adding identity token as an approximate alias of password #1040
Conversation
Signed-off-by: Sanskar Bhushan <sbdtu5498@gmail.com>
sbdtu5498
requested review from
sajayantony,
shizhMSFT,
SteveLasker,
qweeah and
TerryHowe
as code owners
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #1040 +/- ##
==========================================
- Coverage 81.97% 81.63% -0.35%
==========================================
Files 83 83
Lines 3995 4024 +29
==========================================
+ Hits 3275 3285 +10
- Misses 497 509 +12
- Partials 223 230 +7 ☔ View full report in Codecov by Sentry. |
| @@ -113,10 +116,16 @@ func (opts *Remote) Parse() error { | |||
| return opts.distributionSpec.Parse() | |||
| } | |||
|
|
|||
| // readPassword tries to read password with optional cmd prompt. | |||
| // readPassword tries to read password and identity-token with optional cmd prompt. | |||
| func (opts *Remote) readPassword() (err error) { | |||
There was a problem hiding this comment.
I'm fine with this, but there is a Cobra feature for mutually exclusive
There was a problem hiding this comment.
Oh, thanks for the info. I will check it and get back on this one.
There was a problem hiding this comment.
There was a problem hiding this comment.
BTW identity-token is exclusive to both password and username
| notePrefix string | ||
| shortUser string | ||
| shortPassword string | ||
| shortIdentityToken string |
There was a problem hiding this comment.
Should not enable shorthand for --identity-token
| ) | ||
| if prefix == "" { | ||
| shortUser, shortPassword = "u", "p" | ||
| shortUser, shortPassword, shortIdentityToken = "u", "p", "i" |
There was a problem hiding this comment.
Should not enable shorthand for --identity-token
| @@ -94,6 +96,7 @@ func (opts *Remote) ApplyFlagsWithPrefix(fs *pflag.FlagSet, prefix, description | |||
| } | |||
| fs.StringVarP(&opts.Username, flagPrefix+"username", shortUser, "", notePrefix+"registry username") | |||
| fs.StringVarP(&opts.Password, flagPrefix+"password", shortPassword, "", notePrefix+"registry password or identity token") | |||
| fs.StringVarP(&opts.IdentityToken, flagPrefix+"identity-token", shortIdentityToken, "", notePrefix+"identity token for registry") | |||
There was a problem hiding this comment.
Should not enable shorthand for --identity-token
| fs.StringVarP(&opts.IdentityToken, flagPrefix+"identity-token", shortIdentityToken, "", notePrefix+"identity token for registry") | |
| fs.StringVarP(&opts.IdentityToken, flagPrefix+"identity-token", "", "", notePrefix+"identity token for registry") |
| @@ -113,10 +116,16 @@ func (opts *Remote) Parse() error { | |||
| return opts.distributionSpec.Parse() | |||
| } | |||
|
|
|||
| // readPassword tries to read password with optional cmd prompt. | |||
| // readPassword tries to read password and identity-token with optional cmd prompt. | |||
There was a problem hiding this comment.
NIT: make line length less than 80
| // readPassword tries to read password and identity-token with optional cmd prompt. | |
| // readPassword tries to read password and identity-token with optional cmd | |
| // prompt. |
| @@ -113,10 +116,16 @@ func (opts *Remote) Parse() error { | |||
| return opts.distributionSpec.Parse() | |||
| } | |||
|
|
|||
| // readPassword tries to read password with optional cmd prompt. | |||
| // readPassword tries to read password and identity-token with optional cmd prompt. | |||
| func (opts *Remote) readPassword() (err error) { | |||
There was a problem hiding this comment.
| @@ -113,10 +116,16 @@ func (opts *Remote) Parse() error { | |||
| return opts.distributionSpec.Parse() | |||
| } | |||
|
|
|||
| // readPassword tries to read password with optional cmd prompt. | |||
| // readPassword tries to read password and identity-token with optional cmd prompt. | |||
| func (opts *Remote) readPassword() (err error) { | |||
There was a problem hiding this comment.
BTW identity-token is exclusive to both password and username
| @@ -47,6 +47,7 @@ type Remote struct { | |||
| Username string | |||
| PasswordFromStdin bool | |||
| Password string | |||
| IdentityToken string | |||
There was a problem hiding this comment.
Don't need this new value, the --registry-token can be applied to Password directly. The tricky part is whether we need --registry-token-stdin? Please wait for #742 (comment) to be answered?
There was a problem hiding this comment.
I see. I will remove the field and would implement identity-token-stdin instead.
| PasswordFromStdin bool | ||
| Password string | ||
| IdentityToken string |
There was a problem hiding this comment.
Instead of having IdentityToken, we can have something like Secret and SecretFromStdin.
There was a problem hiding this comment.
Oh, So should I add a field secret that will hold the Identity Token, Instead of Password?
| if opts.IdentityToken != "" { | ||
| // If IdentityToken is provided, use it as the credential without a username | ||
| return auth.Credential{ | ||
| Username: "", | ||
| Password: opts.IdentityToken, | ||
| } | ||
| } else { | ||
| // If IdentityToken is not provided, use the username and password as credentials | ||
| return auth.Credential{ | ||
| Username: opts.Username, | ||
| Password: opts.Password, | ||
| } | ||
| } |
There was a problem hiding this comment.
This block of code should be reverted since credential.Credential() already handles everything.
| // If IdentityToken is provided, use it as the credential without a username | ||
| if opts.IdentityToken != "" { | ||
| opts.Username = "" // Set the username to empty since it's not required when using identity token | ||
| opts.Password = opts.IdentityToken // Use the identity token as the password | ||
| } else if opts.Password == "" { |
There was a problem hiding this comment.
Those part of code should be reverted if we introduce opts.Secret.
There was a problem hiding this comment.
Oh Okay. I will revert them. Let me know should I go with Secrets and SecretFromStdin or identity-token-stdin and password.
|
Where is this going? Be nice to get this out. |
|
This PR is stale because it has been open 45 days with no activity. Remove stale label or comment or this will be closed in 30 days. |
Signed-off-by: Terry Howe <tlhowe@amazon.com>
|
@sbdtu5498 Will you be able to continue to work on this PR? It has been stale for a long time and might be closed if no follow-ups on it in a few weeks. |
|
This PR is stale because it has been open 45 days with no activity. Remove stale label or comment or this will be closed in 30 days. |
github-actions
bot
added
stale
|
This PR is stale because it has been open 45 days with no activity. Remove stale label or comment or this will be closed in 30 days. |
|
Succeeded and closed by #1294 |
What this PR does / why we need it:
These changes make the identity token an approximate alias of a password. The underlying implementation still depends on the password implementation, but a few cases to handle exceptions and errors have been added, thus technically speaking, it is not an alias but can be considered an approximate alias to enhance UX in terms of user's understandability.
Which issue(s) this PR fixes
Fixes #742
Please check the following list: