Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix issue where one bad credential helper causes no credentials to be returned #3996

Merged
merged 1 commit into from
Jan 31, 2023

Conversation

laurazard
Copy link
Collaborator

Signed-off-by: Laura Brehm [email protected]

fixes #3716

- What I did

Instead of returning no credentials when a configured credential helper throws an error, skip the bad credential helper, return the remaining credentials, and warn the user about the error.

- How to verify it

Refer to the reproduction steps in #3716, or run the added unit tests 😄

- Description for the changelog

- A picture of a cute animal (not mandatory but encouraged)

image

@codecov-commenter
Copy link

codecov-commenter commented Jan 31, 2023

Codecov Report

Merging #3996 (7554eda) into master (4a500f6) will increase coverage by 0.01%.
The diff coverage is 100.00%.

Additional details and impacted files
@@            Coverage Diff             @@
##           master    #3996      +/-   ##
==========================================
+ Coverage   59.20%   59.21%   +0.01%     
==========================================
  Files         287      287              
  Lines       24698    24698              
==========================================
+ Hits        14622    14625       +3     
+ Misses       9192     9190       -2     
+ Partials      884      883       -1     

cli/config/configfile/file_test.go Outdated Show resolved Hide resolved
cli/config/configfile/file.go Show resolved Hide resolved
@laurazard laurazard force-pushed the skip-broken-credentials branch from 022abf6 to 7554eda Compare January 31, 2023 10:01
@laurazard laurazard requested a review from thaJeztah January 31, 2023 11:04
@@ -300,7 +300,8 @@ func (configFile *ConfigFile) GetAllCredentials() (map[string]types.AuthConfig,
for registryHostname := range configFile.CredentialHelpers {
newAuth, err := configFile.GetAuthConfig(registryHostname)
if err != nil {
return nil, err
logrus.WithError(err).Warnf("Failed to get credentials for registry: %s", registryHostname)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Was looking at this again, and while we should look at using the logger more, we should probably look at the output for it. Currently, the output looks like;

WARN[0000] Failed to get credentials for registry: foo   error="something went wrong"

Still readable, but perhaps not as "friendly". I see elsewhere we just print our own, e.g.;

fmt.Fprintf(stderr, "WARNING: Error loading config file: %v\n", err)

Which may look like;

WARNING: Error loading config file: /root/.docker/config.json: json: cannot unmarshal string into Go struct field ConfigFile.auths of type types.AuthConfig

Only issue is that this location of the code currently doesn't have a reference to the CLI's stdout or stderr, so if we change it, we probably need to hardcode it to os.Stderr (not ideal either).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ideas / suggestions (perhaps someone else has thoughts) welcome.

Don't think it's necessarily a blocker, if there's no better solution (for now)

Copy link
Collaborator Author

@laurazard laurazard Jan 31, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a good point! In general I think having the more standardized logging is good (vs just calling fmt.Fprintf), but the friendliness is a good point. Maybe we can look into seeing if we can configure the output for it. I don't have better ideas right now though 😅

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, there's a lot to look into in this area;

  • There's fmt.PrintXX in many places
  • While it's "generally" ok to use the defaults (I suspect logrus is not configured anywhere to use something other than os.StdOut / os.StdErr), ideally we'd have better controls for that
  • ^^ sometimes we need to use a different approach depending on (e.g.) if an actual TTY is attached (see cli: additionalHelp() don't decorate output if it's piped, and add extra newline #3973)
  • ^^ or (e.g.) if we want the output to be "quiet" (could be in the CLI itself, or other projects using parts of the CLI as a "library")
  • I also went looking for some of that, e.g. WIP: make printing output easier (approach 1) #3797
  • (as mentioned) logrus (or other loggers) are great for logs, but the default output format often isn't great for printing "one-off", user-facing messages

So yes, this needs work (perhaps I should create a tracking ticket somewhere); e.g.

  • Consider using a context-logger to pass a logger around
  • That logger could (default) be a logger with a format that's "friendly enough"
  • Look into best approach to pass around the streams (STDIN/STDOUT/STDERR), but when doing so, try to prevent coupling things too tightly (i.e., we may not want to pass cobra.Command everywhere).

@thaJeztah thaJeztah added this to the 23.0.0 milestone Jan 31, 2023
Instead, skip bad credential helpers (and warn the user about the error)

Signed-off-by: Laura Brehm <[email protected]>
@laurazard laurazard force-pushed the skip-broken-credentials branch from 7554eda to 9e3d5d1 Compare January 31, 2023 16:14
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

Let's get this one in; we can bike-shed on the output format and refactoring later (most users (hopefully) wouldn't see this message).

@thaJeztah thaJeztah merged commit e92dd87 into docker:master Jan 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

docker build handles credentials differently than docker pull
3 participants