kro cli login command

ATTRIBUTION.md

@@ -31,9 +31,12 @@ License version 2.0, we include the full text of the package's License below.
 * `github.com/spf13/cobra`
 * `github.com/stretchr/testify`
 * `go.uber.org/zap`
+* `golang.org/x/crypto`
 * `golang.org/x/exp`
+* `golang.org/x/term`
 * `golang.org/x/time`
 * `google.golang.org/genproto/googleapis/api`
+* `gopkg.in/yaml.v2`
 * `k8s.io/api`
 * `k8s.io/apiextensions-apiserver`
 * `k8s.io/apimachinery`
@@ -1451,6 +1454,83 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
 
+### golang.org/x/crypto
+
+License Identifier: BSD-3-Clause
+
+Copyright 2009 The Go Authors.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google LLC nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+Subdependencies:
+* `golang.org/x/net`
+* `golang.org/x/sys`
+* `golang.org/x/term`
+* `golang.org/x/text`
+
+
+
+
+
+#### golang.org/x/term
+
+License Identifier: BSD-3-Clause
+
+Copyright 2009 The Go Authors.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google LLC nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+
 
 
 ### golang.org/x/time
@@ -1487,6 +1567,8 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 
 
+
+
 ### k8s.io/api
 
 License Identifier: Apache-2.0
@@ -3280,7 +3362,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 License Identifier: BSD-3-Clause
 
-Copyright 2009 The Go Authors.
+Copyright (c) 2009 The Go Authors. All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are
@@ -3292,7 +3374,7 @@ notice, this list of conditions and the following disclaimer.
 copyright notice, this list of conditions and the following disclaimer
 in the documentation and/or other materials provided with the
 distribution.
-   * Neither the name of Google LLC nor the names of its
+   * Neither the name of Google Inc. nor the names of its
 contributors may be used to endorse or promote products derived from
 this software without specific prior written permission.
 

cmd/kro/commands/login/login.go

@@ -0,0 +1,192 @@
+// Copyright 2025 The Kube Resource Orchestrator Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package login
+
+import (
+	"bufio"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"net/url"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/spf13/cobra"
+	"golang.org/x/crypto/bcrypt"
+	"golang.org/x/term"
+)
+
+type LoginConfig struct {
+	registry string
+	username string
+	password string
+}
+
+type RegistryAuth struct {
+	Username string `json:"username"`
+	Password string `json:"password"`
+	Auth     string `json:"auth"`
+}
+
+type ConfigFile struct {
+	Auths map[string]RegistryAuth `json:"auths"`
+}
+
+var loginConfig = &LoginConfig{}
+
+func init() {
+	loginCmd.PersistentFlags().StringVarP(&loginConfig.registry,
+		"registry", "r", "",
+		"Registry server to log in to (e.g., 'ghcr.io', 'docker.io')",
+	)
+	loginCmd.PersistentFlags().StringVarP(&loginConfig.username,
+		"username", "u", "",
+		"Username for the registry",
+	)
+	loginCmd.PersistentFlags().StringVarP(&loginConfig.password,
+		"password", "p", "",
+		"Password for the registry (not recommended, use interactive mode)",
+	)
+}
+
+var loginCmd = &cobra.Command{
+	Use:   "login",
+	Short: "Log in to a container registry",
+	Long: "The login command authenticates with a container registry and stores the credentials " +
+		"in the KRO configuration file for future use.",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		if loginConfig.registry == "" {
+			return fmt.Errorf("remote reference is required, please use the --ref flag")
+		}
+
+		registry, err := normalizeRegistry(loginConfig.registry)
+		if err != nil {
+			return fmt.Errorf("invalid registry URL: %w", err)
+		}
+		loginConfig.registry = registry
+
+		if loginConfig.username == "" {
+			fmt.Print("Username: ")
+			reader := bufio.NewReader(os.Stdin)
+			username, err := reader.ReadString('\n')
+			if err != nil {
+				return fmt.Errorf("failed to read username: %w", err)
+			}
+			loginConfig.username = strings.TrimSpace(username)
+		}
+
+		if loginConfig.password == "" {
+			fmt.Print("Password: ")
+			bytePassword, err := term.ReadPassword(int(os.Stdin.Fd()))
+			fmt.Println()
+			if err != nil {
+				return fmt.Errorf("failed to read password: %w", err)
+			}
+			loginConfig.password = string(bytePassword)
+		}
+
+		if loginConfig.username == "" || loginConfig.password == "" {
+			return fmt.Errorf("username and password are required")
+		}
+
+		if err := saveCredentials(loginConfig.registry, loginConfig.username, loginConfig.password); err != nil {
+			return fmt.Errorf("failed to save credentials: %w", err)
+		}
+
+		fmt.Println("Login Succeeded! Credentials saved to", getConfigPath())
+		return nil
+	},
+}
+
+func normalizeRegistry(registry string) (string, error) {
+	switch registry {
+	case "docker.io", "index.docker.io":
+		return "https://index.docker.io/v1/", nil
+	case "ghcr.io":
+		return "ghcr.io", nil
+	}
+
+	if !strings.Contains(registry, "://") {
+		registry = "https://" + registry
+	}
+
+	u, err := url.Parse(registry)
+	if err != nil {
+		return "", err
+	}
+
+	return u.Host, nil
+}
+
+func saveCredentials(registry, username, password string) error {
+	configPath := getConfigPath()
+	configDir := filepath.Dir(configPath)
+
+	if err := os.MkdirAll(configDir, 0700); err != nil {
+		return fmt.Errorf("failed to create config directory: %w", err)
+	}
+
+	config := &ConfigFile{
+		Auths: make(map[string]RegistryAuth),
+	}
+
+	if _, err := os.Stat(configPath); err == nil {
+		configBytes, err := os.ReadFile(configPath)
+		if err != nil {
+			return fmt.Errorf("failed to read existing config: %w", err)
+		}
+
+		if err := json.Unmarshal(configBytes, config); err != nil {
+			return fmt.Errorf("failed to parse existing config: %w", err)
+		}
+	}
+
+	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+	if err != nil {
+		return fmt.Errorf("failed to hash password: %w", err)
+	}
+
+	auth := base64.StdEncoding.EncodeToString([]byte(username + ":" + password))
+
+	config.Auths[registry] = RegistryAuth{
+		Username: username,
+		Password: string(hashedPassword),
+		Auth:     auth,
+	}
+
+	configBytes, err := json.MarshalIndent(config, "", "  ")
+	if err != nil {
+		return fmt.Errorf("failed to marshal config: %w", err)
+	}
+
+	if err := os.WriteFile(configPath, configBytes, 0600); err != nil {
+		return fmt.Errorf("failed to write config file: %w", err)
+	}
+
+	return nil
+}
+
+func getConfigPath() string {
+	homeDir, err := os.UserHomeDir()
+	if err != nil {
+		return filepath.Join(".", ".kro", "registry", "config.json")
+	}
+	return filepath.Join(homeDir, ".config", "kro", "registry", "config.json")
+}
+
+func AddLoginCommand(rootCmd *cobra.Command) {
+	rootCmd.AddCommand(loginCmd)
+}

cmd/kro/commands/root.go

@@ -18,10 +18,12 @@ import (
 	"github.com/spf13/cobra"
 
 	generate "github.com/kro-run/kro/cmd/kro/commands/generate"
+	login "github.com/kro-run/kro/cmd/kro/commands/login"
 	validate "github.com/kro-run/kro/cmd/kro/commands/validate"
 )
 
 func AddCommands(root *cobra.Command) {
 	generate.AddGenerateCommands(root)
 	validate.AddValidateCommands(root)
+	login.AddLoginCommand(root)
 }

go.mod

@@ -14,9 +14,12 @@ require (
 	github.com/spf13/cobra v1.8.1
 	github.com/stretchr/testify v1.10.0
 	go.uber.org/zap v1.26.0
+	golang.org/x/crypto v0.41.0
 	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56
+	golang.org/x/term v0.34.0
 	golang.org/x/time v0.3.0
 	google.golang.org/genproto/googleapis/api v0.0.0-20240826202546-f6391c0de4c7
+	gopkg.in/yaml.v2 v2.4.0
 	k8s.io/api v0.31.0
 	k8s.io/apiextensions-apiserver v0.31.0
 	k8s.io/apimachinery v0.31.0
@@ -86,20 +89,18 @@ require (
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/xlab/treeprint v1.2.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/mod v0.22.0 // indirect
-	golang.org/x/net v0.38.0 // indirect
+	golang.org/x/mod v0.26.0 // indirect
+	golang.org/x/net v0.42.0 // indirect
 	golang.org/x/oauth2 v0.28.0 // indirect
-	golang.org/x/sys v0.31.0 // indirect
-	golang.org/x/term v0.30.0 // indirect
-	golang.org/x/text v0.23.0 // indirect
-	golang.org/x/tools v0.28.0 // indirect
+	golang.org/x/sys v0.35.0 // indirect
+	golang.org/x/text v0.28.0 // indirect
+	golang.org/x/tools v0.35.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7 // indirect
 	google.golang.org/protobuf v1.34.2 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect