cli icon indicating copy to clipboard operation
cli copied to clipboard

Published 20 hours ago verified publisher icon docker

docker build will fail silently if there is any problem in credHelpers

Open jeffb4 opened this issue 5 years ago • 0 comments

Description

When docker build runs, it uses configfile.GetAllCredentials() to get a list of all possible (likely) credentials needed for the build context for the build to succeed. However, it discards any error state without alerting the user.

If any helper in credHelpers fails its Get call (from GetAuthConfig) it will result in a null auths structure being used for the build context and no warning message to the user.

Steps to reproduce the issue:

  1. Add a good credential helper to credHelpers in config.json
  2. docker build and see things succeed when auth is needed in a FROM layer
  3. Add a bogus credential helper to credHelpers in config.json
  4. docker build and see auth failure

Describe the results you received:

Silent failure

Describe the results you expected:

Success with non-failing credential helpers (best case) or a warning message of failed helper (acceptable case)

Additional information you deem important (e.g. issue happens only occasionally):

Output of docker version:

Client:
 Version:           18.09.7
 API version:       1.39
 Go version:        go1.10.8
 Git commit:        2d0083d
 Built:             Thu Jun 27 17:56:06 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          18.09.7
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.8
  Git commit:       2d0083d
  Built:            Thu Jun 27 17:26:28 2019
  OS/Arch:          linux/amd64
  Experimental:     false

Output of docker info:

Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 0
Server Version: 18.09.7
Storage Driver: overlay2
 Backing Filesystem: xfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 894b81a4b802e4eb2a91d1ce216b8817763c29fb
runc version: 425e105d5a03fabd737a126ad93d62a9eeede87f
init version: fec3683
Security Options:
 seccomp
  Profile: default
Kernel Version: 3.10.0-957.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.952GiB
Name: centos7-vbox.localdomain
ID: Y3OC:HARI:PR4Y:NBLM:QJ7A:77WH:NVEE:2PE2:K2IF:VPZX:VJ5O:IL6T
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine

Additional environment details (AWS, VirtualBox, physical, etc.):

Validated in CentOS7 virtual box

Possible fixes: have https://github.com/docker/docker-ce/blob/2c6aa9ad3b4da7b7dc58afe9fec2584e294d6e86/components/cli/cli/command/image/build.go#L403 not discard the returned error, and bubble it up to user

have https://github.com/docker/docker-ce/blob/ead810e1cf2d6744278c499b1ed4ffc491b7cdbc/components/cli/cli/config/configfile/file.go#L325 be a continue instead of a return

jeffb4 avatar Jul 09 '19 18:07 jeffb4