prevent login prompt on registry operations with no TTY attached

[thaJeztah]

• fixes docker pull should not prompt for password when no TTY is attached #6136
• relates to docker pull is now interactive moby/moby#50204

When pulling or pushing images, the CLI could prompt for a password if the push/pull failed and the registry returned a 401 (Unauthorized)

Ironically, this feature did not work when using Docker Hub (and possibly other registries using basic auth), due to some custom error handling added in moby@19a93a6e3d42, which also discards the registry's status code, changing it to a 404;

curl -v -XPOST --unix-socket /var/run/docker.sock 'http://localhost/v1.50/images/create?fromImage=docker.io%2Fexample%2Fprivate&tag=latest'
...
< HTTP/1.1 404 Not Found
< Content-Type: application/json
...
{"message":"pull access denied for example/private, repository does not exist or may require 'docker login'"}

And due to a bug, other registries (not using basic auth) returned a generic error, which resulted in a 500 Internal Server Error. That bug was fixed in docker 28.2, now returning the upstream status code and trigger an interactive prompt;

docker pull icr.io/my-ns/my-image:latest
Please login prior to pull:
Username:

This prompt would be triggered unconditionally, also if the CLI was run non-interactively and no TTY attached;

docker pull icr.io/my-ns/my-image:latest < /dev/null
Please login prior to pull:
Username:

With this PR, no prompt is shown ;

# without STDIN attached
docker pull icr.io/my-ns/my-image:latest < /dev/null
Error response from daemon: error from registry: Authorization required. See https://cloud.ibm.com/docs/Registry?topic=Registry-troubleshoot-auth-req - Authorization required. See https://cloud.ibm.com/docs/Registry?topic=Registry-troubleshoot-auth-req

For now, the prompt is still shown otherwise;

docker pull icr.io/my-ns/my-image:latest

Login prior to pull:
Username: ^C

- What I did

- How I did it

- How to verify it

- Human readable description for the release notes

Fix `docker pull/push` hang in non-interactive when authentication is required caused by prompting for login credentials.

- A picture of a cute animal (not mandatory but encouraged)

[thaJeztah]

After digging in to history and comparing behavior on older daemons (which due to the various bugs did NOT prompt), I'm indeed considering that we could just remove the interactive prompt altogether.

I do want to have a look though, because the PrivilegeFunc is a much more elegant solution than the static RegistryAuth field, and perhaps we should consider making PrivilegeFunc the default way to obtain auth if needed (which could mean; try pull without any auth first, then fallback to trying to get auth from store).

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 23.80952% with 16 lines in your changes missing coverage. Please review.

Project coverage is 55.07%. Comparing base (747cb44) to head (c882686).

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #6141      +/-   ##
==========================================
- Coverage   55.09%   55.07%   -0.03%     
==========================================
  Files         362      362              
  Lines       30265    30281      +16     
==========================================
+ Hits        16675    16676       +1     
- Misses      12628    12639      +11     
- Partials      962      966       +4     

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[vvoland]

Adjusted the changelog entry a bit, PTAL

[Benehiko]

LGTM

[thaJeztah]

Thanks! Yes change-log update looks good