search

docker-archive / compose-cli

Easily run your Compose application to the cloud with compose-cli
Apache License 2.0
957 stars 255 forks source link

incorrect warning when logging into ECR #2260

Open nicks opened 1 year ago

nicks commented 1 year ago

Description

I log into my ECR registry like this:

aws ecr get-login-password --region us-east-1
docker login --username AWS --password-stdin [my-account-id].dkr.ecr.us-east-1.amazonaws.com
Login Succeeded

This is the recommended way to log into ECR. https://docs.aws.amazon.com/AmazonECR/latest/userguide/getting-started-cli.html

The Docker CLI gives me a warning about this:

Logging in with your password grants your terminal complete access to your account. 
For better security, log in with a limited-privilege personal access token. Learn more at https://docs.docker.com/go/access-tokens/

This warning isn't correct. I'm not logging into hub, docker hub PATs are irrelevant here.

Reproduce

docker login --username AWS --password-stdin [my-account-id].dkr.ecr.us-east-1.amazonaws.com

Expected behavior

No warning

docker version

Client: Docker Engine - Community
 Cloud integration: v1.0.31
 Version:           23.0.1
 API version:       1.42
 Go version:        go1.19.5
 Git commit:        a5ee5b1
 Built:             Thu Feb  9 19:47:01 2023
 OS/Arch:           linux/amd64
 Context:           desktop-linux

Server: Docker Desktop 4.17.0 (99144)
 Engine:
  Version:          22.06.0-beta.0-926-g914b02ebaf.m
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.18.4
  Git commit:       914b02ebaf
  Built:            Thu Feb  9 12:30:57 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.18
  GitCommit:        2456e983eb9e37e47538f59ea18f2043c9a73640
 runc:
  Version:          1.1.4
  GitCommit:        v1.1.4-0-g5fd4c4d
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

Client:
 Context:    desktop-linux
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.10.3
    Path:     /usr/lib/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.15.1
    Path:     /usr/lib/docker/cli-plugins/docker-compose
  dev: Docker Dev Environments (Docker Inc.)
    Version:  v0.1.0
    Path:     /usr/lib/docker/cli-plugins/docker-dev
  extension: Manages Docker extensions (Docker Inc.)
    Version:  v0.2.18
    Path:     /usr/lib/docker/cli-plugins/docker-extension
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
    Version:  0.6.0
    Path:     /usr/lib/docker/cli-plugins/docker-sbom
  scan: Docker Scan (Docker Inc.)
    Version:  v0.25.0
    Path:     /usr/lib/docker/cli-plugins/docker-scan
  scout: Command line tool for Docker Scout (Docker Inc.)
    Version:  v0.6.0
    Path:     /usr/lib/docker/cli-plugins/docker-scout
WARNING: Plugin "/usr/lib/docker/cli-plugins/docker-compose.14.backup" is not valid: plugin candidate "compose.14.backup" did not match "^[a-z][a-z0-9]*$"

Server:
 Containers: 12
  Running: 11
  Paused: 0
  Stopped: 1
 Images: 50
 Server Version: 22.06.0-beta.0-926-g914b02ebaf.m
 Storage Driver: stargz
  driver-type: io.containerd.snapshotter.v1
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 2456e983eb9e37e47538f59ea18f2043c9a73640
 runc version: v1.1.4-0-g5fd4c4d
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 5.15.49-linuxkit
 Operating System: Docker Desktop
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 3.658GiB
 Name: docker-desktop
 ID: a92cef06-564f-4766-91bd-bc9e839af9fa
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Registry: https://index.docker.io/v1/
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5000
  127.0.0.0/8
 Live Restore Enabled: false

Additional Info

Note that the warning is here: https://github.com/docker/compose-cli/blob/f09336e5196183de06f359e5598c3f2d7f704809/cli/mobycli/pat_suggest.go

happy to move this bug to that repo. i filed it here because i presume most users don't know/care about the internal cli repo topology.

Originally filed as https://github.com/docker/cli/issues/4058 but moved over here