Support auth file environment variable & add change to man pages

Signed-off-by: Qi Wang <qiwan@redhat.com>

cmd/podman/common.go

@@ -458,3 +458,10 @@ func sortFlags(flags []cli.Flag) []cli.Flag {
 	})
 	return flags
 }
+
+func getAuthFile(authfile string) string {
+	if authfile != "" {
+		return authfile
+	}
+	return os.Getenv("REGISTRY_AUTH_FILE")
+}

cmd/podman/login.go

@@ -27,7 +27,7 @@ var (
 		},
 		cli.StringFlag{
 			Name:  "authfile",
-			Usage: "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json",
+			Usage: "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json. Use REGISTRY_AUTH_FILE environment variable to override. ",
 		},
 		cli.StringFlag{
 			Name:  "cert-dir",
@@ -64,8 +64,9 @@ func loginCmd(c *cli.Context) error {
 	if len(args) == 1 {
 		server = args[0]
 	}
+	authfile := getAuthFile(c.String("authfile"))
 
-	sc := common.GetSystemContext("", c.String("authfile"), false)
+	sc := common.GetSystemContext("", authfile, false)
 
 	// username of user logged in to server (if one exists)
 	userFromAuthFile, err := config.GetUserLoggedIn(sc, server)

cmd/podman/logout.go

@@ -13,7 +13,7 @@ var (
 	logoutFlags = []cli.Flag{
 		cli.StringFlag{
 			Name:  "authfile",
-			Usage: "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json",
+			Usage: "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json. Use REGISTRY_AUTH_FILE environment variable to override. ",
 		},
 		cli.BoolFlag{
 			Name:  "all, a",
@@ -46,8 +46,9 @@ func logoutCmd(c *cli.Context) error {
 	if len(args) == 1 {
 		server = args[0]
 	}
+	authfile := getAuthFile(c.String("authfile"))
 
-	sc := common.GetSystemContext("", c.String("authfile"), false)
+	sc := common.GetSystemContext("", authfile, false)
 
 	if c.Bool("all") {
 		if err := config.RemoveAllAuthentication(sc); err != nil {

cmd/podman/pull.go

@@ -21,7 +21,7 @@ var (
 	pullFlags = []cli.Flag{
 		cli.StringFlag{
 			Name:  "authfile",
-			Usage: "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json",
+			Usage: "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json. Use REGISTRY_AUTH_FILE environment variable to override. ",
 		},
 		cli.StringFlag{
 			Name:  "cert-dir",
@@ -124,7 +124,8 @@ func pullCmd(c *cli.Context) error {
 		}
 		imgID = newImage[0].ID()
 	} else {
-		newImage, err := runtime.ImageRuntime().New(getContext(), image, c.String("signature-policy"), c.String("authfile"), writer, &dockerRegistryOptions, image2.SigningOptions{}, true, forceSecure)
+		authfile := getAuthFile(c.String("authfile"))
+		newImage, err := runtime.ImageRuntime().New(getContext(), image, c.String("signature-policy"), authfile, writer, &dockerRegistryOptions, image2.SigningOptions{}, true, forceSecure)
 		if err != nil {
 			return errors.Wrapf(err, "error pulling image %q", image)
 		}

cmd/podman/push.go

@@ -58,7 +58,7 @@ var (
 		},
 		cli.StringFlag{
 			Name:  "authfile",
-			Usage: "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json",
+			Usage: "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json. Use REGISTRY_AUTH_FILE environment variable to override. ",
 		},
 	}
 	pushDescription = fmt.Sprintf(`
@@ -165,5 +165,7 @@ func pushCmd(c *cli.Context) error {
 		return err
 	}
 
-	return newImage.PushImageToHeuristicDestination(getContext(), destName, manifestType, c.String("authfile"), c.String("signature-policy"), writer, c.Bool("compress"), so, &dockerRegistryOptions, forceSecure, nil)
+	authfile := getAuthFile(c.String("authfile"))
+
+	return newImage.PushImageToHeuristicDestination(getContext(), destName, manifestType, authfile, c.String("signature-policy"), writer, c.Bool("compress"), so, &dockerRegistryOptions, forceSecure, nil)
 }

cmd/podman/runlabel.go

@@ -21,7 +21,7 @@ var (
 	runlabelFlags = []cli.Flag{
 		cli.StringFlag{
 			Name:  "authfile",
-			Usage: "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json",
+			Usage: "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json. Use REGISTRY_AUTH_FILE environment variable to override. ",
 		},
 		cli.BoolFlag{
 			Name:  "display",
@@ -165,8 +165,9 @@ func runlabelCmd(c *cli.Context) error {
 			DockerCertPath:              c.String("cert-dir"),
 			DockerInsecureSkipTLSVerify: !c.BoolT("tls-verify"),
 		}
+		authfile := getAuthFile(c.String("authfile"))
 
-		newImage, err = runtime.ImageRuntime().New(ctx, runlabelImage, c.String("signature-policy"), c.String("authfile"), stdOut, &dockerRegistryOptions, image.SigningOptions{}, false, false)
+		newImage, err = runtime.ImageRuntime().New(ctx, runlabelImage, c.String("signature-policy"), authfile, stdOut, &dockerRegistryOptions, image.SigningOptions{}, false, false)
 	} else {
 		newImage, err = runtime.ImageRuntime().NewFromLocal(runlabelImage)
 	}

cmd/podman/search.go

@@ -25,7 +25,7 @@ var (
 	searchFlags = []cli.Flag{
 		cli.StringFlag{
 			Name:  "authfile",
-			Usage: "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json",
+			Usage: "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json. Use REGISTRY_AUTH_FILE environment variable to override. ",
 		},
 		cli.StringSliceFlag{
 			Name:  "filter, f",
@@ -114,7 +114,7 @@ func searchCmd(c *cli.Context) error {
 		noTrunc:  c.Bool("no-trunc"),
 		limit:    c.Int("limit"),
 		filter:   c.StringSlice("filter"),
-		authfile: c.String("authfile"),
+		authfile: getAuthFile(c.String("authfile")),
 	}
 	regAndSkipTLS, err := getRegistriesAndSkipTLS(c, registry)
 	if err != nil {

docs/podman-build.1.md

@@ -38,6 +38,9 @@ Note: this information is not present in Docker image formats, so it is discarde
 Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`.
 If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`.
 
+Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
+environment variable. `export REGISTRY_AUTH_FILE=path`
+
 **--build-arg** *arg=value*
 
 Specifies a build argument and its value, which will be interpolated in

docs/podman-container-runlabel.1.md

@@ -54,6 +54,9 @@ Any additional arguments will be appended to the command.
 Path of the authentication file. Default is ${XDG_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`.
 If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`.
 
+Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
+environment variable. `export REGISTRY_AUTH_FILE=path`
+
 **--display**
 
 Display the label's value of the image having populated its environment variables.

docs/podman-login.1.md

@@ -33,6 +33,9 @@ Username for registry
 
 Path of the authentication file. Default is ${XDG_\RUNTIME\_DIR}/containers/auth.json
 
+Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
+environment variable. `export REGISTRY_AUTH_FILE=path`
+
 **--cert-dir** *path*
 
 Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.

docs/podman-logout.1.md

@@ -24,6 +24,9 @@ All the cached credentials can be removed by setting the **all** flag.
 
 Path of the authentication file. Default is ${XDG_\RUNTIME\_DIR}/containers/auth.json
 
+Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
+environment variable. `export REGISTRY_AUTH_FILE=path`
+
 **--all, -a**
 
 Remove the cached credentials for all registries in the auth file

docs/podman-pull.1.md

@@ -50,6 +50,9 @@ Image stored in local container/storage
 Path of the authentication file. Default is ${XDG_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`.
 If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`.
 
+Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
+environment variable. `export REGISTRY_AUTH_FILE=path`
+
 **--cert-dir** *path*
 
 Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.

docs/podman-push.1.md

@@ -49,6 +49,9 @@ Image stored in local container/storage
 Path of the authentication file. Default is ${XDG_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`.
 If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`.
 
+Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
+environment variable. `export REGISTRY_AUTH_FILE=path`
+
 **--creds="CREDENTIALS"**
 
 The [username[:password]] to use to authenticate with the registry if required.

docs/podman-search.1.md

@@ -29,6 +29,9 @@ Note, searching without a search term will only work for registries that impleme
 
 Path of the authentication file. Default is ${XDG_\RUNTIME\_DIR}/containers/auth.json
 
+Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
+environment variable. `export REGISTRY_AUTH_FILE=path`
+
 **--filter, -f**
 
 Filter output based on conditions provided (default [])

vendor/github.com/containers/buildah/pkg/cli/common.go

@@ -83,7 +83,7 @@ var (
 		},
 		cli.StringFlag{
 			Name:  "authfile",
-			Usage: "path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json",
+			Usage: "path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json. Use REGISTRY_AUTH_FILE environment variable to override. ",
 		},
 		cli.StringSliceFlag{
 			Name:  "build-arg",