From 71f46056c91aa0f8f399789f15f61bb960f62527 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 23 Sep 2025 21:35:30 +0200 Subject: [PATCH] remove DOCKER_CLI_DISABLE_OAUTH_LOGIN escape hatch This code was added in 846ecf59ffb555d615cf78fe4e4c43e71c9697b8 as an escape hatch in case the new OAuth login flow would cause problems. We have not received reports where the new flow caused problems, and searching the internet shows no mentions of the env-var. This env-var was not documented, so we can remove it. Signed-off-by: Sebastiaan van Stijn --- cli/command/registry/login.go | 17 +----------- cli/command/registry/login_test.go | 44 ------------------------------ e2e/registry/login_test.go | 22 --------------- 3 files changed, 1 insertion(+), 82 deletions(-) diff --git a/cli/command/registry/login.go b/cli/command/registry/login.go index 2bdf2ba49..f788daaf9 100644 --- a/cli/command/registry/login.go +++ b/cli/command/registry/login.go @@ -5,8 +5,6 @@ import ( "errors" "fmt" "io" - "os" - "strconv" "strings" "github.com/containerd/errdefs" @@ -183,19 +181,6 @@ func loginWithStoredCredentials(ctx context.Context, dockerCLI command.Cli, auth return response.Status, err } -const oauthLoginEscapeHatchEnvVar = "DOCKER_CLI_DISABLE_OAUTH_LOGIN" - -func isOauthLoginDisabled() bool { - if v := os.Getenv(oauthLoginEscapeHatchEnvVar); v != "" { - enabled, err := strconv.ParseBool(v) - if err != nil { - return false - } - return enabled - } - return false -} - func loginUser(ctx context.Context, dockerCLI command.Cli, opts loginOptions, defaultUsername, serverAddress string) (msg string, _ error) { // Some links documenting this: // - https://code.google.com/archive/p/mintty/issues/56 @@ -209,7 +194,7 @@ func loginUser(ctx context.Context, dockerCLI command.Cli, opts loginOptions, de } // If we're logging into the index server and the user didn't provide a username or password, use the device flow - if serverAddress == registry.IndexServer && opts.user == "" && opts.password == "" && !isOauthLoginDisabled() { + if serverAddress == registry.IndexServer && opts.user == "" && opts.password == "" { var err error msg, err = loginWithDeviceCodeFlow(ctx, dockerCLI) // if the error represents a failure to initiate the device-code flow, diff --git a/cli/command/registry/login_test.go b/cli/command/registry/login_test.go index 3fdceb638..62ef1a66d 100644 --- a/cli/command/registry/login_test.go +++ b/cli/command/registry/login_test.go @@ -497,50 +497,6 @@ func TestLoginTermination(t *testing.T) { } } -func TestIsOauthLoginDisabled(t *testing.T) { - testCases := []struct { - envVar string - disabled bool - }{ - { - envVar: "", - disabled: false, - }, - { - envVar: "bork", - disabled: false, - }, - { - envVar: "0", - disabled: false, - }, - { - envVar: "false", - disabled: false, - }, - { - envVar: "true", - disabled: true, - }, - { - envVar: "TRUE", - disabled: true, - }, - { - envVar: "1", - disabled: true, - }, - } - - for _, tc := range testCases { - t.Setenv(oauthLoginEscapeHatchEnvVar, tc.envVar) - - disabled := isOauthLoginDisabled() - - assert.Equal(t, disabled, tc.disabled) - } -} - func TestLoginValidateFlags(t *testing.T) { for _, tc := range []struct { name string diff --git a/e2e/registry/login_test.go b/e2e/registry/login_test.go index 8cc353e4a..0c53cf126 100644 --- a/e2e/registry/login_test.go +++ b/e2e/registry/login_test.go @@ -32,25 +32,3 @@ func TestOauthLogin(t *testing.T) { output, _ := io.ReadAll(p) assert.Check(t, strings.Contains(string(output), "USING WEB-BASED LOGIN"), string(output)) } - -func TestLoginWithEscapeHatch(t *testing.T) { - t.Parallel() - loginCmd := exec.Command("docker", "login") - loginCmd.Env = append(loginCmd.Env, "DOCKER_CLI_DISABLE_OAUTH_LOGIN=1") - - p, err := pty.Start(loginCmd) - assert.NilError(t, err) - defer func() { - _ = loginCmd.Wait() - _ = p.Close() - }() - - time.Sleep(1 * time.Second) - pid := loginCmd.Process.Pid - t.Logf("terminating PID %d", pid) - err = syscall.Kill(pid, syscall.SIGTERM) - assert.NilError(t, err) - - output, _ := io.ReadAll(p) - assert.Check(t, strings.Contains(string(output), "Username:"), string(output)) -}