Merge pull request #2 from jamestelfer/failure-mode-fix

fix: fail silently for unsupported actions

helper/env.go

@@ -19,34 +19,43 @@ var nonAlphanumericPattern = regexp.MustCompile(`[^a-zA-Z0-9]`)
 var _ credentials.Helper = EnvHelper{}
 
 type EnvHelper struct {
+	CredentialsOptional bool
 }
 
+// Get retrieves the credentials for the server URL from the process
+// environment.
 func (e EnvHelper) Get(serverURL string) (string, string, error) {
 	logger := slog.Default().With("action", "get", "serverURL", serverURL)
 
-	// FIXME: allow this to return empty on failure if so configured
 	user, password, err := credentialsForServer(serverURL)
 
-	logger.Info("Get", "user", user, "err", err)
+	if err != nil {
+		if e.CredentialsOptional {
+			logger.Warn("Ignoring failed credential lookup, unset DOCKER_CREDENTIALS_ENV_OPTIONAL if this should cause Docker to fail", "err", err)
+			return "", "", nil
+		}
 
-	return user, password, err
+		logger.Error("Failed to retrieve credentials, set DOCKER_CREDENTIALS_ENV_OPTIONAL to ignore this error.", "err", err)
+		return "", "", err
+	}
+
+	logger.Info("Got credentials from environment", "user", user, "err", err)
 
+	return user, password, err
 }
 
 func (e EnvHelper) Add(creds *credentials.Credentials) error {
-
-	slog.Info("", "action", "add", "serverURL", creds.ServerURL, "username", creds.Username)
-	return ErrNotImplemented
+	slog.Warn("Saving credentials is not supported by docker-credential-env", "action", "add", "serverURL", creds.ServerURL, "username", creds.Username)
+	return nil
 }
 
 func (e EnvHelper) Delete(serverURL string) error {
-	slog.Info("", "action", "delete", "serverURL", serverURL)
-	return ErrNotImplemented
+	slog.Warn("Deleting credentials is not supported by docker-credential-env", "action", "delete", "serverURL", serverURL)
+	return nil
 }
 
 func (e EnvHelper) List() (map[string]string, error) {
-	slog.Info("", "action", "list")
-
+	slog.Error("List action not implemented", "action", "list")
 	return nil, ErrNotImplemented
 }
 

helper/env_test.go

@@ -21,6 +21,17 @@ func TestEnvHelper_Get_Success(t *testing.T) {
 	assert.Equal(t, "testpassword", password)
 }
 
+func TestEnvHelper_Get_CredentialsOptional_Success(t *testing.T) {
+
+	helper := EnvHelper{CredentialsOptional: true}
+
+	user, password, err := helper.Get("example.com")
+
+	assert.NoError(t, err)
+	assert.Empty(t, user)
+	assert.Empty(t, password)
+}
+
 func TestEnvHelper_Get_Failure(t *testing.T) {
 	helper := EnvHelper{}
 
@@ -31,19 +42,19 @@ func TestEnvHelper_Get_Failure(t *testing.T) {
 	assert.Empty(t, password)
 }
 
-func TestEnvHelper_Add(t *testing.T) {
+func TestEnvHelper_Add_FailsSilently(t *testing.T) {
 	helper := EnvHelper{}
 	err := helper.Add(&credentials.Credentials{})
-	assert.ErrorIs(t, err, ErrNotImplemented)
+	assert.NoError(t, err)
 }
 
-func TestEnvHelper_Delete(t *testing.T) {
+func TestEnvHelper_Delete_FailsSilently(t *testing.T) {
 	helper := EnvHelper{}
 	err := helper.Delete("foo")
-	assert.ErrorIs(t, err, ErrNotImplemented)
+	assert.NoError(t, err)
 }
 
-func TestEnvHelper_List(t *testing.T) {
+func TestEnvHelper_List_NotImplemented(t *testing.T) {
 	helper := EnvHelper{}
 	_, err := helper.List()
 	assert.ErrorIs(t, err, ErrNotImplemented)

main.go

@@ -21,7 +21,9 @@ func main() {
 
 	configureLogging()
 
-	credentials.Serve(helper.EnvHelper{})
+	credentialsOptional := os.Getenv("DOCKER_CREDENTIALS_ENV_OPTIONAL") == "true"
+
+	credentials.Serve(helper.EnvHelper{CredentialsOptional: credentialsOptional})
 }
 
 func configureLogging() {