Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

adding identity token as an approximate alias of password #1040

Conversation

sbdtu5498
Copy link

What this PR does / why we need it:
These changes make the identity token an approximate alias of a password. The underlying implementation still depends on the password implementation, but a few cases to handle exceptions and errors have been added, thus technically speaking, it is not an alias but can be considered an approximate alias to enhance UX in terms of user's understandability.

Which issue(s) this PR fixes
Fixes #742

Please check the following list:

  • Does the affected code have corresponding tests, e.g. unit test, E2E test?
  • Does this change require a documentation update?
  • Does this introduce breaking changes that would require an announcement or bumping the major version?

@codecov-commenter
Copy link

codecov-commenter commented Jul 31, 2023

Codecov Report

Attention: Patch coverage is 53.65854% with 19 lines in your changes are missing coverage. Please review.

Project coverage is 81.63%. Comparing base (5608eeb) to head (976db98).

Files Patch % Lines
cmd/oras/internal/option/remote.go 53.84% 8 Missing and 4 partials ⚠️
cmd/oras/root/login.go 53.33% 4 Missing and 3 partials ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main    #1040      +/-   ##
==========================================
- Coverage   81.97%   81.63%   -0.35%     
==========================================
  Files          83       83              
  Lines        3995     4024      +29     
==========================================
+ Hits         3275     3285      +10     
- Misses        497      509      +12     
- Partials      223      230       +7     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

cmd/oras/internal/option/remote.go Show resolved Hide resolved
@@ -113,10 +116,16 @@ func (opts *Remote) Parse() error {
return opts.distributionSpec.Parse()
}

// readPassword tries to read password with optional cmd prompt.
// readPassword tries to read password and identity-token with optional cmd prompt.
func (opts *Remote) readPassword() (err error) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm fine with this, but there is a Cobra feature for mutually exclusive

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, thanks for the info. I will check it and get back on this one.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

BTW identity-token is exclusive to both password and username

notePrefix string
shortUser string
shortPassword string
shortIdentityToken string
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should not enable shorthand for --identity-token

)
if prefix == "" {
shortUser, shortPassword = "u", "p"
shortUser, shortPassword, shortIdentityToken = "u", "p", "i"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should not enable shorthand for --identity-token

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure will do it

@@ -94,6 +96,7 @@ func (opts *Remote) ApplyFlagsWithPrefix(fs *pflag.FlagSet, prefix, description
}
fs.StringVarP(&opts.Username, flagPrefix+"username", shortUser, "", notePrefix+"registry username")
fs.StringVarP(&opts.Password, flagPrefix+"password", shortPassword, "", notePrefix+"registry password or identity token")
fs.StringVarP(&opts.IdentityToken, flagPrefix+"identity-token", shortIdentityToken, "", notePrefix+"identity token for registry")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should not enable shorthand for --identity-token

Suggested change
fs.StringVarP(&opts.IdentityToken, flagPrefix+"identity-token", shortIdentityToken, "", notePrefix+"identity token for registry")
fs.StringVarP(&opts.IdentityToken, flagPrefix+"identity-token", "", "", notePrefix+"identity token for registry")

@@ -113,10 +116,16 @@ func (opts *Remote) Parse() error {
return opts.distributionSpec.Parse()
}

// readPassword tries to read password with optional cmd prompt.
// readPassword tries to read password and identity-token with optional cmd prompt.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NIT: make line length less than 80

Suggested change
// readPassword tries to read password and identity-token with optional cmd prompt.
// readPassword tries to read password and identity-token with optional cmd
// prompt.

@@ -113,10 +116,16 @@ func (opts *Remote) Parse() error {
return opts.distributionSpec.Parse()
}

// readPassword tries to read password with optional cmd prompt.
// readPassword tries to read password and identity-token with optional cmd prompt.
func (opts *Remote) readPassword() (err error) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@@ -113,10 +116,16 @@ func (opts *Remote) Parse() error {
return opts.distributionSpec.Parse()
}

// readPassword tries to read password with optional cmd prompt.
// readPassword tries to read password and identity-token with optional cmd prompt.
func (opts *Remote) readPassword() (err error) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

BTW identity-token is exclusive to both password and username

@@ -47,6 +47,7 @@ type Remote struct {
Username string
PasswordFromStdin bool
Password string
IdentityToken string
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't need this new value, the --registry-token can be applied to Password directly. The tricky part is whether we need --registry-token-stdin? Please wait for #742 (comment) to be answered?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see. I will remove the field and would implement identity-token-stdin instead.

Comment on lines 48 to +50
PasswordFromStdin bool
Password string
IdentityToken string
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of having IdentityToken, we can have something like Secret and SecretFromStdin.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, So should I add a field secret that will hold the Identity Token, Instead of Password?

Comment on lines +256 to +268
if opts.IdentityToken != "" {
// If IdentityToken is provided, use it as the credential without a username
return auth.Credential{
Username: "",
Password: opts.IdentityToken,
}
} else {
// If IdentityToken is not provided, use the username and password as credentials
return auth.Credential{
Username: opts.Username,
Password: opts.Password,
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This block of code should be reverted since credential.Credential() already handles everything.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, will fix it.

Comment on lines +88 to +92
// If IdentityToken is provided, use it as the credential without a username
if opts.IdentityToken != "" {
opts.Username = "" // Set the username to empty since it's not required when using identity token
opts.Password = opts.IdentityToken // Use the identity token as the password
} else if opts.Password == "" {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Those part of code should be reverted if we introduce opts.Secret.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh Okay. I will revert them. Let me know should I go with Secrets and SecretFromStdin or identity-token-stdin and password.

@TerryHowe
Copy link
Member

Where is this going? Be nice to get this out.

@github-actions
Copy link

This PR is stale because it has been open 45 days with no activity. Remove stale label or comment or this will be closed in 30 days.

@github-actions github-actions bot added the stale Inactive issues or pull requests label Oct 22, 2023
@TerryHowe TerryHowe removed the stale Inactive issues or pull requests label Oct 28, 2023
@FeynmanZhou
Copy link
Member

@sbdtu5498 Will you be able to continue to work on this PR? It has been stale for a long time and might be closed if no follow-ups on it in a few weeks.

Copy link

This PR is stale because it has been open 45 days with no activity. Remove stale label or comment or this will be closed in 30 days.

@github-actions github-actions bot added stale Inactive issues or pull requests and removed stale Inactive issues or pull requests labels Jan 12, 2024
Copy link

This PR is stale because it has been open 45 days with no activity. Remove stale label or comment or this will be closed in 30 days.

@github-actions github-actions bot added the stale Inactive issues or pull requests label Feb 28, 2024
@github-actions github-actions bot removed the stale Inactive issues or pull requests label Feb 29, 2024
@shizhMSFT
Copy link
Contributor

Succeeded and closed by #1294

@shizhMSFT shizhMSFT closed this Apr 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Make --identity-token an alias of --password
6 participants