feat: Support username and password prompt in login

[ningziwen]

#503

Added e2e tests. The current unit tests don't have RunE() testing code. Adding the unit test could lead to lots of refactoring. I'm happy to help the refactoring and start the unit tests of RunE() but I think it is better to be in a separated PR. Adding lots of unit test refactoring could mess up this PR.

TODO: Seems login requires credential helper. Need to install credential helper as a test step.

[ningziwen]

I noticed the current login tests only cover preRun(). Is there any reason of doing this? Do we want to also cover RunE()? My change is in RunE() so it won't be covered in the test file following current tests.

[FeynmanZhou]

I noticed the current login tests only cover preRun(). Is there any reason of doing this? Do we want to also cover RunE()? My change is in RunE() so it won't be covered in the test file following current tests.

@JeyJeyGao Could you pls help to confirm and provide your suggestion?

[priteshbandi]

I noticed the current login tests only cover preRun(). Is there any reason of doing this? Do we want to also cover RunE()? My change is in RunE() so it won't be covered in the test file following current tests.

Can we create new tests for this usecase?

[codecov-commenter]

Codecov Report

Merging #566 (e59d7cf) into main (55f0764) will decrease coverage by 0.68%.
The diff coverage is 0.00%.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@            Coverage Diff             @@
##             main     #566      +/-   ##
==========================================
- Coverage   34.36%   33.68%   -0.68%     
==========================================
  Files          32       32              
  Lines        1848     1885      +37     
==========================================
  Hits          635      635              
- Misses       1192     1229      +37     
  Partials       21       21              

Impacted Files	Coverage Δ
cmd/notation/login.go	29.26% <0.00%> (-12.60%)	⬇️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[JeyJeyGao]

We may need to add an E2E test for it because username and password are read from STDIN. The E2E test is here.

[ningziwen]

I noticed the unit tests only produce the commands instead of running the commands. E2e tests run the commands. So I added the tests to e2e tests.

[ningziwen]

@JeyJeyGao I completed most of the e2e tests but the only thing left is credential helper.

I noticed it seems notation forces users to have credential helper. If not, it will directly throw error

Error: could not get the credentials store: failed to load config file, error: credentials store config was not set up

This is different with other container tools. For example, in nerdctl, it throws WARNING: Your password will be stored unencrypted in %s. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store and succeeds the login.

I'm wondering is it intentionally to enforce notation users to have credential helper?

[JeyJeyGao]

@JeyJeyGao I completed most of the e2e tests but the only thing left is credential helper.

I noticed it seems notation forces users to have credential helper. If not, it will directly throw error

Error: could not get the credentials store: failed to load config file, error: credentials store config was not set up

This is different with other container tools. For example, in nerdctl, it throws WARNING: Your password will be stored unencrypted in %s. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store and succeeds the login.

I'm wondering is it intentionally to enforce notation users to have credential helper?

Yes, it depends on credential helper now, but in the next few months, login without credential helper will be supported. Currently, a credential-go library is under development, which will be used by notation.

If the Github action machine doesn't have a credential helper, we cannot do notation login. To solve the issue,

1. we can update run.sh script to install a credential helper for linux if there is no one. You can follow the example here.

By default, Docker looks for the native binary on each of the platforms, i.e. “osxkeychain” on macOS, “wincred” on windows, and “pass” on Linux. link

2. wait for another few months then notation will support login without credential helper.😄

[ningziwen]

@JeyJeyGao Great! Could you point me the link of credential-go? Login without credential helper is pretty valuable to my use case. Just want to track the progress and see if there is anything I can help.

[JeyJeyGao]

@JeyJeyGao Great! Could you point me the link of credential-go? Login without credential helper is pretty valuable to my use case. Just want to track the progress and see if there is anything I can help.

https://github.com/oras-project/oras-credentials-go

[ningziwen]

@JeyJeyGao Pushed the changes except the credential helper in Github action. I set up credential helper in my host and current e2e tests work find.

In my investigation, to set up credential helper, there are 3 steps

1. gpg2 --quick-generate-key notation-e2e. This step needs users to interfact to input passphase and I don't find a way to execute quietly. This is a blocker of running it in Github action.
2. Install docker-credential-pass.
3. Set credstore to pass in ~/.config/notation/config.json

Let me know if you have any advice to deal with gpg2. Otherwise we may temporarily skip the automated e2e tests or wait for credential-go, but @FeynmanZhou may want to have this sooner than later.

[ningziwen]

@JeyJeyGao I added Skip() to the new e2e tests to unblock Github actions, and created an issue to track with puting it in the comment. #587
Let me know if you have better suggestions.

[priteshbandi]

LGTM

[patrickzheng200]

LGTM with nit comment.

[patrickzheng200]

LGTM

[shizhMSFT]

LGTM with suggestions.