-
Notifications
You must be signed in to change notification settings - Fork 181
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
adding identity token as an approximate alias of password #1040
adding identity token as an approximate alias of password #1040
Conversation
Signed-off-by: Sanskar Bhushan <[email protected]>
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #1040 +/- ##
==========================================
- Coverage 81.97% 81.63% -0.35%
==========================================
Files 83 83
Lines 3995 4024 +29
==========================================
+ Hits 3275 3285 +10
- Misses 497 509 +12
- Partials 223 230 +7 ☔ View full report in Codecov by Sentry. |
@@ -113,10 +116,16 @@ func (opts *Remote) Parse() error { | |||
return opts.distributionSpec.Parse() | |||
} | |||
|
|||
// readPassword tries to read password with optional cmd prompt. | |||
// readPassword tries to read password and identity-token with optional cmd prompt. | |||
func (opts *Remote) readPassword() (err error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm fine with this, but there is a Cobra feature for mutually exclusive
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, thanks for the info. I will check it and get back on this one.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
BTW identity-token
is exclusive to both password
and username
notePrefix string | ||
shortUser string | ||
shortPassword string | ||
shortIdentityToken string |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should not enable shorthand for --identity-token
) | ||
if prefix == "" { | ||
shortUser, shortPassword = "u", "p" | ||
shortUser, shortPassword, shortIdentityToken = "u", "p", "i" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should not enable shorthand for --identity-token
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure will do it
@@ -94,6 +96,7 @@ func (opts *Remote) ApplyFlagsWithPrefix(fs *pflag.FlagSet, prefix, description | |||
} | |||
fs.StringVarP(&opts.Username, flagPrefix+"username", shortUser, "", notePrefix+"registry username") | |||
fs.StringVarP(&opts.Password, flagPrefix+"password", shortPassword, "", notePrefix+"registry password or identity token") | |||
fs.StringVarP(&opts.IdentityToken, flagPrefix+"identity-token", shortIdentityToken, "", notePrefix+"identity token for registry") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should not enable shorthand for --identity-token
fs.StringVarP(&opts.IdentityToken, flagPrefix+"identity-token", shortIdentityToken, "", notePrefix+"identity token for registry") | |
fs.StringVarP(&opts.IdentityToken, flagPrefix+"identity-token", "", "", notePrefix+"identity token for registry") |
@@ -113,10 +116,16 @@ func (opts *Remote) Parse() error { | |||
return opts.distributionSpec.Parse() | |||
} | |||
|
|||
// readPassword tries to read password with optional cmd prompt. | |||
// readPassword tries to read password and identity-token with optional cmd prompt. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
NIT: make line length less than 80
// readPassword tries to read password and identity-token with optional cmd prompt. | |
// readPassword tries to read password and identity-token with optional cmd | |
// prompt. |
@@ -113,10 +116,16 @@ func (opts *Remote) Parse() error { | |||
return opts.distributionSpec.Parse() | |||
} | |||
|
|||
// readPassword tries to read password with optional cmd prompt. | |||
// readPassword tries to read password and identity-token with optional cmd prompt. | |||
func (opts *Remote) readPassword() (err error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@@ -113,10 +116,16 @@ func (opts *Remote) Parse() error { | |||
return opts.distributionSpec.Parse() | |||
} | |||
|
|||
// readPassword tries to read password with optional cmd prompt. | |||
// readPassword tries to read password and identity-token with optional cmd prompt. | |||
func (opts *Remote) readPassword() (err error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
BTW identity-token
is exclusive to both password
and username
@@ -47,6 +47,7 @@ type Remote struct { | |||
Username string | |||
PasswordFromStdin bool | |||
Password string | |||
IdentityToken string |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't need this new value, the --registry-token
can be applied to Password
directly. The tricky part is whether we need --registry-token-stdin
? Please wait for #742 (comment) to be answered?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see. I will remove the field and would implement identity-token-stdin instead.
PasswordFromStdin bool | ||
Password string | ||
IdentityToken string |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of having IdentityToken
, we can have something like Secret
and SecretFromStdin
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, So should I add a field secret that will hold the Identity Token, Instead of Password?
if opts.IdentityToken != "" { | ||
// If IdentityToken is provided, use it as the credential without a username | ||
return auth.Credential{ | ||
Username: "", | ||
Password: opts.IdentityToken, | ||
} | ||
} else { | ||
// If IdentityToken is not provided, use the username and password as credentials | ||
return auth.Credential{ | ||
Username: opts.Username, | ||
Password: opts.Password, | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This block of code should be reverted since credential.Credential()
already handles everything.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay, will fix it.
// If IdentityToken is provided, use it as the credential without a username | ||
if opts.IdentityToken != "" { | ||
opts.Username = "" // Set the username to empty since it's not required when using identity token | ||
opts.Password = opts.IdentityToken // Use the identity token as the password | ||
} else if opts.Password == "" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Those part of code should be reverted if we introduce opts.Secret
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh Okay. I will revert them. Let me know should I go with Secrets and SecretFromStdin or identity-token-stdin and password.
Where is this going? Be nice to get this out. |
This PR is stale because it has been open 45 days with no activity. Remove stale label or comment or this will be closed in 30 days. |
Signed-off-by: Terry Howe <[email protected]>
@sbdtu5498 Will you be able to continue to work on this PR? It has been stale for a long time and might be closed if no follow-ups on it in a few weeks. |
This PR is stale because it has been open 45 days with no activity. Remove stale label or comment or this will be closed in 30 days. |
This PR is stale because it has been open 45 days with no activity. Remove stale label or comment or this will be closed in 30 days. |
Succeeded and closed by #1294 |
What this PR does / why we need it:
These changes make the identity token an approximate alias of a password. The underlying implementation still depends on the password implementation, but a few cases to handle exceptions and errors have been added, thus technically speaking, it is not an alias but can be considered an approximate alias to enhance UX in terms of user's understandability.
Which issue(s) this PR fixes
Fixes #742
Please check the following list: