                "invalid interpolation format for %s: %#v. You may need to escape any $ with another $.",
                ^

    cli/command/stack/loader/loader.go:30:30: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
                return nil, errors.Errorf("Compose file contains unsupported options:\n\n%s\n",
                                          ^

    cli/command/formatter/formatter.go:76:30: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
            return tmpl, errors.Errorf("Template parsing error: %v\n", err)
                                       ^

    cli/command/formatter/formatter.go:97:24: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
            return errors.Errorf("Template parsing error: %v\n", err)
                                 ^

    cli/command/image/build.go:257:25: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
                return errors.Errorf("error checking context: '%s'.", err)
                                     ^

    cli/command/volume/create.go:35:27: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
                        return errors.Errorf("Conflicting options: either specify --name or provide positional arg, not both\n")
                                             ^

    cli/command/container/create.go:160:24: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
            return errors.Errorf("failed to remove the CID file '%s': %s \n", cid.path, err)
                                 ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-28 10:37:25 +02:00
Sebastiaan van Stijn b4ca1c7368
registry: don't call "/info" API endpoint to get default registry
The CLI currenly calls the `/info` endpoint to get the address
of the default registry to use.

This functionality was added as part of the initial Windows implementation
of the engine. For legal reasons, Microsoft Windows (and thus Docker images
based on Windows) were not allowed to be distributed through non-Microsoft
infrastructure. As a temporary solution, a dedicated "registry-win-tp3.docker.io"
registry was created to serve Windows images.

As a result, the default registry was no longer "fixed", so a helper function
(`ElectAuthServer`) was added to allow the CLI to get the correct registry
address from the daemon. (docker/docker PR's/issues 18019, 19891, 19973)

Using separate registries was not an ideal solution, and a more permanent
solution was created by introducing "foreign image layers" in the distribution
spec, after which the "registry-win-tp3.docker.io" ceased to exist, and
removed from the engine through docker/docker PR 21100.

However, the `ElectAuthServer` was left in place, quoting from that PR;

> make the client check which default registry the daemon uses is still
> more correct than leaving it up to the client, even if it won't technically
> matter after this PR. There may be some backward compatibility scenarios
> where `ElectAuthServer` [sic] is still helpful.

That comment was 5 years ago, and given that the engine and cli are
released in tandem, and the default registry is not configurable, we
can save the extra roundtrip to the daemon by using a fixed value.

This patch deprecates the `ElectAuthServer` function, and makes it
return the default registry without calling (potentially expensie)
`/info` API endpoint.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-15 16:30:42 +01:00
Sebastiaan van Stijn 831704e56c
search: do not sort results by stars on client side
Once upon a time, there was a website named ["The Docker index"][2]; a complimentary
service for users of Docker, provided by dotCloud. The Docker Index was the place
to find and explore pre-made container images, and allowed you to [share your
images and download them][1]. The Docker Index evolved rapidly, and gained new
features, such as [Trusted Images][3], and "stars" to rank your favorite images.

The website also provided an API, which allowed you to search images, even from
the comfort of your `docker` CLI. Things moved fast in container-land, and while
there was an API to use, it was still a work in progress. While the Docker Index
allowed users to "star" images, the search API did not rank results accordingly.

As any engineer knows, there's no problem that can't be solved with some elbow-
grease and a piece of Duct tape, so while the Docker Index team worked on making
the search API better, the `docker` engine [fixed the problem on the client side][4]

Years went by, and the Docker Index API became the "registry V1" specification,
including search. The registry got a major "v2" rewrite and became the [OCI Distribution
Spec][5], and Docker Index became Docker Hub, which included V2 and V3 search APIs.
The V1 search API continued to be supported, as it was the only documented API
for registries, but improvements were made, including ranking of search results.

Duct tape is durable, and even though improvements were made, the Docker client
continued to sort the results as well. Unfortunately, this meant that search
results on the command-line were ranked different from their equivalent on the
registry (such as Docker Hub).

This patch removes the client-side sorting of results, using the order in which
the search API returned them to (finally) celebrate the work of the engineers
working on the search API, also when used from the command-line.

[1]: https://web.archive.org/web/20130708004229/http://docker.io/
[2]: https://web.archive.org/web/20130623223614/https://index.docker.io/
[3]: https://web.archive.org/web/20140208001647/https://index.docker.io/
[4]: 1669b802cc
[5]: https://github.com/opencontainers/distribution-spec

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-15 14:20:22 +01:00