From d86957bf20e0ea171ecbd2cf7cfc70cbb44c85a1 Mon Sep 17 00:00:00 2001
From: Zack Brady <zackbrady123@gmail.com>
Date: Thu, 5 Jun 2025 14:07:53 -0400
Subject: [PATCH] deprecate auth from hauler store copy (#440)

---
 cmd/hauler/cli/store/copy.go |  6 ++++--
 go.mod                       |  5 +++--
 internal/flags/copy.go       | 19 ++++++++++++++++---
 3 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/cmd/hauler/cli/store/copy.go b/cmd/hauler/cli/store/copy.go
index 2d1d6e9..0b80a98 100644
--- a/cmd/hauler/cli/store/copy.go
+++ b/cmd/hauler/cli/store/copy.go
@@ -16,6 +16,10 @@ import (
 func CopyCmd(ctx context.Context, o *flags.CopyOpts, s *store.Layout, targetRef string, ro *flags.CliRootOpts) error {
 	l := log.FromContext(ctx)
 
+	if o.Username != "" || o.Password != "" {
+		return fmt.Errorf("--username/--password have been deprecated, please use 'hauler login'")
+	}
+
 	components := strings.SplitN(targetRef, "://", 2)
 	switch components[0] {
 	case "dir":
@@ -31,8 +35,6 @@ func CopyCmd(ctx context.Context, o *flags.CopyOpts, s *store.Layout, targetRef
 	case "registry":
 		l.Debugf("identified registry target reference of [%s]", components[1])
 		ropts := content.RegistryOptions{
-			Username:  o.Username,
-			Password:  o.Password,
 			Insecure:  o.Insecure,
 			PlainHTTP: o.PlainHTTP,
 		}
diff --git a/go.mod b/go.mod
index 061b476..ef11152 100644
--- a/go.mod
+++ b/go.mod
@@ -1,7 +1,8 @@
 module hauler.dev/go/hauler
 
-go 1.23.4
-toolchain go1.24.2
+go 1.23.8
+
+toolchain go1.24.3
 
 replace github.com/sigstore/cosign/v2 => github.com/hauler-dev/cosign/v2 v2.4.3-0.20250404165522-3a44ef646a65
 
diff --git a/internal/flags/copy.go b/internal/flags/copy.go
index bb03b92..ad11e36 100644
--- a/internal/flags/copy.go
+++ b/internal/flags/copy.go
@@ -15,9 +15,22 @@ type CopyOpts struct {
 func (o *CopyOpts) AddFlags(cmd *cobra.Command) {
 	f := cmd.Flags()
 
-	f.StringVarP(&o.Username, "username", "u", "", "(Optional) Username to use for authentication")
-	f.StringVarP(&o.Password, "password", "p", "", "(Optional) Password to use for authentication")
+	f.StringVarP(&o.Username, "username", "u", "", "(Deprecated) Please use 'hauler login'")
+	f.StringVarP(&o.Password, "password", "p", "", "(Deprecated) Please use 'hauler login'")
 	f.BoolVar(&o.Insecure, "insecure", false, "(Optional) Allow insecure connections")
 	f.BoolVar(&o.PlainHTTP, "plain-http", false, "(Optional) Allow plain HTTP connections")
-	f.StringVarP(&o.Only, "only", "o", "", "(Optional) Custom string array to only copy specific 'image' items, this flag is comma delimited. ex: --only=sig,att,sbom")
+	f.StringVarP(&o.Only, "only", "o", "", "(Optional) Custom string array to only copy specific 'image' items")
+
+	if err := f.MarkDeprecated("username", "please use 'hauler login'"); err != nil {
+		panic(err)
+	}
+	if err := f.MarkDeprecated("password", "please use 'hauler login'"); err != nil {
+		panic(err)
+	}
+	if err := f.MarkHidden("username"); err != nil {
+		panic(err)
+	}
+	if err := f.MarkHidden("password"); err != nil {
+		panic(err)
+	}
 }