The Wayback Machine - https://web.archive.org/web/20251014181840/https://github.com/docker/cli/pull/6019
Skip to content

cli/command/container: --use-api-socket: support DOCKER_AUTH_CONFIG #6019

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 16, 2025
Merged

cli/command/container: --use-api-socket: support DOCKER_AUTH_CONFIG #6019

merged 2 commits into from
May 16, 2025

Conversation

thaJeztah
Copy link
Member

@thaJeztah thaJeztah commented Apr 17, 2025
edited by vvoland
Loading

cli/command/container: --use-api-socket: support DOCKER_AUTH_CONFIG

With this patch, the --use-api-socket flag can obtain credentials from
a validly formatted DOCKER_AUTH_CONFIG environment-variable. If the
env-var is not set, or doesn't contain credentials, it falls back to
attempting to read credentials from the CLI's configured credentials
store.

With this patch:

# Make sure there's no auth on disk first
mkdir -p tmpConfig
export DOCKER_CONFIG=$PWD/tmpConfig
rm -f $PWD/tmpConfig/config.json

# no credentials
docker run --rm --use-api-socket alpine cat /run/secrets/docker/config.json
cat: cant open '/run/secrets/docker/config.json': No such file or directory

# pass credentials through DOCKER_AUTH_CONFIG
DOCKER_AUTH_CONFIG='{"auths": {"https://index.docker.io/v1/": {"auth": "am9lam9lOmhlbGxv"}}}' docker run --rm --use-api-socket alpine cat /run/secrets/docker/config.json
{
	"auths": {
		"https://index.docker.io/v1/": {
			"auth": "am9lam9lOmhlbGxv"
		}
	}
}

# credentials from file if no DOCKER_AUTH_CONFIG is set
echo '{"auths": {"https://index.docker.io/v1/": {"auth": "am9lam9lOmhlbGxv"}}}' > "${DOCKER_CONFIG}/config.json"
docker run --rm --use-api-socket alpine cat /run/secrets/docker/config.json
{
	"auths": {
		"https://index.docker.io/v1/": {
			"auth": "am9lam9lOmhlbGxv"
		}
	}
}

# same if DOCKER_AUTH_CONFIG is set, but doesn't contain credentials
DOCKER_AUTH_CONFIG='{}' docker run --rm --use-api-socket alpine cat /run/secrets/docker/config.json
{
	"auths": {
		"https://index.docker.io/v1/": {
			"auth": "am9lam9lOmhlbGxv"
		}
	}
}

DOCKER_AUTH_CONFIG='{"auths": {}}' docker run --rm --use-api-socket alpine cat /run/secrets/docker/config.json
{
	"auths": {
		"https://index.docker.io/v1/": {
			"auth": "am9lam9lOmhlbGxv"
		}
	}
}

- Human readable description for the release notes

Add support for `DOCKER_AUTH_CONFIG` for the experimental `--use-api-socket` option.

- A picture of a cute animal (not mandatory but encouraged)

@thaJeztah
cli/command/container: createContainer: move fn closer to where used
2002204 
The "use-api-socket" code got in between, putting a lot of distance
between the declaration and use.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah
cli/command/container: --use-api-socket: support DOCKER_AUTH_CONFIG
73be734 
With this patch, the `--use-api-socket` flag can obtain credentials from
a validly formatted `DOCKER_AUTH_CONFIG` environment-variable. If the
env-var is not set, or doesn't contain credentials, it falls back to
attempting to read credentials from the CLI's configured credentials
store.

With this patch:

    # Make sure there's no auth on disk first
    mkdir -p tmpConfig
    export DOCKER_CONFIG=$PWD/tmpConfig
    rm -f $PWD/tmpConfig/config.json

    # no credentials
    docker run --rm --use-api-socket alpine cat /run/secrets/docker/config.json
    cat: can't open '/run/secrets/docker/config.json': No such file or directory

    # pass credentials through DOCKER_AUTH_CONFIG
    DOCKER_AUTH_CONFIG='{"auths": {"https://index.docker.io/v1/": {"auth": "am9lam9lOmhlbGxv"}}}' docker run --rm --use-api-socket alpine cat /run/secrets/docker/config.json
    {
        "auths": {
            "https://index.docker.io/v1/": {
                "auth": "am9lam9lOmhlbGxv"
            }
        }
    }

    # credentials from file if no DOCKER_AUTH_CONFIG is set
    echo '{"auths": {"https://index.docker.io/v1/": {"auth": "am9lam9lOmhlbGxv"}}}' > "${DOCKER_CONFIG}/config.json"
    docker run --rm --use-api-socket alpine cat /run/secrets/docker/config.json
    {
        "auths": {
            "https://index.docker.io/v1/": {
                "auth": "am9lam9lOmhlbGxv"
            }
        }
    }

    # same if DOCKER_AUTH_CONFIG is set, but doesn't contain credentials
    DOCKER_AUTH_CONFIG='{}' docker run --rm --use-api-socket alpine cat /run/secrets/docker/config.json
    {
        "auths": {
            "https://index.docker.io/v1/": {
                "auth": "am9lam9lOmhlbGxv"
            }
        }
    }

    DOCKER_AUTH_CONFIG='{"auths": {}}' docker run --rm --use-api-socket alpine cat /run/secrets/docker/config.json
    {
        "auths": {
            "https://index.docker.io/v1/": {
                "auth": "am9lam9lOmhlbGxv"
            }
        }
    }

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah thaJeztah added this to the 28.1.1 milestone Apr 17, 2025
@codecov-commenter
Copy link

codecov-commenter commented Apr 17, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 18.51852% with 22 lines in your changes missing coverage. Please review.

Project coverage is 58.86%. Comparing base (4d8c241) to head (73be734).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #6019      +/-   ##
==========================================
- Coverage   58.89%   58.86%   -0.04%     
==========================================
  Files         358      359       +1     
  Lines       29962    29980      +18     
==========================================
  Hits        17647    17647              
- Misses      11334    11352      +18     
  Partials      981      981
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@thaJeztah thaJeztah mentioned this pull request Apr 17, 2025
Merged
@thaJeztah thaJeztah marked this pull request as ready for review April 17, 2025 17:38
@thaJeztah thaJeztah modified the milestones: 28.1.1, 28.1.2 Apr 23, 2025
@thaJeztah thaJeztah modified the milestones: 28.1.2, 28.2.0 May 15, 2025
@thaJeztah thaJeztah merged commit bca09c7 into docker:master May 16, 2025
108 checks passed
@thaJeztah thaJeztah deleted the docker_auth_config_socket branch May 16, 2025 09:57
@thaJeztah thaJeztah self-assigned this May 16, 2025
@thaJeztah thaJeztah mentioned this pull request Aug 8, 2025
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vvoland vvoland vvoland approved these changes

@Benehiko Benehiko Benehiko approved these changes

Assignees

@thaJeztah thaJeztah

Labels

area/authentication docs/revisit impact/changelog kind/enhancement kind/experimental status/1-design-review

Projects

None yet

Milestone

28.2.0

Development

Successfully merging this pull request may close these issues.

4 participants

@thaJeztah @codecov-commenter @vvoland @Benehiko