search

dnephin / dobi

A build automation tool for Docker applications
https://dnephin.github.io/dobi/
Apache License 2.0
309 stars 36 forks source link

:push does work, because it does not receive credentials from Credentials Store, when .docker/config.json doesn't store them. #174

Open tobiashochguertel opened 4 years ago

tobiashochguertel commented 4 years ago

When I want to push my images to my private registry, I get an error, because there are no basic auth credentials provided.

with docker push ... from a terminal it works.

I also checked my .docker/config.json Configuration, an I was surprised that I can successfully push to my private registry without having the auth credential informations in the config.json file.

$ cat .docker/config.json
{
    "auths": {
        "dgroup.nexus3.h12.de.abc.com": {},
        "dprivate.nexus3.h12.de.abc.com": {}
    },
    "HttpHeaders": {
        "User-Agent": "Docker-Client/19.03.5 (darwin)"
    },
    "credsStore": "desktop",
    "experimental": "enabled",
    "stackOrchestrator": "swarm"

A research where my credentials for mu private registry are stored, took me to the docker login documentation page, where I was reading that they are stored in an Credential Store.

https://docs.docker.com/engine/reference/commandline/login/#credentials-store

... Credentials store The Docker Engine can keep user credentials in an external credentials store, such as the native keychain of the operating system. Using an external store is more secure than storing credentials in the Docker configuration file.

To use a credentials store, you need an external helper program to interact with a specific keychain or external store. Docker requires the helper program to be in the client’s host $PATH.

This is the list of currently available credentials helpers and where you can download them from:

D-Bus Secret Service: https://github.com/docker/docker-credential-helpers/releases Apple macOS keychain: https://github.com/docker/docker-credential-helpers/releases Microsoft Windows Credential Manager: https://github.com/docker/docker-credential-helpers/releases pass: https://github.com/docker/docker-credential-helpers/releases

CONFIGURE THE CREDENTIALS STORE You need to specify the credentials store in $HOME/.docker/config.json to tell the docker engine to use it. The value of the config property should be the suffix of the program to use (i.e. everything after docker-credential-). For example, to use docker-credential-osxkeychain:

{ "credsStore": "osxkeychain" }

If you are currently logged in, run docker logout to remove the credentials from the file and run docker login again. ...

Docker Version Informations:

hochguertelto@de-dus-nb-toh:~
$ docker version
Client: Docker Engine - Community
 Version:           19.03.5
 API version:       1.40
 Go version:        go1.12.12
 Git commit:        633a0ea
 Built:             Wed Nov 13 07:22:34 2019
 OS/Arch:           darwin/amd64
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          19.03.5
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.12
  Git commit:       633a0ea
  Built:            Wed Nov 13 07:29:19 2019
  OS/Arch:          linux/amd64
  Experimental:     true
 containerd:
  Version:          v1.2.10
  GitCommit:        b34a5c8af56e510852c35414db4c1f4fa6172339
 runc:
  Version:          1.0.0-rc8+dev
  GitCommit:        3e425f80a8c931f88e6d94a8c831b9d5aa481657
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

Dobi Version Informations:

hochguertelto@de-dus-nb-toh:~
$ dobi --version
dobi version 0.13.0 (build: b3063d9, date: Thu Jan 30 03:04:26 UTC 2020)

Operation System Version Informations:

0 hochguertelto@de-dus-nb-toh:~
$ system_profiler SPSoftwareDataType
Software:

    System Software Overview:

      System Version: macOS 10.15.3 (19D76)
      Kernel Version: Darwin 19.3.0
      Boot Volume: Macintosh HD
      Boot Mode: Normal
      Computer Name: Tobiass MacBook Pro
      User Name: Tobias Hochgürtel (hochguertelto)
      Secure Virtual Memory: Enabled
      System Integrity Protection: Enabled
      Time since boot: 2 days 15:38

Can we get this supported with dobi?

avicennax commented 3 years ago

I'm running into the same issue as well. I did a little bit of digging and found that this function is delegated to the docker client lib here. Assuming that your .docker/config.json is in your HOME or DOCKER_CONFIG env var directories (the respective env var itself is set) it should in theory work (for reference). I'll dig little further tomorrow when I get the chance.