-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
--password-stdin flag in podman login
#2320
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -43,6 +43,7 @@ func init() { | |
flags.StringVarP(&loginCommand.Password, "password", "p", "", "Password for registry") | ||
flags.BoolVar(&loginCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries (default: true)") | ||
flags.StringVarP(&loginCommand.Username, "username", "u", "", "Username for registry") | ||
flags.BoolVar(&loginCommand.StdinPassword, "password-stdin", false, "Take the password from stdin") | ||
|
||
rootCmd.AddCommand(loginCommand.Command) | ||
} | ||
|
@@ -90,8 +91,26 @@ func loginCmd(c *cliconfig.LoginValues) error { | |
} | ||
|
||
ctx := getContext() | ||
|
||
password := c.Password | ||
|
||
if c.Flag("password-stdin").Changed { | ||
var stdinPasswordStrBuilder strings.Builder | ||
if c.Password != "" { | ||
return errors.Errorf("Can't specify both --password-stdin and --password") | ||
} | ||
if c.Username == "" { | ||
return errors.Errorf("Must provide --username with --password-stdin") | ||
} | ||
scanner := bufio.NewScanner(os.Stdin) | ||
for scanner.Scan() { | ||
fmt.Fprint(&stdinPasswordStrBuilder, scanner.Text()) | ||
} | ||
password = stdinPasswordStrBuilder.String() | ||
} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. is there any cli validation that should occur between this flag and the password flag? exclusive? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Please explain, what you re worried about? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We have There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. They are now. |
||
|
||
// If no username and no password is specified, try to use existing ones. | ||
if c.Username == "" && c.Password == "" { | ||
if c.Username == "" && password == "" { | ||
fmt.Println("Authenticating with existing credentials...") | ||
if err := docker.CheckAuth(ctx, sc, userFromAuthFile, passFromAuthFile, server); err == nil { | ||
fmt.Println("Existing credentials are valid. Already logged in to", server) | ||
|
@@ -100,7 +119,7 @@ func loginCmd(c *cliconfig.LoginValues) error { | |
fmt.Println("Existing credentials are invalid, please enter valid username and password") | ||
} | ||
|
||
username, password, err := getUserAndPass(c.Username, c.Password, userFromAuthFile) | ||
username, password, err := getUserAndPass(c.Username, password, userFromAuthFile) | ||
if err != nil { | ||
return errors.Wrapf(err, "error getting username and password") | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a more secure version of this? I'm thinking we probably want a version that replaces what's being typed with * so we don't display passwords as they're being typed in
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Doesn't this enable
echo MYPASSWORD | podman login --passwd-stdin
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rhatdan Yes, it enables that