Explicit message telling the user they are not logged in and need `docker login azure` first

azure/login/login.go

@@ -181,13 +181,17 @@ func toOAuthToken(token azureToken) oauth2.Token {
 
 // NewAuthorizerFromLogin creates an authorizer based on login access token
 func NewAuthorizerFromLogin() (autorest.Authorizer, error) {
-	login, err := NewAzureLoginService()
+	return newAuthorizerFromLoginStorePath(getTokenStorePath())
+}
+
+func newAuthorizerFromLoginStorePath(storeTokenPath string) (autorest.Authorizer, error) {
+	login, err := newAzureLoginServiceFromPath(storeTokenPath, azureAPIHelper{})
 	if err != nil {
 		return nil, err
 	}
 	oauthToken, err := login.GetValidToken()
 	if err != nil {
-		return nil, err
+		return nil, errors.Wrap(err, "not logged in to azure, you need to run \"docker login azure\" first")
 	}
 
 	token := adal.Token{

azure/login/login_test.go

@@ -91,6 +91,11 @@ func (suite *LoginSuite) TestRefreshInValidToken() {
 	Expect(storedToken.Token.Expiry).To(BeTemporally(">", time.Now().Add(3500*time.Second)))
 }
 
+func (suite *LoginSuite) TestClearErrorMessageIfNotAlreadyLoggedIn() {
+	_, err := newAuthorizerFromLoginStorePath(filepath.Join(suite.dir, tokenStoreFilename))
+	Expect(err.Error()).To(ContainSubstring("not logged in to azure, you need to run \"docker login azure\" first"))
+}
+
 func (suite *LoginSuite) TestDoesNotRefreshValidToken() {
 	expiryDate := time.Now().Add(1 * time.Hour)
 	err := suite.azureLogin.tokenStore.writeLoginInfo(TokenInfo{