Add support for path based registry in login/logout

Login and logout now supports paths in auths.json.

Signed-off-by: Sascha Grunert <[email protected]>

go.mod

@@ -4,7 +4,7 @@ go 1.15
 
 require (
 	github.com/BurntSushi/toml v0.3.1
-	github.com/containers/image/v5 v5.13.2
+	github.com/containers/image/v5 v5.13.3-0.20210630203502-bca1df8086a9
 	github.com/containers/ocicrypt v1.1.2
 	github.com/containers/storage v1.32.5
 	github.com/disiqueira/gotree/v3 v3.0.2
@@ -33,6 +33,8 @@ require (
 	github.com/stretchr/testify v1.7.0
 	github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
-	golang.org/x/sys v0.0.0-20210603125802-9665404d3644
+	golang.org/x/sys v0.0.0-20210616094352-59db8d763f22
 	golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1
 )
+
+replace github.com/containers/image/v5 => github.com/saschagrunert/image/v5 v5.13.3-0.20210705082240-e1a9b66666de

go.sum

@@ -134,7 +134,6 @@ github.com/cilium/ebpf v0.0.0-20200110133405-4032b1d8aae3/go.mod h1:MA5e5Lr8slmE
 github.com/cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775/go.mod h1:7cR51M8ViRLIdUjrmSXlK9pkrsDlLHbO8jiB8X8JnOc=
 github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs=
 github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
-github.com/cilium/ebpf v0.5.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
 github.com/cilium/ebpf v0.6.1/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
@@ -221,16 +220,13 @@ github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ
 github.com/containernetworking/cni v0.8.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
 github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM=
 github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8=
-github.com/containers/image/v5 v5.13.2 h1:AgYunV/9d2fRkrmo23wH2MkqeHolFd6oQCkK+1PpuFA=
-github.com/containers/image/v5 v5.13.2/go.mod h1:GkWursKDlDcUIT7L7vZf70tADvZCk/Ga0wgS0MuF0ag=
 github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b h1:Q8ePgVfHDplZ7U33NwHZkrVELsZP5fYj9pM5WBZB2GE=
 github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY=
 github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc=
 github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgUV4GP9qXPfu4=
 github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY=
 github.com/containers/ocicrypt v1.1.2 h1:Ez+GAMP/4GLix5Ywo/fL7O0nY771gsBIigiqUm1aXz0=
 github.com/containers/ocicrypt v1.1.2/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY=
-github.com/containers/storage v1.32.2/go.mod h1:YIBxxjfXZTi04Ah49sh1uSGfmT1V89+I5i3deRobzQo=
 github.com/containers/storage v1.32.5 h1:DXgmyA+oOs7YAzKkEqgC5O8l2UuDGJcwEFbdt49qiak=
 github.com/containers/storage v1.32.5/go.mod h1:8/DVVDqniaUlUV0D0q7cEnXK6Bs2uU3FPqNZVPumwEs=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
@@ -246,7 +242,6 @@ github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e h1:Wf6HqHfScWJN9
 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
 github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
-github.com/coreos/go-systemd/v22 v22.3.1/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzAJc1DzSI=
 github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
@@ -506,7 +501,6 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.13.0/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
 github.com/klauspost/compress v1.13.1 h1:wXr2uRxZTJXHLly6qhJabee5JqIhTRoLBhDOA74hDEQ=
 github.com/klauspost/compress v1.13.1/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
 github.com/klauspost/pgzip v1.2.5 h1:qnWYvvKqedOF2ulHpMG72XQol4ILEJ8k2wwRl/Km8oE=
@@ -626,7 +620,6 @@ github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59P
 github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
 github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
 github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0=
-github.com/opencontainers/runc v1.0.0-rc95/go.mod h1:z+bZxa/+Tz/FmYVWkhUajJdzFeOqjc5vrqskhVyHGUM=
 github.com/opencontainers/runc v1.0.0 h1:QOhAQAYUlKeofuyeKdR6ITvOnXLPbEAjPMjz9wCUXcU=
 github.com/opencontainers/runc v1.0.0/go.mod h1:MU2S3KEB2ZExnhnAQYbwjdYV6HwKtDlNbA2Z2OeNDeA=
 github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
@@ -701,6 +694,8 @@ github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4=
+github.com/saschagrunert/image/v5 v5.13.3-0.20210705082240-e1a9b66666de h1:VI/4XFKtYRuJRJ6k2qv9sFXq6sNErby3dOLxIh642tg=
+github.com/saschagrunert/image/v5 v5.13.3-0.20210705082240-e1a9b66666de/go.mod h1:gwN5CEYeUHYatjESUqw5gRCS5ri0X0VH0PYtwUb0PcY=
 github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
 github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo=
@@ -774,8 +769,8 @@ github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtX
 github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/vbatts/tar-split v0.11.1 h1:0Odu65rhcZ3JZaPHxl7tCI3V/C/Q9Zf82UFravl02dE=
 github.com/vbatts/tar-split v0.11.1/go.mod h1:LEuURwDEiWjRjwu46yU3KVGuUdVv/dcnpcEPSzR8z6g=
-github.com/vbauerster/mpb/v7 v7.0.2 h1:eN6AD/ytv1nqCO7Dm8MO0/pGMKmMyH/WMnTJhAUuc/w=
-github.com/vbauerster/mpb/v7 v7.0.2/go.mod h1:Mnq3gESXJ9eQhccbGZDggJ1faTCrmaA4iN57fUloRGE=
+github.com/vbauerster/mpb/v7 v7.0.3 h1:NfX0pHWhlDTev15M/C3qmSTM1EiIjcS+/d6qS6H4FnI=
+github.com/vbauerster/mpb/v7 v7.0.3/go.mod h1:NXGsfPGx6G2JssqvEcULtDqUrxuuYs4llpv8W6ZUpzk=
 github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk=
 github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
 github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
@@ -1037,8 +1032,8 @@ golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210603125802-9665404d3644 h1:CA1DEQ4NdKphKeL70tvsWNdT5oFh1lOjihRcEDROi0I=
-golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210616094352-59db8d763f22 h1:RqytpXGR1iVNX7psjB3ff8y7sNFinVFvkx1c8SjBkio=
+golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

pkg/auth/auth.go

@@ -9,6 +9,7 @@ import (
 	"strings"
 
 	"github.com/containers/image/v5/docker"
+	"github.com/containers/image/v5/docker/reference"
 	"github.com/containers/image/v5/pkg/docker/config"
 	"github.com/containers/image/v5/pkg/sysregistriesv2"
 	"github.com/containers/image/v5/types"
@@ -69,8 +70,8 @@ func Login(ctx context.Context, systemContext *types.SystemContext, opts *LoginO
 	systemContext = systemContextWithOptions(systemContext, opts.AuthFile, opts.CertDir)
 
 	var (
-		server string
-		err    error
+		key string
+		err error
 	)
 	if len(args) > 1 {
 		return errors.New("login accepts only one registry to login to")
@@ -79,20 +80,20 @@ func Login(ctx context.Context, systemContext *types.SystemContext, opts *LoginO
 		if !opts.AcceptUnspecifiedRegistry {
 			return errors.New("please provide a registry to login to")
 		}
-		if server, err = defaultRegistryWhenUnspecified(systemContext); err != nil {
+		if key, err = defaultRegistryWhenUnspecified(systemContext); err != nil {
 			return err
 		}
-		logrus.Debugf("registry not specified, default to the first registry %q from registries.conf", server)
-	} else {
-		server = getRegistryName(args[0])
+		logrus.Debugf("registry not specified, default to the first registry %q from registries.conf", key)
 	}
-	authConfig, err := config.GetCredentials(systemContext, server)
+
+	authConfig, domain, err := getCredentials(systemContext, key, opts.AcceptRepositories)
 	if err != nil {
 		return errors.Wrap(err, "reading auth file")
 	}
+
 	if opts.GetLoginSet {
 		if authConfig.Username == "" {
-			return errors.Errorf("not logged into %s", server)
+			return errors.Errorf("not logged into %s", key)
 		}
 		fmt.Fprintf(opts.Stdout, "%s\n", authConfig.Username)
 		return nil
@@ -119,9 +120,9 @@ func Login(ctx context.Context, systemContext *types.SystemContext, opts *LoginO
 
 	// If no username and no password is specified, try to use existing ones.
 	if opts.Username == "" && password == "" && authConfig.Username != "" && authConfig.Password != "" {
-		fmt.Println("Authenticating with existing credentials...")
-		if err := docker.CheckAuth(ctx, systemContext, authConfig.Username, authConfig.Password, server); err == nil {
-			fmt.Fprintln(opts.Stdout, "Existing credentials are valid. Already logged in to", server)
+		fmt.Fprintf(opts.Stdout, "Authenticating with existing credentials for %s\n", key)
+		if err := docker.CheckAuth(ctx, systemContext, authConfig.Username, authConfig.Password, domain); err == nil {
+			fmt.Fprintf(opts.Stdout, "Existing credentials are valid. Already logged in to %s\n", domain)
 			return nil
 		}
 		fmt.Fprintln(opts.Stdout, "Existing credentials are invalid, please enter valid username and password")
@@ -132,9 +133,9 @@ func Login(ctx context.Context, systemContext *types.SystemContext, opts *LoginO
 		return errors.Wrap(err, "getting username and password")
 	}
 
-	if err = docker.CheckAuth(ctx, systemContext, username, password, server); err == nil {
+	if err = docker.CheckAuth(ctx, systemContext, username, password, domain); err == nil {
 		// Write the new credentials to the authfile
-		desc, err := config.SetCredentials(systemContext, server, username, password)
+		desc, err := config.SetCredentials(systemContext, key, username, password)
 		if err != nil {
 			return err
 		}
@@ -147,22 +148,69 @@ func Login(ctx context.Context, systemContext *types.SystemContext, opts *LoginO
 		return nil
 	}
 	if unauthorized, ok := err.(docker.ErrUnauthorizedForCredentials); ok {
-		logrus.Debugf("error logging into %q: %v", server, unauthorized)
-		return errors.Errorf("error logging into %q: invalid username/password", server)
+		logrus.Debugf("error logging into %q: %v", key, unauthorized)
+		return errors.Errorf("error logging into %q: invalid username/password", key)
 	}
-	return errors.Wrapf(err, "authenticating creds for %q", server)
+	return errors.Wrapf(err, "authenticating creds for %q", key)
 }
 
-// getRegistryName scrubs and parses the input to get the server name
-func getRegistryName(server string) string {
+// getCredentials returns the auth config for the provided key as well as its registry.
+func getCredentials(systemContext *types.SystemContext, key string, acceptRepositories bool) (auth types.DockerAuthConfig, registry string, err error) {
+	// Apply a more restrictive input validation if acceptRepositories is
+	// allowed
+	if acceptRepositories {
+		if strings.HasPrefix(key, "http://") || strings.HasPrefix(key, "https://") {
+			return auth, registry, errors.New("credentials key has https[s]:// prefix")
+		}
+
+		// TODO: check for tag and digest in key
+	}
+
+	// Automatically trim the scheme if acceptRepositories is false
+	key = trimScheme(key)
+
+	// Registry path provided, try to get the credentials for the ref.
+	if len(splitPath(key)) > 1 {
+		ref, err := reference.ParseNamed(key)
+		if err != nil {
+			return auth, registry, errors.Wrapf(err, "parse reference from %q", key)
+		}
+
+		auth, err = config.GetCredentialsForRef(systemContext, ref)
+		if err != nil {
+			return auth, registry, errors.Wrap(err, "get credentials for reference")
+		}
+
+		return auth, reference.Domain(ref), nil
+	}
+
+	// Fallback to domain based credentials if only a domain is provided.
+	// nolint: staticcheck
+	auth, err = config.GetCredentials(systemContext, key)
+	if err != nil {
+		return auth, registry, errors.Wrap(err, "get credentials")
+	}
+
+	return auth, domain(key), nil
+}
+
+// domain returns the domain for a provided repository.
+func domain(repository string) string {
+	return splitPath(repository)[0]
+}
+
+// splitPath removes the HTTP(s) scheme from the repository and splits it by using the
+// path separator "/".
+func splitPath(repository string) []string {
+	return strings.Split(repository, "/")
+}
+
+// trimScheme removes the HTTP(s) scheme from the provided repository.
+func trimScheme(repository string) string {
 	// removes 'http://' or 'https://' from the front of the
 	// server/registry string if either is there.  This will be mostly used
 	// for user input from 'Buildah login' and 'Buildah logout'.
-	server = strings.TrimPrefix(strings.TrimPrefix(server, "https://"), "http://")
-	// gets the registry from the input. If the input is of the form
-	// quay.io/myuser/myimage, it will parse it and just return quay.io
-	split := strings.Split(server, "/")
-	return split[0]
+	return strings.TrimPrefix(strings.TrimPrefix(repository, "https://"), "http://")
 }
 
 // getUserAndPass gets the username and password from STDIN if not given
@@ -209,8 +257,8 @@ func Logout(systemContext *types.SystemContext, opts *LogoutOptions, args []stri
 	systemContext = systemContextWithOptions(systemContext, opts.AuthFile, "")
 
 	var (
-		server string
-		err    error
+		key string
+		err error
 	)
 	if len(args) > 1 {
 		return errors.New("logout accepts only one registry to logout from")
@@ -219,16 +267,20 @@ func Logout(systemContext *types.SystemContext, opts *LogoutOptions, args []stri
 		if !opts.AcceptUnspecifiedRegistry {
 			return errors.New("please provide a registry to logout from")
 		}
-		if server, err = defaultRegistryWhenUnspecified(systemContext); err != nil {
+		if key, err = defaultRegistryWhenUnspecified(systemContext); err != nil {
 			return err
 		}
-		logrus.Debugf("registry not specified, default to the first registry %q from registries.conf", server)
+		logrus.Debugf("registry not specified, default to the first registry %q from registries.conf", key)
 	}
 	if len(args) != 0 {
 		if opts.All {
 			return errors.New("--all takes no arguments")
 		}
-		server = getRegistryName(args[0])
+	}
+
+	authConfig, domain, err := getCredentials(systemContext, key, opts.AcceptRepositories)
+	if err != nil {
+		return errors.Wrap(err, "reading auth file")
 	}
 
 	if opts.All {
@@ -239,24 +291,20 @@ func Logout(systemContext *types.SystemContext, opts *LogoutOptions, args []stri
 		return nil
 	}
 
-	err = config.RemoveAuthentication(systemContext, server)
+	err = config.RemoveAuthentication(systemContext, key)
 	switch errors.Cause(err) {
 	case nil:
-		fmt.Fprintf(opts.Stdout, "Removed login credentials for %s\n", server)
+		fmt.Fprintf(opts.Stdout, "Removed login credentials for %s\n", key)
 		return nil
 	case config.ErrNotLoggedIn:
-		authConfig, err := config.GetCredentials(systemContext, server)
-		if err != nil {
-			return errors.Wrap(err, "reading auth file")
-		}
-		authInvalid := docker.CheckAuth(context.Background(), systemContext, authConfig.Username, authConfig.Password, server)
+		authInvalid := docker.CheckAuth(context.Background(), systemContext, authConfig.Username, authConfig.Password, domain)
 		if authConfig.Username != "" && authConfig.Password != "" && authInvalid == nil {
-			fmt.Printf("Not logged into %s with current tool. Existing credentials were established via docker login. Please use docker logout instead.\n", server)
+			fmt.Printf("Not logged into %s with current tool. Existing credentials were established via docker login. Please use docker logout instead.\n", domain)
 			return nil
 		}
-		return errors.Errorf("Not logged into %s\n", server)
+		return errors.Errorf("Not logged into %s\n", domain)
 	default:
-		return errors.Wrapf(err, "logging out of %q", server)
+		return errors.Wrapf(err, "logging out of %q", domain)
 	}
 }
 

pkg/auth/auth_test.go

@@ -9,7 +9,6 @@ import (
 )
 
 var _ = Describe("Config", func() {
-
 	Describe("ValidateAuth", func() {
 		It("validate GetDefaultAuthFile", func() {
 			// Given

pkg/auth/cli.go

@@ -25,6 +25,7 @@ type LoginOptions struct {
 	Stdin                     io.Reader // set to os.Stdin
 	Stdout                    io.Writer // set to os.Stdout
 	AcceptUnspecifiedRegistry bool      // set to true if allows login with unspecified registry
+	AcceptRepositories        bool      // set to true to allow repositories rather than just registries
 }
 
 // LogoutOptions represents the results for flags in logout
@@ -37,6 +38,7 @@ type LogoutOptions struct {
 	// Options caller can set
 	Stdout                    io.Writer // set to os.Stdout
 	AcceptUnspecifiedRegistry bool      // set to true if allows logout with unspecified registry
+	AcceptRepositories        bool      // set to true to allow repositories rather than just registries
 }
 
 // GetLoginFlags defines and returns login flags for containers tools