@@ -65,7 +65,7 @@ func (cli *DockerCli) CmdPull(args ...string) error {

 		return err

 	}

-	authConfig := registry.ResolveAuthConfig(cli.configFile, repoInfo.Index)

+	authConfig := registry.ResolveAuthConfig(cli.configFile.AuthConfigs, repoInfo.Index)

 	requestPrivilege := cli.registryAuthenticationPrivilegedFunc(repoInfo.Index, "pull")

 	if isTrusted() && !ref.HasDigest() {

@@ -44,7 +44,7 @@ func (cli *DockerCli) CmdPush(args ...string) error {

 		return err

 	}

 	// Resolve the Auth config relevant for this server

-	authConfig := registry.ResolveAuthConfig(cli.configFile, repoInfo.Index)

+	authConfig := registry.ResolveAuthConfig(cli.configFile.AuthConfigs, repoInfo.Index)

 	// If we're not using a custom registry, we know the restrictions

 	// applied to repository names and can warn the user in advance.

 	// Custom repositories can have different rules, and we must also

@@ -35,7 +35,7 @@ func (cli *DockerCli) CmdSearch(args ...string) error {

 		return err

 	}

-	authConfig := registry.ResolveAuthConfig(cli.configFile, indexInfo)

+	authConfig := registry.ResolveAuthConfig(cli.configFile.AuthConfigs, indexInfo)

 	requestPrivilege := cli.registryAuthenticationPrivilegedFunc(indexInfo, "search")

 	encodedAuth, err := authConfig.EncodeToBase64()

@@ -229,7 +229,7 @@ func (cli *DockerCli) trustedReference(ref reference.NamedTagged) (reference.Can

 	}

 	// Resolve the Auth config relevant for this server

-	authConfig := registry.ResolveAuthConfig(cli.configFile, repoInfo.Index)

+	authConfig := registry.ResolveAuthConfig(cli.configFile.AuthConfigs, repoInfo.Index)

 	notaryRepo, err := cli.getNotaryRepository(repoInfo, authConfig)

 	if err != nil {

@@ -16,7 +16,7 @@ import (

 )

 func (cli *DockerCli) encodeRegistryAuth(index *registry.IndexInfo) (string, error) {

-	authConfig := registry.ResolveAuthConfig(cli.configFile, index)

+	authConfig := registry.ResolveAuthConfig(cli.configFile.AuthConfigs, index)

 	return authConfig.EncodeToBase64()

 }

@@ -67,7 +67,7 @@ func (d Docker) Pull(name string) (*image.Image, error) {

 		}

 		resolvedConfig := registry.ResolveAuthConfig(

-			&cliconfig.ConfigFile{AuthConfigs: d.AuthConfigs},

+			d.AuthConfigs,

 			repoInfo.Index,

 		)

 		pullRegistryAuth = &resolvedConfig

@@ -221,10 +221,10 @@ func tryV2TokenAuthLogin(authConfig *cliconfig.AuthConfig, params map[string]str

 }

 // ResolveAuthConfig matches an auth configuration to a server address or a URL

-func ResolveAuthConfig(config *cliconfig.ConfigFile, index *IndexInfo) cliconfig.AuthConfig {

+func ResolveAuthConfig(authConfigs map[string]cliconfig.AuthConfig, index *IndexInfo) cliconfig.AuthConfig {

 	configKey := index.GetAuthConfigKey()

 	// First try the happy case

-	if c, found := config.AuthConfigs[configKey]; found || index.Official {

+	if c, found := authConfigs[configKey]; found || index.Official {

 		return c

 	}

@@ -243,7 +243,7 @@ func ResolveAuthConfig(config *cliconfig.ConfigFile, index *IndexInfo) cliconfig

 	// Maybe they have a legacy config file, we will iterate the keys converting

 	// them to the new format and testing

-	for registry, ac := range config.AuthConfigs {

+	for registry, ac := range authConfigs {

 		if configKey == convertToHostname(registry) {

 			return ac

 		}

@@ -1,9 +1,6 @@

 package registry

 import (

-	"io/ioutil"

-	"os"

-	"path/filepath"

 	"testing"

 	"github.com/docker/docker/cliconfig"

@@ -29,38 +26,23 @@ func TestEncodeAuth(t *testing.T) {

 	}

 }

-func setupTempConfigFile() (*cliconfig.ConfigFile, error) {

-	root, err := ioutil.TempDir("", "docker-test-auth")

-	if err != nil {

-		return nil, err

-	}

-	root = filepath.Join(root, cliconfig.ConfigFileName)

-	configFile := cliconfig.NewConfigFile(root)

+func buildAuthConfigs() map[string]cliconfig.AuthConfig {

+	authConfigs := map[string]cliconfig.AuthConfig{}

 	for _, registry := range []string{"testIndex", IndexServer} {

-		configFile.AuthConfigs[registry] = cliconfig.AuthConfig{

+		authConfigs[registry] = cliconfig.AuthConfig{

 			Username: "docker-user",

 			Password: "docker-pass",

 			Email:    "docker@docker.io",

 		}

 	}

-	return configFile, nil

+	return authConfigs

 }

 func TestSameAuthDataPostSave(t *testing.T) {

-	configFile, err := setupTempConfigFile()

-	if err != nil {

-		t.Fatal(err)

-	}

-	defer os.RemoveAll(configFile.Filename())

-

-	err = configFile.Save()

-	if err != nil {

-		t.Fatal(err)

-	}

-

-	authConfig := configFile.AuthConfigs["testIndex"]

+	authConfigs := buildAuthConfigs()

+	authConfig := authConfigs["testIndex"]

 	if authConfig.Username != "docker-user" {

 		t.Fail()

 	}

@@ -76,13 +58,8 @@ func TestSameAuthDataPostSave(t *testing.T) {

 }

 func TestResolveAuthConfigIndexServer(t *testing.T) {

-	configFile, err := setupTempConfigFile()

-	if err != nil {

-		t.Fatal(err)

-	}

-	defer os.RemoveAll(configFile.Filename())

-

-	indexConfig := configFile.AuthConfigs[IndexServer]

+	authConfigs := buildAuthConfigs()

+	indexConfig := authConfigs[IndexServer]

 	officialIndex := &IndexInfo{

 		Official: true,

@@ -91,19 +68,15 @@ func TestResolveAuthConfigIndexServer(t *testing.T) {

 		Official: false,

 	}

-	resolved := ResolveAuthConfig(configFile, officialIndex)

+	resolved := ResolveAuthConfig(authConfigs, officialIndex)

 	assertEqual(t, resolved, indexConfig, "Expected ResolveAuthConfig to return IndexServer")

-	resolved = ResolveAuthConfig(configFile, privateIndex)

+	resolved = ResolveAuthConfig(authConfigs, privateIndex)

 	assertNotEqual(t, resolved, indexConfig, "Expected ResolveAuthConfig to not return IndexServer")

 }

 func TestResolveAuthConfigFullURL(t *testing.T) {

-	configFile, err := setupTempConfigFile()

-	if err != nil {

-		t.Fatal(err)

-	}

-	defer os.RemoveAll(configFile.Filename())

+	authConfigs := buildAuthConfigs()

 	registryAuth := cliconfig.AuthConfig{

 		Username: "foo-user",

@@ -120,7 +93,7 @@ func TestResolveAuthConfigFullURL(t *testing.T) {

 		Password: "baz-pass",

 		Email:    "baz@example.com",

 	}

-	configFile.AuthConfigs[IndexServer] = officialAuth

+	authConfigs[IndexServer] = officialAuth

 	expectedAuths := map[string]cliconfig.AuthConfig{

 		"registry.example.com": registryAuth,

@@ -158,13 +131,13 @@ func TestResolveAuthConfigFullURL(t *testing.T) {

 			Name: configKey,

 		}

 		for _, registry := range registries {

-			configFile.AuthConfigs[registry] = configured

-			resolved := ResolveAuthConfig(configFile, index)

+			authConfigs[registry] = configured

+			resolved := ResolveAuthConfig(authConfigs, index)

 			if resolved.Email != configured.Email {

 				t.Errorf("%s -> %q != %q\n", registry, resolved.Email, configured.Email)

 			}

-			delete(configFile.AuthConfigs, registry)

-			resolved = ResolveAuthConfig(configFile, index)

+			delete(authConfigs, registry)

+			resolved = ResolveAuthConfig(authConfigs, index)

 			if resolved.Email == configured.Email {

 				t.Errorf("%s -> %q == %q\n", registry, resolved.Email, configured.Email)

 			}