search

recast-hep / recast-atlas

CLI for ATLAS RECAST contributors
https://recast.docs.cern.ch/
Apache License 2.0
5 stars 5 forks source link

fix: Login to docker registry with `--password-stdin` to avoid warning #80

Closed matthewfeickert closed 2 years ago

matthewfeickert commented 2 years ago

Attempting to login to a Docker registry using docker login -p will generate the warning message from Docker

WARNING! Using --password via the CLI is insecure. Use --password-stdin

to avoid this use printf and pipes to send the user password to docker login resulting in the command

printf "${RECAST_REGISTRY_PASSWORD}" | docker login --username "${RECAST_REGISTRY_USERNAME}" --password-stdin "${RECAST_REGISTRY_HOST}"

being used by recast auth setup. Additionally use f-strings to simplify formatting and update the warning message users see RE: environmental variables.

recast-atlas v0.1.8

eval "$(recast auth setup -a ${RECAST_AUTH_USERNAME} -a ${RECAST_AUTH_PASSWORD} -a ${RECAST_AUTH_TOKEN} -a default)"
You password is stored in the environment variables RECAST_AUTH_USERNAME,RECAST_AUTH_PASSWORD,YADAGE_SCHEMA_LOAD_TOKEN,YADAGE_INIT_TOKEN,RECAST_REGISTRY_USERNAME,RECAST_REGISTRY_PASSWORD,RECAST_REGISTRY_HOST,PACKTIVITY_AUTH_LOCATION. Run `eval $(recast auth destroy)` to clear your password or exit the shell.
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /home/feickert/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

This PR

eval "$(recast auth setup -a ${RECAST_AUTH_USERNAME} -a ${RECAST_AUTH_PASSWORD} -a ${RECAST_AUTH_TOKEN} -a default)"
NOTE! Your password and private information are stored in the environmental variables:
RECAST_AUTH_USERNAME,RECAST_AUTH_PASSWORD,YADAGE_SCHEMA_LOAD_TOKEN,YADAGE_INIT_TOKEN,RECAST_REGISTRY_USERNAME,RECAST_REGISTRY_PASSWORD,RECAST_REGISTRY_HOST,PACKTIVITY_AUTH_LOCATION
Run `eval $(recast auth destroy)` to unset these environmental variables or exit the shell.

WARNING! Your password will be stored unencrypted in /home/feickert/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

Recommended squash and merge commit message

* Use f-strings to simplify string formatting
* Use docker login --password-stdin option to avoid warning message:
WARNING! Using --password via the CLI is insecure. Use --password-stdin

New behavior is to have `recast auth setup` print the command:
printf "${RECAST_REGISTRY_PASSWORD}" | docker login --username "${RECAST_REGISTRY_USERNAME}" --password-stdin "${RECAST_REGISTRY_HOST}"
* Add note to users that the environmental variables hold more than just
the Docker password