I'm not sure if I have already logged in to a docker registry in cmd line by using cmd: docker login. How can you test or see whether you are logged in or not, without trying to push?
This question is related to
docker
The docker cli credential scheme is unsurprisingly uncomplicated, just take a look:
cat ~/.docker/config.json
{
"auths": {
"dockerregistry.myregistry.com": {},
"https://index.docker.io/v1/": {}
This exists on Windows (use Get-Content ~\.docker\config.json
) and you can also poke around the credential tool which also lists the username ... and I think you can even retrieve the password
. "C:\Program Files\Docker\Docker\resources\bin\docker-credential-wincred.exe" list
{"https://index.docker.io/v1/":"kcd"}
My AWS ECR build-script has:
ECR_HOSTNAME="${ACCOUNT_ID}.dkr.ecr.${REGION}.amazonaws.com"
TOKEN=$(jq -r '.auths["'$ECR_HOSTNAME'"]["auth"]' ~/.docker/config.json)
curl --fail --header "Authorization: Basic $TOKEN" https://$ECR_HOSTNAME/v2/
If accessing ECR fails, a login is done:
aws ecr get-login-password --region ${REGION} | docker login --username AWS --password-stdin https://$ECR_HOSTNAME
For this to work, a proper Docker credential store cannot be used. Default credentials store of ~/.docker/config.json
is assumed.
For private registries, nothing is shown in docker info
. However, the logout command will tell you if you were logged in:
$ docker logout private.example.com
Not logged in to private.example.com
(Though this will force you to log in again.)
You can do the following command to see the username you are logged in with and the registry used:
docker system info | grep -E 'Username|Registry'
I use one of the following two ways for this check:
In case you are logged in to "private.registry.com" you will see an entry for the same as following in ~/.docker/config.json
:
"auths": {
"private.registry.com": {
"auth": "gibberishgibberishgibberishgibberishgibberishgibberish"
}
}
If you are trying to see if you already have an active session with private.registry.com, try to login again:
bash$ docker login private.registry.com
Username (logged-in-user):
If you get an output like the above, it means logged-in-user
already had an active session with private.registry.com
. If you are just prompted for username instead, that would indicate that there's no active session.
If you want a simple true/false
value, you can pipe your docker.json
to jq
.
is_logged_in() {
cat ~/.docker/config.json | jq -r --arg url "${REPOSITORY_URL}" '.auths | has($url)'
}
if [[ "$(is_logged_in)" == "false" ]]; then
# do stuff, log in
fi
Use command like below:
docker info | grep 'name'
WARNING: No swap limit support
Username: <strong>jonasm2009</strong>
On windows you can inspect the login "authorizations" (auths) by looking at this file: [USER_HOME_DIR].docker\config.json
Example: c:\USERS\YOUR_USERANME.docker\config.json
It will look something like this for windows credentials
{
"auths": {
"HOST_NAME_HERE": {},
"https://index.docker.io/v1/": {}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/18.09.0 (windows)"
},
"credsStore": "wincred",
"stackOrchestrator": "swarm"
}
Just checked, today it looks like this:
$ docker login
Authenticating with existing credentials...
Login Succeeded
NOTE: this is on a macOS with the latest version of Docker CE, docker-credential-helper - both installed with homebrew.
The answers here so far are not so useful:
docker info
no longer provides this infodocker logout
is a major inconvenience - unless you already know the credentials and can easily re-logindocker login
response seems quite unreliable and not so easy to parse by the programMy solution that worked for me builds on @noobuntu's comment: I figured that if I already known the image that I want to pull, but I'm not sure if the user is already logged in, I can do this:
try pulling target image
-> on failure:
try logging in
-> on failure: throw CannotLogInException
-> on success:
try pulling target image
-> on failure: throw CannotPullImageException
-> on success: (continue)
-> on success: (continue)
As pointed out by @Christian, best to try operation first then login only if necessary. Problem is that "if necessary" is not that obvious to do robustly. One approach is to compare the stderr of the docker operation with some strings that are known (by trial and error). For example,
try "docker OPERATION"
if it failed:
capture the stderr of "docker OPERATION"
if it ends with "no basic auth credentials":
try docker login
else if it ends with "not found":
fatal error: image name/tag probably incorrect
else if it ends with <other stuff you care to trap>:
...
else:
fatal error: unknown cause
try docker OPERATION again
if this fails: you're SOL!
Source: Stackoverflow.com