NewAuthConfigurationsFromDockerCfg returns empty auth for macOS with docker desktop version 2.2.0.4

[linggao]

I upgraded docker on my MacBook to desktop version: 2.2.0.4 (43472). I unchecked "Securely store Docker logins to macOS keychain". I did docker login ... on terminal window, my auth is saved in ~/.docker/config.json file after the command. However, calling NewAuthConfigurationsFromDockerCfg returned empty auths. It seems that the code is looking for ~/.docker/plaintext-passwords.json file instead of ~/.docker/config.json. I do have this file after the docker upgrade, but it has the following content.

{
  "auths": {}
}

The following is the output for docker version command.

Client: Docker Engine - Community
 Version:           19.03.8
 API version:       1.40
 Go version:        go1.12.17
 Git commit:        afacb8b
 Built:             Wed Mar 11 01:21:11 2020
 OS/Arch:           darwin/amd64
 Experimental:      false
Server: Docker Engine - Community
 Engine:
  Version:          19.03.8
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.17
  Git commit:       afacb8b
  Built:            Wed Mar 11 01:29:16 2020
  OS/Arch:          linux/amd64
  Experimental:     true
 containerd:
  Version:          v1.2.13
  GitCommit:        7ad184331fa3e55e52b890ea95e65ba581ae3429
 runc:
  Version:          1.0.0-rc10
  GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

[fsouza]

Hi @linggao, thanks for reporting and sorry for the delayed response. This is likely related to #677.

If you're using the osxkeychain with Docker for Mac, go-dockerclient isn't capable of loading credentials from the keychain. See some info in #677.

I'd be willing to take a PR that enables that if CGO is enabled and if building on MacOS, but we still need to be able to build on other OSes and on MacOS with CGO disabled.

[linggao]

@fsouza thanks for the response. I think the problem is that with docker desktop version 2.2.0.4 and above, there is a file called ~/.docker/plaintext-passwords.json shipped with it. After we uncheck "Securely store Docker logins in macOS keychain", the file is still there. After we did docker login, the credentials were saved to ~/.docker/config.json correctly. But the go-dockerclient code looks for ~/.docker/plaintext-passwords.json first. If this file is there, it reads credentials from it which contains nothing. It does not even try to check ~/.docker/config.json if ~/.docker/plaintext-passwords.json is there. Here is the code: https://github.com/fsouza/go-dockerclient/blob/master/auth.go#L93 and https://github.com/fsouza/go-dockerclient/blob/master/auth.go#L122-L124

[linggao]

What we are doing now to temporarily fix it is: rm ~/.docker/plaintext-passwords.json.

[fsouza]

@linggao gotcha, yeah we can fix the logic to do whatever the docker cli does. I'll dig into this later this week.

[linggao]

@fsouza thanks for fixing it. Could you please put it in a tagged version so that we can pull it into our dependencies. We cannot point to the master because we need to get a stable version to test with. Currently we are point to v1.6.4.
Never mind, I saw it is in v1.6.4. Thanks a lot! It is a great product.