podman login should use credential helper if configured

[TomSweeneyRedHat]

docker login' uses a credential helper. If you try to do docker login` without a credential helper in play you get a warning:

# docker login https://quay.io
Username: tomsweeneyredhat
Password:
WARNING! Your password will be stored unencrypted in
/root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

podman login should also use a credential helper as Docker does.

[vrothberg]

After reading this issue, I realized that podman doesn't offer docker's --password-stdin flag. Is there a reason for that? If not, we could this together in the same PR.

[rhatdan]

No reason, just an oversight.

[rhatdan]

@TomSweeneyRedHat Can you add this feature --password-stdin?

[TomSweeneyRedHat]

@rhatdan ack

[rhatdan]

@QiWang19 Could you look into the passwork helper now also?

[rhatdan]

@QiWang19 Did you ever look into this?

[QiWang19]

I saw the code in containers/image, podman already supported configure "credHelpers", but only works for root user.
https://github.com/containers/image/blob/ff926d3c79684793a2135666a2cb738f44ba33dc/pkg/docker/config/config.go#L43

I need to make this fix #3015 to make podman support credHelpers using code from containers/image, but only works for root user

[rhatdan]

I thought we got this to work if we did not enter the user namepspace on podman login?

[QiWang19]

I mean the pulling error you mentioned.
login/logout works for non-root if getting out of the user namespace, but pull command can't read the credential.

[rhatdan]

Yes we have to work with @giuseppe on that one. Perhaps we grab credentials before going into user namespace.

[rhatdan]

Or can we specify a user name to get the credentials?

[sdlarsen]

Was this ever fixed?

[mheon]

Was closed by PR #3015 in Podman 1.3.0. Are you still seeing it?

[TomSweeneyRedHat]

I'm not convinced that credential-helpers and credstores are handled as they should be by podman/buildah login/logout. There are certainly no tests or documentation anywhere that I can find. I'm going to reopen this until we can at least verify, fix if necessary, and create appropriate tests and documentation.

[sdlarsen]

Yes @mheon, I see it. Running podman 1.8.0

[github-actions]

A friendly reminder that this issue had no activity for 30 days.

[rhatdan]

@QiWang19 I believe we support credential helpers now, can we close this issue?

[TomSweeneyRedHat]

I've not been able to get this to work, might be a personal issue. I'm also not able to see any documenation. If you can point me to documenation that shows how this works, we can close this. Otherwise as a minimum we need to document this before closing this issue.

[vrothberg]

@QiWang19 can you help Tom test?

[QiWang19]

Open a PR containers/image#950 to add documentation for credential helpers, but this only works for root, rootless login with credential helper doesn't work because of the d-bus issue. Should add note to the documentation that credential only works for root, and close this issue, or just leave this open? I already have filed a issue #4123 about the rootless podman using credential helper.