Merge pull request #6463 from thaJeztah/remove_oauth_escape_hatch

remove DOCKER_CLI_DISABLE_OAUTH_LOGIN escape hatch
2025-09-24 13:43:42 +02:00
parent 4a4043cdb6 71f46056c9
commit c8600e1cea
3 changed files with 1 additions and 87 deletions
--- a/cli/command/registry/login.go
+++ b/cli/command/registry/login.go
@ -5,8 +5,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"os"
-	"strconv"
 	"strings"

 	"github.com/containerd/errdefs"
@ -183,24 +181,6 @@ func loginWithStoredCredentials(ctx context.Context, dockerCLI command.Cli, auth
 	return response.Status, err
 }

-// OauthLoginEscapeHatchEnvVar disables the browser-based OAuth login workflow.
-//
-// Deprecated: this const was only used internally and will be removed in the next release.
-const OauthLoginEscapeHatchEnvVar = "DOCKER_CLI_DISABLE_OAUTH_LOGIN"
-
-const oauthLoginEscapeHatchEnvVar = "DOCKER_CLI_DISABLE_OAUTH_LOGIN"
-
-func isOauthLoginDisabled() bool {
-	if v := os.Getenv(oauthLoginEscapeHatchEnvVar); v != "" {
-		enabled, err := strconv.ParseBool(v)
-		if err != nil {
-			return false
-		}
-		return enabled
-	}
-	return false
-}
-
 func loginUser(ctx context.Context, dockerCLI command.Cli, opts loginOptions, defaultUsername, serverAddress string) (msg string, _ error) {
 	// Some links documenting this:
 	// - https://code.google.com/archive/p/mintty/issues/56
@ -214,7 +194,7 @@ func loginUser(ctx context.Context, dockerCLI command.Cli, opts loginOptions, de
 	}

 	// If we're logging into the index server and the user didn't provide a username or password, use the device flow
-	if serverAddress == registry.IndexServer && opts.user == "" && opts.password == "" && !isOauthLoginDisabled() {
+	if serverAddress == registry.IndexServer && opts.user == "" && opts.password == "" {
 		var err error
 		msg, err = loginWithDeviceCodeFlow(ctx, dockerCLI)
 		// if the error represents a failure to initiate the device-code flow,
--- a/cli/command/registry/login_test.go
+++ b/cli/command/registry/login_test.go
@ -497,50 +497,6 @@ func TestLoginTermination(t *testing.T) {
 	}
 }

-func TestIsOauthLoginDisabled(t *testing.T) {
-	testCases := []struct {
-		envVar   string
-		disabled bool
-	}{
-		{
-			envVar:   "",
-			disabled: false,
-		},
-		{
-			envVar:   "bork",
-			disabled: false,
-		},
-		{
-			envVar:   "0",
-			disabled: false,
-		},
-		{
-			envVar:   "false",
-			disabled: false,
-		},
-		{
-			envVar:   "true",
-			disabled: true,
-		},
-		{
-			envVar:   "TRUE",
-			disabled: true,
-		},
-		{
-			envVar:   "1",
-			disabled: true,
-		},
-	}
-
-	for _, tc := range testCases {
-		t.Setenv(oauthLoginEscapeHatchEnvVar, tc.envVar)
-
-		disabled := isOauthLoginDisabled()
-
-		assert.Equal(t, disabled, tc.disabled)
-	}
-}
-
 func TestLoginValidateFlags(t *testing.T) {
 	for _, tc := range []struct {
 		name        string
--- a/e2e/registry/login_test.go
+++ b/e2e/registry/login_test.go
@ -32,25 +32,3 @@ func TestOauthLogin(t *testing.T) {
 	output, _ := io.ReadAll(p)
 	assert.Check(t, strings.Contains(string(output), "USING WEB-BASED LOGIN"), string(output))
 }
-
-func TestLoginWithEscapeHatch(t *testing.T) {
-	t.Parallel()
-	loginCmd := exec.Command("docker", "login")
-	loginCmd.Env = append(loginCmd.Env, "DOCKER_CLI_DISABLE_OAUTH_LOGIN=1")
-
-	p, err := pty.Start(loginCmd)
-	assert.NilError(t, err)
-	defer func() {
-		_ = loginCmd.Wait()
-		_ = p.Close()
-	}()
-
-	time.Sleep(1 * time.Second)
-	pid := loginCmd.Process.Pid
-	t.Logf("terminating PID %d", pid)
-	err = syscall.Kill(pid, syscall.SIGTERM)
-	assert.NilError(t, err)
-
-	output, _ := io.ReadAll(p)
-	assert.Check(t, strings.Contains(string(output), "Username:"), string(output))
-}