summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorValentin Rothberg <rothberg@redhat.com>2019-01-07 11:10:51 +0100
committerValentin Rothberg <rothberg@redhat.com>2019-01-07 12:07:31 +0100
commit2c75cd92aa5b5aa4cefe078177eb969dcbb10e31 (patch)
tree3b71288122c4af6ad0d0a42bae1a35265a0b7ec9
parent1e4db4b0b8504e93e826d02b6c03cf78f41dcf7a (diff)
downloadpodman-2c75cd92aa5b5aa4cefe078177eb969dcbb10e31.tar.gz
podman-2c75cd92aa5b5aa4cefe078177eb969dcbb10e31.tar.bz2
podman-2c75cd92aa5b5aa4cefe078177eb969dcbb10e31.zip
podman-login: adhere to user input
* Do not try to login with existing credentials when the user specifies a username or password on the CLI. * Improve error messages. * Use specified tls-verify switch and cert-dir for all requests. Fixes: #2092 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
-rw-r--r--cmd/podman/login.go42
1 files changed, 19 insertions, 23 deletions
diff --git a/cmd/podman/login.go b/cmd/podman/login.go
index 4452651f8..fc7b39ed8 100644
--- a/cmd/podman/login.go
+++ b/cmd/podman/login.go
@@ -62,12 +62,18 @@ func loginCmd(c *cli.Context) error {
return errors.Errorf("too many arguments, login takes only 1 argument")
}
if len(args) == 0 {
- return errors.Errorf("registry must be given")
+ return errors.Errorf("please specify a registry to login to")
}
server := registryFromFullName(scrubServer(args[0]))
authfile := getAuthFile(c.String("authfile"))
sc := common.GetSystemContext("", authfile, false)
+ if c.IsSet("tls-verify") {
+ sc.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!c.BoolT("tls-verify"))
+ }
+ if c.String("cert-dir") != "" {
+ sc.DockerCertPath = c.String("cert-dir")
+ }
if c.IsSet("get-login") {
user, err := config.GetUserLoggedIn(sc, server)
@@ -87,39 +93,25 @@ func loginCmd(c *cli.Context) error {
// username of user logged in to server (if one exists)
userFromAuthFile, passFromAuthFile, err := config.GetAuthentication(sc, server)
if err != nil {
- return errors.Wrapf(err, "error getting logged-in user")
+ return errors.Wrapf(err, "error reading auth file")
}
ctx := getContext()
-
- var (
- username string
- password string
- )
-
- if userFromAuthFile != "" {
- username = userFromAuthFile
- password = passFromAuthFile
+ // If no username and no password is specified, try to use existing ones.
+ if c.String("username") == "" && c.String("password") == "" {
fmt.Println("Authenticating with existing credentials...")
- if err := docker.CheckAuth(ctx, sc, username, password, server); err == nil {
+ if err := docker.CheckAuth(ctx, sc, userFromAuthFile, passFromAuthFile, server); err == nil {
fmt.Println("Existing credentials are valid. Already logged in to", server)
return nil
}
fmt.Println("Existing credentials are invalid, please enter valid username and password")
}
- username, password, err = getUserAndPass(c.String("username"), c.String("password"), userFromAuthFile)
+ username, password, err := getUserAndPass(c.String("username"), c.String("password"), userFromAuthFile)
if err != nil {
return errors.Wrapf(err, "error getting username and password")
}
- if c.IsSet("tls-verify") {
- sc.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!c.BoolT("tls-verify"))
- }
- if c.String("cert-dir") != "" {
- sc.DockerCertPath = c.String("cert-dir")
- }
-
if err = docker.CheckAuth(ctx, sc, username, password, server); err == nil {
// Write the new credentials to the authfile
if err = config.SetAuthentication(sc, server, username, password); err != nil {
@@ -131,14 +123,15 @@ func loginCmd(c *cli.Context) error {
fmt.Println("Login Succeeded!")
return nil
case docker.ErrUnauthorizedForCredentials:
- return errors.Errorf("error logging into %q: invalid username/password\n", server)
+ return errors.Errorf("error logging into %q: invalid username/password", server)
default:
return errors.Wrapf(err, "error authenticating creds for %q", server)
}
}
// getUserAndPass gets the username and password from STDIN if not given
-// using the -u and -p flags
+// using the -u and -p flags. If the username prompt is left empty, the
+// displayed userFromAuthFile will be used instead.
func getUserAndPass(username, password, userFromAuthFile string) (string, string, error) {
var err error
reader := bufio.NewReader(os.Stdin)
@@ -152,7 +145,10 @@ func getUserAndPass(username, password, userFromAuthFile string) (string, string
if err != nil {
return "", "", errors.Wrapf(err, "error reading username")
}
- // If no username provided, use userFromAuthFile instead.
+ // If the user just hit enter, use the displayed user from the
+ // the authentication file. This allows to do a lazy
+ // `$ podman login -p $NEW_PASSWORD` without specifying the
+ // user.
if strings.TrimSpace(username) == "" {
username = userFromAuthFile
}