-
Notifications
You must be signed in to change notification settings - Fork 67
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
hub-tool stores invalid registry-URLs in config.json #155
Comments
That's clearly the long term goal 😄 The idea was to learn from hub-tool experiment how to handle Hub 2FA in a nice way, and as it's incompatible with using docker CLI's Personal Access Token as password, we decided to do the login separately from the CLI.
We should definitely do that yes 👍 |
Description
This most likely was a bit of a "hack" to make authentication work, but I'm wondering what would be needed to make storing credentials
Steps to reproduce the issue:
For comparison; doing a login with
docker login
. After that, check the contents of~/.docker/config.json
;Now do a
hub-tool login
, and again check the contents of~/.docker/config.json
;Describe the results you received:
Hub Tool creates three "fake" registry hosts in
~/.docker/config.json
(hub-tool
,hub-tool-refresh-token
,hub-tool-token
); while thedocker
cli itself (at a glance) does not validate the format of these keys, the expectation is that the keys are a valid URL; https://github.com/docker/cli/blob/9b3eef52181e8ee79af2dd9b3ee6605bd41a19a1/cli/config/configfile/file.go#L336-L357Other tools may use this information, and could potentially break because of these entries; perhaps setups where a custom credential-helper is used could also break (not sure)
Describe the results you expected:
The configuration saved to be valid.
I'm not sure what the best solution is for this;
config.json
format to see what information is missing currently that we need for hub tool (ideally we'd be able to share authentication between thedocker
cli andhub-tool
)docker
cli itself, we could (at least for now) consider to use a separate file to storehub-tool
authentication; doing so would prevent other tools from potentially breakingconfig.json
allows plugins to store arbitrary configuration in the config file, which could be suitable for this. See https://github.com/docker/cli/blob/9b3eef52181e8ee79af2dd9b3ee6605bd41a19a1/cli/config/configfile/file.go#L367-L378Output of
docker hub --version
:The text was updated successfully, but these errors were encountered: