Commit Graph

46 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 378a3d7d36
cli/command: PromptUserForCredentials: use consts for all hints
This message resulted in code-lines that were too long; move it to a
const together with the other hint. While at it, also suppress unhandled
error, and touch-up the code-comment.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-19 13:23:29 +02:00
Sebastiaan van Stijn 3d8b49523d
cli/command: PromptUserForCredentials: print error on terminal restore fail
If restoring the terminal state fails, "echo" no longer works, which means
that anything the user types is no longer shown. The login itself may already
have succeeded, so we should not fail the command, but it's good to inform
the user that this happened, which may give them a clue why things no longer
work as they expect them to work.

With this patch:

    docker login -u yourname
    Password:
    Error: failed to restore terminal state to echo input: something bad happened

    Login Succeeded

We should consider printing instructions how  to restore this manually (other
than restarting the shell). e.g., 'run stty echo' when in a Linux or macOS shell,
but PowerShell and CMD.exe may need different instructions.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-19 12:49:44 +02:00
Sebastiaan van Stijn a21a5f4243
cli/command: PromptUserForCredentials: always trim password
we don't support empty passwords; when prompting the user for a password,
we already trim the result, but we didn't do the same for a password that's
passed through stdin or through the `-p` / `--password` flag.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-19 12:10:46 +02:00
Sebastiaan van Stijn eda78e9cdc
cli/command: PromptUserForCredentials: move trimming where it's used
- move trimming defaultUsername inside the if-branch, as it's the only
  location where the result of the trimmed username is use.
- do the reverse for trimming argUser, because the result of trimming
  argUser is used outside of the if-branch (not just for the condition).
  putting it inside the condition makes it easy to assume the result is
  only used locally.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-19 12:07:51 +02:00
Sebastiaan van Stijn 581cf36bd4
cli/command: PromptUserForCredentials: move "post" check for empty name
move the "post" check for username being empty inside the branch
that's handling the username, as it's the only branch where username
is mutated after checking if it's empty.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-19 12:06:49 +02:00
Sebastiaan van Stijn a55cfe5f82
cli/command: PromptUserForCredentials: inline isDefaultRegistry
remove isDefaultRegistry and inline it where it's used; the code-comment
already outlines what we're looking for, so the intermediate var didn't
add much currently.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-19 11:58:42 +02:00
Sebastiaan van Stijn 3a8485085d
cli/command: PromptUserForCredentials: remove named output variables
This function has multiple conditional branches, which makes it harder
to see at a glance whether authConfig may be partially populated. This
patch instead returns a fresh instance for error returns to prevent any
confusion.

It also removes the named output variables, as they're now no longer used,
and the returned types should already be descriptive enough to understand
what's returned.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-19 11:46:21 +02:00
Sebastiaan van Stijn b12ac897fb
vendor: github.com/docker/docker 164cae56ed95 (master, v-next)
full diff: 2269acc7a3...164cae56ed

Co-authored-by: Paweł Gronowski <pawel.gronowski@docker.com>
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-24 16:30:30 +02:00
Laura Brehm bbb6e7643d
login: handle non-tty scenario consistently
Running `docker login` in a non-interactive environment sometimes errors
out if no username/pwd is provided. This handling is somewhat
inconsistent – this commit addresses that.

Before:
| `--username` | `--password` | Result                                                             |
|:------------:|:------------:| ------------------------------------------------------------------ |
|            |            |                                                                  |
|            |            | `Error: Cannot perform an interactive login from a non TTY device` |
|            |            | `Error: Cannot perform an interactive login from a non TTY device` |
|            |            | hangs                                                              |

After:
| `--username` | `--password` | Result                                                             |
|:------------:|:------------:| ------------------------------------------------------------------ |
|            |            |                                                                  |
|            |            | `Error: Cannot perform an interactive login from a non TTY device` |
|            |            | `Error: Cannot perform an interactive login from a non TTY device` |
|            |            | `Error: Cannot perform an interactive login from a non TTY device` |

It's worth calling out a separate scenario – if there are previous,
valid credentials, then running `docker login` with no username or
password provided will use the previously stored credentials, and not
error out.

```console
cat ~/.docker/config.json
{
        "auths": {
                "https://index.docker.io/v1/": {
                        "auth": "xxxxxxxxxxx"
                }
        }
}
⭑ docker login 0>/dev/null
Authenticating with existing credentials...

Login Succeeded
```

This commit also applies the same non-interactive handling logic to the
new web-based login flow, which means that now, if there are no prior
credentials stored and a user runs `docker login`, instead of initiating
the new web-based login flow, an error is returned.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-09-03 14:26:11 +01:00
Laura Brehm 6e4818e7d6
Refactor `cli/command/registry`
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-08-14 19:48:05 +01:00
Alano Terblanche c15ade0c64
fix: ctx cancellation on login prompt
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
2024-07-02 12:07:16 +02:00
Sebastiaan van Stijn 8376b3e428
use local ConvertToHostname() implementation
Commit 27b2797f7d added a local implementation
of this function, so let's use the local variant to (slightly) reduce the
dependency on moby's registry package.

Also made some minor cleanups.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-06-14 00:25:21 +02:00
Grace Choi e06ef800fc
Removed all mentions of "please" from docs and messages
Signed-off-by: Grace Choi <gracechoi@utexas.edu>
Signed-off-by: Pranjal Rai <pranjalrai@utexas.edu>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-06-11 16:53:40 +02:00
Paweł Gronowski 1527d625f3
Plumb context to API callbacks
Signatures of these functions were changed in 80d92fd45007b6395dc2db5f93def3b159dacd7f

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-05-17 14:39:49 +02:00
Sebastiaan van Stijn fb2ba5d63b
migrate reference github.com/distribution/reference
The "reference" package was moved to a separate module, which was extracted
from b9b19409cf

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-05 17:53:20 +02:00
Bjorn Neergaard 3dbf1af2ea
Merge pull request #4478 from rumpl/feat-pat-suggest
login: Add message about using PATs
2023-08-16 07:23:13 -06:00
Sebastiaan van Stijn 211220cbb0
cli/command: ResolveAuthConfig, GetDefaultAuthConfig: take ConfigFile as arg
Both these functions took the whole DockerCLI as argument, but only needed
the ConfigFile. ResolveAuthConfig also had an unused context.Context as
argument.

This patch updates both functions to accept a ConfigFile, and removes the
unused context.Context.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 17:35:16 +02:00
Djordje Lukic 8d51f36ca3
login: Add message about using PATs
Signed-off-by: Djordje Lukic <djordje.lukic@docker.com>
2023-08-03 10:35:04 +02:00
Sebastiaan van Stijn ff7111ae21
cli/command: remove deprecated EncodeAuthToBase64
This function was deprecated in b87ed34351,
which is part of the v24.0 release, so we can remove it from master.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-09 22:39:22 +02:00
Sebastiaan van Stijn b87ed34351
cli/command: deprecate EncodeAuthToBase64
Deprecate this function in favor of the implementation in the API types,
considering that to be the canonical implementation.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-13 14:29:59 +02:00
Sebastiaan van Stijn 372bb56ade
cli/command: replace EncodeAuthToBase64 for registry.EncodeAuthConfig
Replace uses of this function in favor of the implementation in the
API types, so that we have a single, canonical implementation.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-12 21:17:15 +02:00
Sebastiaan van Stijn 5e76d41bf6
cli/command: ConfigureAuth: fix links to related tickets
Also adds a TODO to verify if this special handling is still needed.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-12 21:17:14 +02:00
Sebastiaan van Stijn 68d791e56d
cli/command: ConfigureAuth: trim whitespace both for username and password
changes readInput() to trim whitespace. The existing code tried to be
conservative and only trimmed whitespace for username (not for password).
Passwords with leading/trailing whitespace would be _very_ unlikely, and
trimming whitespace is generally accepted.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-12 21:17:14 +02:00
Sebastiaan van Stijn d0ec8fa5cf
cli/command: ConfigureAuth: fix terminal state not being restored on error
ConfigureAuth used the readInput() utility to read the username and password.
However, this utility did not return errors it encountered, but instead did
an os.Exit(1). A result of this was that the terminal was not restored if
an error happened. When reading the password, the terminal is configured to
disable echo (i.e. characters are not printed), and failing to restore
the previous state means that the terminal is now "non-functional".

This patch:

- changes readInput() to return errors it encounters
- uses a defer() to restore terminal state

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-12 21:17:14 +02:00
Sebastiaan van Stijn 5bd359132b
cli/command: fix documentation for ResolveAuthConfig
This function no longer uses the /info endpoint to resolve the registry
to use. The documentation for this function was still referring to
the (once used) special registry for Windows images, which is no longer
in use, so update the docs to reflect reality :)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-12 10:23:47 +02:00
Sebastiaan van Stijn 7189716d5a
replace uses of deprecated api/types.AuthConfig
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-30 19:57:16 +02:00
Sebastiaan van Stijn a3d56e7d06
cli/command: remove deprecated ElectAuthServer()
This function was deprecated in b4ca1c7368,
which is part of the v23.0 release, and is no longer used, so we can remove it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-22 14:31:03 +01:00
Sebastiaan van Stijn e3fa7280ad
cli/command: ElectAuthServer: fix deprecation comment
The comment was not formatted correctly, and because of that not picked up as
being deprecated.

updates b4ca1c7368

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-21 16:53:03 +01:00
Sebastiaan van Stijn 1da95ff6aa
format code with gofumpt
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-30 11:59:11 +02:00
Sebastiaan van Stijn b4ca1c7368
registry: don't call "/info" API endpoint to get default registry
The CLI currenly calls the `/info` endpoint to get the address
of the default registry to use.

This functionality was added as part of the initial Windows implementation
of the engine. For legal reasons, Microsoft Windows (and thus Docker images
based on Windows) were not allowed to be distributed through non-Microsoft
infrastructure. As a temporary solution, a dedicated "registry-win-tp3.docker.io"
registry was created to serve Windows images.

As a result, the default registry was no longer "fixed", so a helper function
(`ElectAuthServer`) was added to allow the CLI to get the correct registry
address from the daemon. (docker/docker PR's/issues 18019, 19891, 19973)

Using separate registries was not an ideal solution, and a more permanent
solution was created by introducing "foreign image layers" in the distribution
spec, after which the "registry-win-tp3.docker.io" ceased to exist, and
removed from the engine through docker/docker PR 21100.

However, the `ElectAuthServer` was left in place, quoting from that PR;

> make the client check which default registry the daemon uses is still
> more correct than leaving it up to the client, even if it won't technically
> matter after this PR. There may be some backward compatibility scenarios
> where `ElectAuthServer` [sic] is still helpful.

That comment was 5 years ago, and given that the engine and cli are
released in tandem, and the default registry is not configurable, we
can save the extra roundtrip to the daemon by using a fixed value.

This patch deprecates the `ElectAuthServer` function, and makes it
return the default registry without calling (potentially expensie)
`/info` API endpoint.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-15 16:30:42 +01:00
Samuel Karp 1f8cb1fbbd
registry: ensure default auth config has address
Signed-off-by: Samuel Karp <skarp@amazon.com>
(cherry picked from commit 42d1c02750)
Signed-off-by: Samuel Karp <skarp@amazon.com>
2021-10-04 11:36:13 -07:00
Sebastiaan van Stijn c2820a7e3b
Fix panic when failing to get DefaultAuthConfig
Commit f32731f902 fixed a potential panic
when an error was returned while trying to get existing credentials.

However, other code paths currently use the result of `GetDefaultAuthConfig()`
even in an error condition; this resulted in a panic, because a `nil` was
returned.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-01-07 22:11:29 +01:00
Sebastiaan van Stijn f32731f902
GetDefaultAuthConfig: fix potential panic due to unhandled error
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-29 01:42:35 +01:00
Sebastiaan van Stijn d0a80bf445
update docker, replace github.com/docker/pkg/term, github.com/docker/pkg/mount
These packages are now living in their own repository. Updating
docker/docker to replace the dependencies.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-22 17:16:13 +02:00
David Scott c9d0e47414 Simplify ElectAuthServer
Instead of using an `if else if else`, switch to a sequence of independent
`if` blocks containing a `return`.

Instead of defining a return variable and updating it in the `if` blocks
and returning at the end, make each `if` block return the desired value
independenly.

Signed-off-by: David Scott <dave.scott@docker.com>
2019-03-28 21:08:13 +00:00
David Scott a82e6868cc Use the default registry even without --debug
Previously if the Docker engine was not running the behaviour of
commands would vary depending on whether the --debug flag was provided.

For example, consider `docker logout`:

    $ docker logout
    Not logged in to

-- note the missing server URL

    $ docker --debug logout
    Warning: failed to get default registry endpoint from daemon (Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?). Using system default: https://index.docker.io/v1/
    Not logged in to https://index.docker.io/v1/

-- note the server URL is present

This patch makes only the debug printing conditional on the `--debug` flag,
not the return value.

Signed-off-by: David Scott <dave.scott@docker.com>
2019-03-28 21:04:39 +00:00
Tonis Tiigi 27b2797f7d Remove docker api dependency from cli/config
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-01-31 21:25:43 +00:00
Silvin Lubecki eb0ba4f8d5 Extract streams helpers from command package to their own package to remove a cyclic dependency from command to internal/containerizedengine
Aliasing old types
* streams.InStream -> streams.In
* streams.NewInStream -> streams.NewIn
* streams.OutStream -> streams.Out
* streams.NewOutStream -> streams.NewOut

Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2019-01-28 14:36:00 +01:00
Daniel Hiltgen fd2f1b3b66 Add engine commands built on containerd
This new collection of commands supports initializing a local
engine using containerd, updating that engine, and activating
the EE product

Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
2018-08-20 09:42:05 -07:00
Kir Kolyshkin 6f8070deb2 Switch from x/net/context to context
Since go 1.7, "context" is a standard package. Since go 1.9,
x/net/context merely provides some types aliased to those in
the standard context package.

The changes were performed by the following script:

for f in $(git ls-files \*.go | grep -v ^vendor/); do
	sed -i 's|golang.org/x/net/context|context|' $f
	goimports -w $f
	for i in 1 2; do
		awk '/^$/ {e=1; next;}
			/\t"context"$/ {e=0;}
			{if (e) {print ""; e=0}; print;}' < $f > $f.new && \
				mv $f.new $f
		goimports -w $f
	done
done

[v2: do awk/goimports fixup twice]
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2018-05-11 16:49:43 -07:00
shhsu@microsoft.com 8883cd636a Silent login: if user did not provide -u and -p flag for login command but both username and password are retrieved in cred store, docker will automatically use the credentials found in the cred store to log in
Signed-off-by: shhsu@microsoft.com <shhsu@microsoft.com>
Signed-off-by: Peter Hsu <shhsu@microsoft.com>
Signed-off-by: shhsu <shhsu@microsoft.com>
Signed-off-by: Peter Hsu <shhsu@microsoft.com>
2018-02-22 09:14:51 -08:00
Christy Perez 02719bdbb5 add manifest command
Enable inspection (aka "shallow pull") of images' manifest info, and
also the creation of manifest lists (aka "fat manifests").

The workflow for creating a manifest list will be:

`docker manifest create new-list-ref-name image-ref [image-ref...]`
`docker manifest annotate new-list-ref-name image-ref --os linux --arch
arm`
`docker manifest push new-list-ref-name`

The annotate step is optional. Most architectures are fine by default.

There is also a `manifest inspect` command to allow for a "shallow pull"
of an image's manifest: `docker manifest inspect
manifest-or-manifest_list`.

To be more in line with the existing external manifest tool, there is
also a `-v` option for inspect that will show information depending on
what the reference maps to (list or single manifest).

Signed-off-by: Christy Perez <christy@linux.vnet.ibm.com>
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-01-08 10:43:56 -06:00
Daniel Nephin a3cbc70147
Move credential getting functions to the ConfigFile.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-06-27 13:46:47 +02:00
Marcus Martins 862649707e
Handle a Docker daemon without registry info
The current implementation of the ElectAuthServer doesn't handle well when the
default Registry server is not included in the response from the daemon Info
endpoint.

That leads to the storage and usage of the credentials for the default registry
(`https://index.docker.io/v1/`) under an empty string on the client config file.

Sample config file after a login via a Docker Daemon without Registry
information:
```json
{
	"auths": {
		"": {
			"auth": "***"
		}
	}
}
```

That can lead to duplication of the password for the default registry and
authentication failures against the default registry if a pull/push is performed
without first authenticating via the misbehaving daemon.

Also, changes the output of the warning message from stdout to sdterr as
per dnephin suggestion.

Signed-off-by: Marcus Martins <marcus@docker.com>
2017-05-26 14:46:39 -07:00
Ignacio Capurro e7793092a2 Unit tests for cli/commands/image (except build and tag)
Signed-off-by: Ignacio Capurro <icapurrofagian@gmail.com>
2017-05-03 18:40:22 -07:00
Daniel Nephin 1630fc40f8 Import docker/docker/cli
Signed-off-by: Daniel Nephin <dnephin@gmail.com>
2017-04-17 17:40:59 -04:00