diff options
author | Valentin Rothberg <rothberg@redhat.com> | 2019-01-07 11:10:51 +0100 |
---|---|---|
committer | Valentin Rothberg <rothberg@redhat.com> | 2019-01-07 12:07:31 +0100 |
commit | 2c75cd92aa5b5aa4cefe078177eb969dcbb10e31 (patch) | |
tree | 3b71288122c4af6ad0d0a42bae1a35265a0b7ec9 | |
parent | 1e4db4b0b8504e93e826d02b6c03cf78f41dcf7a (diff) | |
download | podman-2c75cd92aa5b5aa4cefe078177eb969dcbb10e31.tar.gz podman-2c75cd92aa5b5aa4cefe078177eb969dcbb10e31.tar.bz2 podman-2c75cd92aa5b5aa4cefe078177eb969dcbb10e31.zip |
podman-login: adhere to user input
* Do not try to login with existing credentials when the user specifies a
username or password on the CLI.
* Improve error messages.
* Use specified tls-verify switch and cert-dir for all requests.
Fixes: #2092
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
-rw-r--r-- | cmd/podman/login.go | 42 |
1 files changed, 19 insertions, 23 deletions
diff --git a/cmd/podman/login.go b/cmd/podman/login.go index 4452651f8..fc7b39ed8 100644 --- a/cmd/podman/login.go +++ b/cmd/podman/login.go @@ -62,12 +62,18 @@ func loginCmd(c *cli.Context) error { return errors.Errorf("too many arguments, login takes only 1 argument") } if len(args) == 0 { - return errors.Errorf("registry must be given") + return errors.Errorf("please specify a registry to login to") } server := registryFromFullName(scrubServer(args[0])) authfile := getAuthFile(c.String("authfile")) sc := common.GetSystemContext("", authfile, false) + if c.IsSet("tls-verify") { + sc.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!c.BoolT("tls-verify")) + } + if c.String("cert-dir") != "" { + sc.DockerCertPath = c.String("cert-dir") + } if c.IsSet("get-login") { user, err := config.GetUserLoggedIn(sc, server) @@ -87,39 +93,25 @@ func loginCmd(c *cli.Context) error { // username of user logged in to server (if one exists) userFromAuthFile, passFromAuthFile, err := config.GetAuthentication(sc, server) if err != nil { - return errors.Wrapf(err, "error getting logged-in user") + return errors.Wrapf(err, "error reading auth file") } ctx := getContext() - - var ( - username string - password string - ) - - if userFromAuthFile != "" { - username = userFromAuthFile - password = passFromAuthFile + // If no username and no password is specified, try to use existing ones. + if c.String("username") == "" && c.String("password") == "" { fmt.Println("Authenticating with existing credentials...") - if err := docker.CheckAuth(ctx, sc, username, password, server); err == nil { + if err := docker.CheckAuth(ctx, sc, userFromAuthFile, passFromAuthFile, server); err == nil { fmt.Println("Existing credentials are valid. Already logged in to", server) return nil } fmt.Println("Existing credentials are invalid, please enter valid username and password") } - username, password, err = getUserAndPass(c.String("username"), c.String("password"), userFromAuthFile) + username, password, err := getUserAndPass(c.String("username"), c.String("password"), userFromAuthFile) if err != nil { return errors.Wrapf(err, "error getting username and password") } - if c.IsSet("tls-verify") { - sc.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!c.BoolT("tls-verify")) - } - if c.String("cert-dir") != "" { - sc.DockerCertPath = c.String("cert-dir") - } - if err = docker.CheckAuth(ctx, sc, username, password, server); err == nil { // Write the new credentials to the authfile if err = config.SetAuthentication(sc, server, username, password); err != nil { @@ -131,14 +123,15 @@ func loginCmd(c *cli.Context) error { fmt.Println("Login Succeeded!") return nil case docker.ErrUnauthorizedForCredentials: - return errors.Errorf("error logging into %q: invalid username/password\n", server) + return errors.Errorf("error logging into %q: invalid username/password", server) default: return errors.Wrapf(err, "error authenticating creds for %q", server) } } // getUserAndPass gets the username and password from STDIN if not given -// using the -u and -p flags +// using the -u and -p flags. If the username prompt is left empty, the +// displayed userFromAuthFile will be used instead. func getUserAndPass(username, password, userFromAuthFile string) (string, string, error) { var err error reader := bufio.NewReader(os.Stdin) @@ -152,7 +145,10 @@ func getUserAndPass(username, password, userFromAuthFile string) (string, string if err != nil { return "", "", errors.Wrapf(err, "error reading username") } - // If no username provided, use userFromAuthFile instead. + // If the user just hit enter, use the displayed user from the + // the authentication file. This allows to do a lazy + // `$ podman login -p $NEW_PASSWORD` without specifying the + // user. if strings.TrimSpace(username) == "" { username = userFromAuthFile } |