Merge pull request #105 from glours/use_login_flag

Change --auth to --login command plus --token flag

Author: silvin-lubecki

README.md

@@ -226,37 +226,38 @@ Tested 200 dependencies for known issues, found 157 issues.
 
 If you have an existing Snyk account, you can directly use your auth token  
 ```console
-$ docker scan --auth PROVIDER_AUTH_TOKEN
+$ docker scan --login --token PROVIDER_AUTH_TOKEN
 ``` 
 
 You need to get a Snyk [API token](https://app.snyk.io/account) and then use it like this
 ```console
-$ docker scan --auth c68dc480-27bd-45ee-9f5c-XXXXXXXXXXXX
+$ docker scan --login --token c68dc480-27bd-45ee-9f5c-XXXXXXXXXXXX
 
 Your account has been authenticated. Snyk is now ready to be used. 
 ```
 
-If you use the `auth` command without any token, you will be redirected to the Snyk website to login.
+If you use the `--login` command without any token, you will be redirected to the Snyk website to login.
 
 ## Install Docker Scan
 
 ### On macOS & Windows:
 Docker Desktop comes with Docker scan already installed.
 Just try to use the plugin, open a terminal and write the following command:
 ```console
-docker scan
-Usage:	docker scan [OPTIONS] IMAGE
+$ docker scan
+Usage:    docker scan [OPTIONS] IMAGE
 
 A tool to scan your docker image
 
 Options:
       --accept-license    Accept to using a third party scanning provider
-      --auth              Authenticate to the scan provider using an optional token, or web base token if empty
       --dependency-tree   Show dependency tree with scan results
       --exclude-base      Exclude base image from vulnerability scanning (requires --file)
   -f, --file string       Dockerfile associated with image
       --json              Output results in JSON format
+      --login             Authenticate to the scan provider using an optional token (with --token), or web base token if empty
       --reject-license    Reject to using a third party scanning provider
+      --token string      Authentication token for login to the scan provider
       --version           Display version of the scan plugin
 ```
 

cmd/docker-scan/main.go

@@ -60,7 +60,8 @@ func main() {
 }
 
 type options struct {
-	authenticate   bool
+	login          bool
+	token          string
 	dependencyTree bool
 	dockerFilePath string
 	excludeBase    bool
@@ -81,13 +82,14 @@ func newScanCmd(ctx context.Context, dockerCli command.Cli) *cobra.Command {
 			if flags.showVersion {
 				return runVersion(ctx, dockerCli, flags)
 			}
-			if flags.authenticate {
+			if flags.login {
 				return runAuthentication(ctx, dockerCli, flags, args)
 			}
 			return runScan(ctx, cmd, dockerCli, flags, args)
 		},
 	}
-	cmd.Flags().BoolVar(&flags.authenticate, "auth", false, "Authenticate to the scan provider using an optional token, or web base token if empty")
+	cmd.Flags().BoolVar(&flags.login, "login", false, "Authenticate to the scan provider using an optional token (with --token), or web base token if empty")
+	cmd.Flags().StringVar(&flags.token, "token", "", "Authentication token for login to the scan provider")
 	cmd.Flags().BoolVar(&flags.dependencyTree, "dependency-tree", false, "Show dependency tree with scan results")
 	cmd.Flags().BoolVar(&flags.excludeBase, "exclude-base", false, "Exclude base image from vulnerability scanning (requires --file)")
 	cmd.Flags().StringVarP(&flags.dockerFilePath, "file", "f", "", "Dockerfile associated with image")
@@ -170,18 +172,14 @@ func runVersion(ctx context.Context, dockerCli command.Streams, flags options) e
 }
 
 func runAuthentication(ctx context.Context, dockerCli command.Streams, flags options, args []string) error {
+	if len(args) != 0 {
+		return fmt.Errorf(`--login flag expects no argument`)
+	}
 	scanProvider, err := configureProvider(ctx, dockerCli, flags)
 	if err != nil {
 		return err
 	}
-	token := ""
-	switch {
-	case len(args) == 1:
-		token = args[0]
-	case len(args) > 1:
-		return fmt.Errorf(`--auth flag expects maximum one argument`)
-	}
-	return scanProvider.Authenticate(token)
+	return scanProvider.Authenticate(flags.token)
 }
 
 func runScan(ctx context.Context, cmd *cobra.Command, dockerCli command.Cli, flags options, args []string) error {

e2e/auth_test.go

@@ -43,7 +43,7 @@ func TestSnykAuthentication(t *testing.T) {
 	token := os.Getenv("E2E_TEST_AUTH_TOKEN")
 	assert.Assert(t, token != "", "E2E_TEST_AUTH_TOKEN needs to be filled")
 
-	cmd.Command = dockerCli.Command("scan", "--accept-license", "--auth", token)
+	cmd.Command = dockerCli.Command("scan", "--accept-license", "--login", "--token", token)
 	icmd.RunCmd(cmd).Assert(t, icmd.Success)
 
 	// snyk config file should be updated
@@ -59,18 +59,18 @@ func TestAuthenticationFlagFailsWithImage(t *testing.T) {
 	token := os.Getenv("E2E_TEST_AUTH_TOKEN")
 	assert.Assert(t, token != "", "E2E_TEST_AUTH_TOKEN needs to be filled")
 
-	cmd.Command = dockerCli.Command("scan", "--accept-license", "--auth", token, "example:image")
+	cmd.Command = dockerCli.Command("scan", "--accept-license", "--login", "--token", token, "example:image")
 	icmd.RunCmd(cmd).Assert(t, icmd.Expected{
 		ExitCode: 1,
-		Err:      "--auth flag expects maximum one argument",
+		Err:      "--login flag expects no argument",
 	})
 }
 
 func TestAuthenticationChecksToken(t *testing.T) {
 	cmd, _, cleanup := dockerCli.createTestCmd()
 	defer cleanup()
 
-	cmd.Command = dockerCli.Command("scan", "--accept-license", "--auth", "invalid-token")
+	cmd.Command = dockerCli.Command("scan", "--accept-license", "--login", "--token", "invalid-token")
 	icmd.RunCmd(cmd).Assert(t, icmd.Expected{
 		ExitCode: 1,
 		Err:      `invalid authentication token "invalid-token"`,

e2e/testdata/plugin-usage.golden

@@ -5,12 +5,14 @@ A tool to scan your docker image
 
 Options:
       --accept-license    Accept to using a third party scanning provider
-      --auth              Authenticate to the scan provider using an
-                          optional token, or web base token if empty
       --dependency-tree   Show dependency tree with scan results
       --exclude-base      Exclude base image from vulnerability scanning
                           (requires --file)
   -f, --file string       Dockerfile associated with image
       --json              Output results in JSON format
+      --login             Authenticate to the scan provider using an
+                          optional token (with --token), or web base
+                          token if empty
       --reject-license    Reject to using a third party scanning provider
+      --token string      Authentication token for login to the scan provider
       --version           Display version of the scan plugin