Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

config/credentials: don't run 'pass' to detect it #1160

Merged
merged 1 commit into from
Jul 2, 2018
Merged

config/credentials: don't run 'pass' to detect it #1160

merged 1 commit into from
Jul 2, 2018

Conversation

euank
Copy link
Contributor

@euank euank commented Jun 29, 2018

'CheckInitialized' in the credential-helper library actually invokes
pass, which isn't desirable (see #699).

This moves the check to be simpler, and then pass will only be invoked
when it's needed (such as for docker login or when pulling from a
private registry).

This logic could also reasonably live in the credential-helper library,
but it's simple enough it seems fine in either location.

Fixes #699.

- How to verify it

Before this change, running docker help or any such command with an empty config would call pass.

After this change, pass is not executed unless the following are all true:

  1. The auth-config is empty or configured to use pass
  2. pass is in the PATH
  3. docker-credential-pass is in the PATH
  4. docker login or a similar command which needs credentials was invoked.

- Description for the changelog
pass is only invoked if the associated credential helper is installed, no other helper is configured, and credentials are needed.

- A picture of a cute animal (not mandatory but encouraged)

Credit: Robert Irwin

@euank euank mentioned this pull request Jun 29, 2018
Merged
vdemeester
vdemeester approved these changes Jun 29, 2018
View reviewed changes
Copy link
Collaborator

@vdemeester vdemeester left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🐯
@euank you're gonna need to update the vendoring as I think we may not depend on github.com/docker/docker-credential-helpers/pass package anymore 😝

silvin-lubecki
silvin-lubecki approved these changes Jun 29, 2018
View reviewed changes
Copy link
Contributor

@silvin-lubecki silvin-lubecki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM (but need to update the vendoring)

thaJeztah
thaJeztah approved these changes Jun 29, 2018
View reviewed changes
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SGTM

@euank euank force-pushed the simpler-pass branch 2 times, most recently from 8f179b6 to fb1150d Compare June 29, 2018 18:35
@euank
config/credentials: don't run 'pass' to detect it
056015c 
'CheckInitialized' in the credential-helper library actually invokes
`pass`, which isn't desirable (see docker#699).

This moves the check to be simpler, and then pass will only be invoked
when it's needed (such as for `docker login` or when pulling from a
private registry).

This logic could also reasonably live in the credential-helper library,
but it's simple enough it seems fine in either location.

Signed-off-by: Euan Kemp <euank@euank.com>
@euank
Copy link
Contributor Author

euank commented Jun 29, 2018

Updated, CI is happy now.

@bacongobbler bacongobbler mentioned this pull request Jun 30, 2018
Open
@vdemeester vdemeester merged commit 9e36ff4 into docker:master Jul 2, 2018
@GordonTheTurtle GordonTheTurtle added this to the 18.07.0 milestone Jul 2, 2018
@thaJeztah thaJeztah mentioned this pull request Jul 3, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@silvin-lubecki silvin-lubecki silvin-lubecki approved these changes

@thaJeztah thaJeztah thaJeztah approved these changes

@vdemeester vdemeester vdemeester approved these changes

@n4ss n4ss Awaiting requested review from n4ss

Assignees
No one assigned
Labels
status/2-code-review
Projects
None yet
Milestone
18.09.0
Development

Successfully merging this pull request may close these issues.
5 participants
@euank @vdemeester @thaJeztah @silvin-lubecki @GordonTheTurtle