DockerCLI/vendor/github.com
Laura Brehm d6ce04640f
Support plaintext credentials as multi-call binary
The Docker CLI supports storing/managing credentials without a
credential-helper, in which case credentials are fetched from/saved to
the CLI config file (`~/.docker/config.json`). This is all managed
entirely by the CLI itself, without resort to a separate binary.

There are a few issues with this approach – for one, saving the
credentials together with all the configurations make it impossible to
share one without the other, so one can't for example bind mount the
config file into a container without also including all configured
credentials.

Another issue is that this has made it so that any other clients
accessing registry credentials (such as
https://github.com/google/go-containerregistry) all have to both:
- read/parse the CLI `config.json`, to check for credentials there,
  which also means they're dependent on this type and might break if the
  type changes/we need to be careful not to break other codebases parsing
  this file, and can't change the location where plaintext credentials
  are stored.
- support the credential helper protocol, so that they can access
  credentials when users do have configured credential helpers.

This means that if we want to do something like support oauth
credentials by having credential-helpers refresh oauth tokens before
returning them, we have to both implement that in each credential-helper
and in the CLI itself, and any client directly reading `config.json`
will also need to implement this logic.

This commit turns the Docker CLI binary into a multicall binary, acting
as a standalone credentials helper when invoked as
`docker-credential-file`, while still storing/fetching credentials from
the configuration file (`~/.docker/config.json`), and without any
further changes.

This represents a first step into aligning the "no credhelper"/plaintext
flow with the "credhelper" flow, meaning that instead of this being an
exception where credentials must be read directly from the config file,
credentials can now be accessed in the exact same way as with other
credential helpers – by invoking `docker-credential-[credhelper name]`,
such as `docker-credential-pass`, `docker-credential-osxkeychain` or
`docker-credential-wincred`.

This would also make it possible for any other clients accessing
credentials to untangle themselves from things like the location of the
credentials, parsing credentials from `config.json`, etc. and instead
simply support the credential-helper protocol, and call the
`docker-credential-file` binary as they do others.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-10-15 15:19:01 +01:00
..
Azure/go-ansiterm vendor dependencies with go1.17 2022-03-26 19:48:14 +01:00
Microsoft/go-winio vendor: github.com/containerd/platforms v0.2.1 2024-06-12 00:57:47 +02:00
beorn7/perks vendor with go mod 2021-12-16 21:16:01 +01:00
cenkalti/backoff/v4 cli: add otel sdk tracing and metric providers to the core cli 2024-03-25 11:11:34 -05:00
cespare/xxhash/v2 vendor: github.com/cespare/xxhash/v2 v2.3.0 2024-10-12 21:48:45 +02:00
containerd vendor: docker/docker 2b1097f08088 (removes containerd dependency) 2024-07-25 14:57:30 +02:00
creack/pty vendor: github.com/creack/pty v1.1.21 2024-01-08 10:22:09 +01:00
distribution/reference vendor: github.com/distribution/reference v0.6.0 2024-06-08 23:20:52 +02:00
docker Support plaintext credentials as multi-call binary 2024-10-15 15:19:01 +01:00
felixge/httpsnoop vendor: github.com/felixge/httpsnoop v1.0.4 2023-12-12 16:22:47 +01:00
fvbommel/sortorder vendor: github.com/fvbommel/sortorder v1.1.0 2024-07-01 13:10:44 +02:00
go-jose/go-jose/v3 auth: add support for oauth device-code login 2024-08-14 19:48:04 +01:00
go-logr cli: add otel sdk tracing and metric providers to the core cli 2024-03-25 11:11:34 -05:00
go-viper/mapstructure/v2 vendor: migrate to github.com/go-viper/mapstructure/v2 v2.0.0 2024-06-06 00:05:45 +02:00
gogo/protobuf Set buildx as default builder 2022-02-03 10:38:05 +01:00
golang/protobuf vendor: google.golang.org/grpc v1.62.0 2024-09-12 18:38:40 +02:00
google vendor: github.com/google/go-cmp v0.6.0 2024-01-08 10:25:45 +01:00
gorilla/mux vendor: github.com/gorilla/mux v1.8.1 2023-12-01 16:12:20 +01:00
grpc-ecosystem/grpc-gateway/v2 cli: add otel sdk tracing and metric providers to the core cli 2024-03-25 11:11:34 -05:00
inconshreveable/mousetrap vendor: github.com/inconshreveable/mousetrap v1.1.0 2022-12-27 13:45:16 +01:00
klauspost/compress vendor: github.com/klauspost/compress v1.17.9 2024-07-04 09:32:06 +02:00
mattn/go-runewidth vendor: github.com/mattn/go-runewidth v0.0.14 2023-05-05 02:37:12 +02:00
matttproud/golang_protobuf_extensions vendor with go mod 2021-12-16 21:16:01 +01:00
miekg/pkcs11 vendor: github.com/miekg/pkcs11 v1.1.1 2022-04-30 12:01:33 +02:00
moby cli/container: use github.com/moby/sys/capability for completions 2024-10-01 14:01:02 +02:00
morikuni/aec vendor with go mod 2021-12-16 21:16:01 +01:00
opencontainers vendor: github.com/opencontainers/image-spec v1.1.0 2024-05-31 16:10:21 +02:00
pkg auth: add support for oauth device-code login 2024-08-14 19:48:04 +01:00
prometheus vendor: github.com/prometheus/procfs v0.15.1 2024-07-16 18:46:30 +02:00
rivo/uniseg use our own version of text/tabwriter 2022-04-25 15:01:41 +02:00
sirupsen/logrus vendor: github.com/sirupsen/logrus v1.9.3 2023-06-12 11:21:25 +02:00
spf13 vendor: github.com/spf13/cobra v1.8.1 2024-06-18 21:52:58 +02:00
theupdateframework/notary vendor dependencies with go1.17 2022-03-26 19:48:14 +01:00
tonistiigi/go-rosetta vendor dependencies with go1.17 2022-03-26 19:48:14 +01:00
xeipuuv vendor dependencies with go1.17 2022-03-26 19:48:14 +01:00