From df100f1ca2a52ea287d38f9cab5bd38acec04497 Mon Sep 17 00:00:00 2001
From: Nikolay Edigaryev <edigaryev@gmail.com>
Date: Mon, 22 Sep 2025 20:57:05 +0200
Subject: [PATCH] Improve credential provider errors (#1133)

---
 Sources/tart/Commands/Login.swift                         | 2 ++
 Sources/tart/Credentials/CredentialsProvider.swift        | 1 +
 .../Credentials/DockerConfigCredentialsProvider.swift     | 2 ++
 .../tart/Credentials/EnvironmentCredentialsProvider.swift | 2 ++
 .../tart/Credentials/KeychainCredentialsProvider.swift    | 2 ++
 Sources/tart/Credentials/StdinCredentials.swift           | 2 ++
 Sources/tart/OCI/Registry.swift                           | 8 ++++++--
 7 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/Sources/tart/Commands/Login.swift b/Sources/tart/Commands/Login.swift
index 2dc37e3..230851f 100644
--- a/Sources/tart/Commands/Login.swift
+++ b/Sources/tart/Commands/Login.swift
@@ -64,6 +64,8 @@ struct Login: AsyncParsableCommand {
 }
 
 fileprivate class DictionaryCredentialsProvider: CredentialsProvider {
+  let userFriendlyName = "static dictionary credentials provider"
+
   var credentials: Dictionary<String, (String, String)>
 
   init(_ credentials: Dictionary<String, (String, String)>) {
diff --git a/Sources/tart/Credentials/CredentialsProvider.swift b/Sources/tart/Credentials/CredentialsProvider.swift
index 5da19bc..a874fa1 100644
--- a/Sources/tart/Credentials/CredentialsProvider.swift
+++ b/Sources/tart/Credentials/CredentialsProvider.swift
@@ -5,6 +5,7 @@ enum CredentialsProviderError: Error {
 }
 
 protocol CredentialsProvider {
+  var userFriendlyName: String { get }
   func retrieve(host: String) throws -> (String, String)?
   func store(host: String, user: String, password: String) throws
 }
diff --git a/Sources/tart/Credentials/DockerConfigCredentialsProvider.swift b/Sources/tart/Credentials/DockerConfigCredentialsProvider.swift
index 6be901f..f4e270c 100644
--- a/Sources/tart/Credentials/DockerConfigCredentialsProvider.swift
+++ b/Sources/tart/Credentials/DockerConfigCredentialsProvider.swift
@@ -1,6 +1,8 @@
 import Foundation
 
 class DockerConfigCredentialsProvider: CredentialsProvider {
+  let userFriendlyName = "Docker configuration credentials provider"
+
   func retrieve(host: String) throws -> (String, String)? {
     let dockerConfigURL = FileManager.default.homeDirectoryForCurrentUser.appendingPathComponent(".docker").appendingPathComponent("config.json")
     if !FileManager.default.fileExists(atPath: dockerConfigURL.path) {
diff --git a/Sources/tart/Credentials/EnvironmentCredentialsProvider.swift b/Sources/tart/Credentials/EnvironmentCredentialsProvider.swift
index c91e273..2102de0 100644
--- a/Sources/tart/Credentials/EnvironmentCredentialsProvider.swift
+++ b/Sources/tart/Credentials/EnvironmentCredentialsProvider.swift
@@ -1,6 +1,8 @@
 import Foundation
 
 class EnvironmentCredentialsProvider: CredentialsProvider {
+  let userFriendlyName = "environment variable credentials provider"
+
   func retrieve(host: String) throws -> (String, String)? {
     if let tartRegistryHostname = ProcessInfo.processInfo.environment["TART_REGISTRY_HOSTNAME"],
        tartRegistryHostname != host {
diff --git a/Sources/tart/Credentials/KeychainCredentialsProvider.swift b/Sources/tart/Credentials/KeychainCredentialsProvider.swift
index be9d272..35c0293 100644
--- a/Sources/tart/Credentials/KeychainCredentialsProvider.swift
+++ b/Sources/tart/Credentials/KeychainCredentialsProvider.swift
@@ -1,6 +1,8 @@
 import Foundation
 
 class KeychainCredentialsProvider: CredentialsProvider {
+  let userFriendlyName = "Keychain credentials provider"
+
   func retrieve(host: String) throws -> (String, String)? {
     let query: [String: Any] = [kSecClass as String: kSecClassInternetPassword,
                                 kSecAttrProtocol as String: kSecAttrProtocolHTTPS,
diff --git a/Sources/tart/Credentials/StdinCredentials.swift b/Sources/tart/Credentials/StdinCredentials.swift
index 2b55dd9..a6591ac 100644
--- a/Sources/tart/Credentials/StdinCredentials.swift
+++ b/Sources/tart/Credentials/StdinCredentials.swift
@@ -6,6 +6,8 @@ enum StdinCredentialsError: Error {
 }
 
 class StdinCredentials {
+  let userFriendlyName = "standard input credentials provider"
+
   static func retrieve() throws -> (String, String) {
     let user = try readStdinCredential(name: "username", prompt: "User: ", isSensitive: false)
     let password = try readStdinCredential(name: "password", prompt: "Password: ", isSensitive: true)
diff --git a/Sources/tart/OCI/Registry.swift b/Sources/tart/OCI/Registry.swift
index 4281002..25d13cb 100644
--- a/Sources/tart/OCI/Registry.swift
+++ b/Sources/tart/OCI/Registry.swift
@@ -429,8 +429,12 @@ class Registry {
     }
 
     for provider in credentialsProviders {
-      if let (user, password) = try provider.retrieve(host: host) {
-        return (user, password)
+      do {
+        if let (user, password) = try provider.retrieve(host: host) {
+          return (user, password)
+        }
+      } catch (let e) {
+        print("Failed to retrieve credentials using \(provider.userFriendlyName), authentication may fail: \(e)")
       }
     }
     return nil