summaryrefslogtreecommitdiff
path: root/cmd/podman/login.go
diff options
context:
space:
mode:
Diffstat (limited to 'cmd/podman/login.go')
-rw-r--r--cmd/podman/login.go210
1 files changed, 0 insertions, 210 deletions
diff --git a/cmd/podman/login.go b/cmd/podman/login.go
deleted file mode 100644
index 1539e3a79..000000000
--- a/cmd/podman/login.go
+++ /dev/null
@@ -1,210 +0,0 @@
-package main
-
-import (
- "bufio"
- "fmt"
- "os"
- "strings"
-
- buildahcli "github.com/containers/buildah/pkg/cli"
- "github.com/containers/image/v5/docker"
- "github.com/containers/image/v5/pkg/docker/config"
- "github.com/containers/image/v5/types"
- "github.com/containers/libpod/cmd/podman/cliconfig"
- "github.com/containers/libpod/libpod/image"
- "github.com/containers/libpod/pkg/registries"
- "github.com/docker/docker-credential-helpers/credentials"
- "github.com/pkg/errors"
- "github.com/sirupsen/logrus"
- "github.com/spf13/cobra"
- "golang.org/x/crypto/ssh/terminal"
-)
-
-var (
- loginCommand cliconfig.LoginValues
-
- loginDescription = "Login to a container registry on a specified server."
- _loginCommand = &cobra.Command{
- Use: "login [flags] REGISTRY",
- Short: "Login to a container registry",
- Long: loginDescription,
- RunE: func(cmd *cobra.Command, args []string) error {
- loginCommand.InputArgs = args
- loginCommand.GlobalFlags = MainGlobalOpts
- loginCommand.Remote = remoteclient
- return loginCmd(&loginCommand)
- },
- Example: `podman login -u testuser -p testpassword localhost:5000
- podman login -u testuser -p testpassword localhost:5000`,
- }
-)
-
-func init() {
- if !remote {
- _loginCommand.Example = fmt.Sprintf("%s\n podman login --authfile authdir/myauths.json quay.io", _loginCommand.Example)
-
- }
- loginCommand.Command = _loginCommand
- loginCommand.SetHelpTemplate(HelpTemplate())
- loginCommand.SetUsageTemplate(UsageTemplate())
- flags := loginCommand.Flags()
-
- flags.BoolVar(&loginCommand.GetLogin, "get-login", true, "Return the current login user for the registry")
- flags.StringVarP(&loginCommand.Password, "password", "p", "", "Password for registry")
- flags.StringVarP(&loginCommand.Username, "username", "u", "", "Username for registry")
- flags.BoolVar(&loginCommand.StdinPassword, "password-stdin", false, "Take the password from stdin")
- // Disabled flags for the remote client
- if !remote {
- flags.StringVar(&loginCommand.Authfile, "authfile", buildahcli.GetDefaultAuthFile(), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
- flags.StringVar(&loginCommand.CertDir, "cert-dir", "", "Pathname of a directory containing TLS certificates and keys used to connect to the registry")
- flags.BoolVar(&loginCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
- }
-}
-
-// loginCmd uses the authentication package to store a user's authenticated credentials
-// in an auth.json file for future use
-func loginCmd(c *cliconfig.LoginValues) error {
- args := c.InputArgs
- if len(args) > 1 {
- return errors.Errorf("too many arguments, login takes only 1 argument")
- }
- var server string
- if len(args) == 0 {
- registriesFromFile, err := registries.GetRegistries()
- if err != nil || len(registriesFromFile) == 0 {
- return errors.Errorf("please specify a registry to login to")
- }
-
- server = registriesFromFile[0]
- logrus.Debugf("registry not specified, default to the first registry %q from registries.conf", server)
-
- } else {
- server = registryFromFullName(scrubServer(args[0]))
- }
-
- if c.Flag("password").Changed {
- fmt.Fprintf(os.Stderr, "WARNING! Using --password via the cli is insecure. Please consider using --password-stdin\n")
- }
-
- sc := image.GetSystemContext("", c.Authfile, false)
- if c.Flag("tls-verify").Changed {
- sc.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!c.TlsVerify)
- }
- if c.CertDir != "" {
- sc.DockerCertPath = c.CertDir
- }
-
- // username of user logged in to server (if one exists)
- authConfig, err := config.GetCredentials(sc, server)
- // Do not return error if no credentials found in credHelpers, new credentials will be stored by config.SetAuthentication
- if err != nil && err != credentials.NewErrCredentialsNotFound() {
- return errors.Wrapf(err, "error reading auth file")
- }
- if authConfig.IdentityToken != "" {
- return errors.Errorf("currently logged in, auth file contains an Identity token")
- }
- if c.Flag("get-login").Changed {
- if authConfig.Username == "" {
- return errors.Errorf("not logged into %s", server)
- }
- fmt.Printf("%s\n", authConfig.Username)
- return nil
- }
-
- ctx := getContext()
-
- password := c.Password
-
- if c.Flag("password-stdin").Changed {
- var stdinPasswordStrBuilder strings.Builder
- if c.Password != "" {
- return errors.Errorf("Can't specify both --password-stdin and --password")
- }
- if c.Username == "" {
- return errors.Errorf("Must provide --username with --password-stdin")
- }
- scanner := bufio.NewScanner(os.Stdin)
- for scanner.Scan() {
- fmt.Fprint(&stdinPasswordStrBuilder, scanner.Text())
- }
- password = stdinPasswordStrBuilder.String()
- }
-
- // If no username and no password is specified, try to use existing ones.
- if c.Username == "" && password == "" && authConfig.Username == "" && authConfig.Password != "" {
- fmt.Println("Authenticating with existing credentials...")
- if err := docker.CheckAuth(ctx, sc, authConfig.Username, authConfig.Password, server); err == nil {
- fmt.Println("Existing credentials are valid. Already logged in to", server)
- return nil
- }
- fmt.Println("Existing credentials are invalid, please enter valid username and password")
- }
-
- username, password, err := getUserAndPass(c.Username, password, authConfig.Username)
- if err != nil {
- return errors.Wrapf(err, "error getting username and password")
- }
-
- if err = docker.CheckAuth(ctx, sc, username, password, server); err == nil {
- // Write the new credentials to the authfile
- if err = config.SetAuthentication(sc, server, username, password); err != nil {
- return err
- }
- }
- if err == nil {
- fmt.Println("Login Succeeded!")
- return nil
- }
- if unauthorizedError, ok := err.(docker.ErrUnauthorizedForCredentials); ok {
- logrus.Debugf("error logging into %q: %v", server, unauthorizedError)
- return errors.Errorf("error logging into %q: invalid username/password", server)
- }
- return errors.Wrapf(err, "error authenticating creds for %q", server)
-}
-
-// getUserAndPass gets the username and password from STDIN if not given
-// using the -u and -p flags. If the username prompt is left empty, the
-// displayed userFromAuthFile will be used instead.
-func getUserAndPass(username, password, userFromAuthFile string) (string, string, error) {
- var err error
- reader := bufio.NewReader(os.Stdin)
- if username == "" {
- if userFromAuthFile != "" {
- fmt.Printf("Username (%s): ", userFromAuthFile)
- } else {
- fmt.Print("Username: ")
- }
- username, err = reader.ReadString('\n')
- if err != nil {
- return "", "", errors.Wrapf(err, "error reading username")
- }
- // If the user just hit enter, use the displayed user from the
- // the authentication file. This allows to do a lazy
- // `$ podman login -p $NEW_PASSWORD` without specifying the
- // user.
- if strings.TrimSpace(username) == "" {
- username = userFromAuthFile
- }
- }
- if password == "" {
- fmt.Print("Password: ")
- pass, err := terminal.ReadPassword(0)
- if err != nil {
- return "", "", errors.Wrapf(err, "error reading password")
- }
- password = string(pass)
- fmt.Println()
- }
- return strings.TrimSpace(username), password, err
-}
-
-// registryFromFullName gets the registry from the input. If the input is of the form
-// quay.io/myuser/myimage, it will parse it and just return quay.io
-// It also returns true if a full image name was given
-func registryFromFullName(input string) string {
- split := strings.Split(input, "/")
- if len(split) > 1 {
- return split[0]
- }
- return split[0]
-}