feat: adds config file content as plain string (kreuzwerker#232)

mavogel · web-flow · commit 45e3127fb9a8 · 2019-12-18T20:55:12.000+01:00
Closes kreuzwerker#224 * feat(provider): adds plain registry content property * docs(provider): new plain config property * chore: comments why the order of auth parsing should not be changed
diff --git a/docker/provider.go b/docker/provider.go
@@ -71,7 +71,7 @@ func Provider() terraform.ResourceProvider {
 						"username": {
 							Type:          schema.TypeString,
 							Optional:      true,
-							ConflictsWith: []string{"registry_auth.config_file"},
+							ConflictsWith: []string{"registry_auth.config_file", "registry_auth.config_file_content"},
 							DefaultFunc:   schema.EnvDefaultFunc("DOCKER_REGISTRY_USER", ""),
 							Description:   "Username for the registry",
 						},
@@ -80,18 +80,25 @@ func Provider() terraform.ResourceProvider {
 							Type:          schema.TypeString,
 							Optional:      true,
 							Sensitive:     true,
-							ConflictsWith: []string{"registry_auth.config_file"},
+							ConflictsWith: []string{"registry_auth.config_file", "registry_auth.config_file_content"},
 							DefaultFunc:   schema.EnvDefaultFunc("DOCKER_REGISTRY_PASS", ""),
 							Description:   "Password for the registry",
 						},
 
 						"config_file": {
 							Type:          schema.TypeString,
 							Optional:      true,
-							ConflictsWith: []string{"registry_auth.username", "registry_auth.password"},
+							ConflictsWith: []string{"registry_auth.username", "registry_auth.password", "registry_auth.config_file_content"},
 							DefaultFunc:   schema.EnvDefaultFunc("DOCKER_CONFIG", "~/.docker/config.json"),
 							Description:   "Path to docker json file for registry auth",
 						},
+
+						"config_file_content": {
+							Type:          schema.TypeString,
+							Optional:      true,
+							ConflictsWith: []string{"registry_auth.username", "registry_auth.password", "registry_auth.config_file"},
+							Description:   "Plain content of the docker json file for registry auth",
+						},
 					},
 				},
 			},
@@ -184,10 +191,43 @@ func providerSetToRegistryAuth(authSet *schema.Set) (*AuthConfigs, error) {
 		// For each registry_auth block, generate an AuthConfiguration using either
 		// username/password or the given config file
 		if username, ok := auth["username"]; ok && username.(string) != "" {
+			log.Println("[DEBUG] Using username for registry auths:", username)
 			authConfig.Username = auth["username"].(string)
 			authConfig.Password = auth["password"].(string)
+
+			// Note: check for config_file_content first because config_file has a default which would be used
+			// neverthelesss config_file_content is set or not. The default has to be kept to check for the
+			// environment variable and to be backwards compatible
+		} else if configFileContent, ok := auth["config_file_content"]; ok && configFileContent.(string) != "" {
+			log.Println("[DEBUG] Parsing file content for registry auths:", configFileContent.(string))
+			r := strings.NewReader(configFileContent.(string))
+
+			// Parse and set the auth
+			auths, err := newAuthConfigurations(r)
+			if err != nil {
+				return nil, fmt.Errorf("Error parsing docker registry config json: %v", err)
+			}
+
+			foundRegistry := false
+			for registry, authFileConfig := range auths.Configs {
+				if authConfig.ServerAddress == normalizeRegistryAddress(registry) {
+					authConfig.Username = authFileConfig.Username
+					authConfig.Password = authFileConfig.Password
+					foundRegistry = true
+				}
+			}
+
+			if !foundRegistry {
+				return nil, fmt.Errorf("Couldn't find registry config for '%s' in file content", authConfig.ServerAddress)
+			}
+
+			// As last step we check if a config file path is given
 		} else if configFile, ok := auth["config_file"]; ok && configFile.(string) != "" {
 			filePath := configFile.(string)
+			log.Println("[DEBUG] Parsing file for registry auths:", filePath)
+
+			// We manually expand the path and do not use the 'pathexpand' interpolation function
+			// because in the default of this varable we refer to '~/.docker/config.json'
 			if strings.HasPrefix(filePath, "~/") {
 				usr, err := user.Current()
 				if err != nil {
@@ -201,6 +241,7 @@ func providerSetToRegistryAuth(authSet *schema.Set) (*AuthConfigs, error) {
 				return nil, fmt.Errorf("Error opening docker registry config file: %v", err)
 			}
 
+			// Parse and set the auth
 			auths, err := newAuthConfigurations(r)
 			if err != nil {
 				return nil, fmt.Errorf("Error parsing docker registry config json: %v", err)
diff --git a/docker/resource_docker_image_test.go b/docker/resource_docker_image_test.go
@@ -148,6 +148,28 @@ func TestAccDockerImage_data_private_config_file(t *testing.T) {
 	})
 }
 
+func TestAccDockerImage_data_private_config_file_content(t *testing.T) {
+	registry := "127.0.0.1:15000"
+	image := "127.0.0.1:15000/tftest-service:v1"
+	wd, _ := os.Getwd()
+	dockerConfig := wd + "/../scripts/testing/dockerconfig.json"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:                  func() { testAccPreCheck(t) },
+		Providers:                 testAccProviders,
+		PreventPostDestroyRefresh: true,
+		Steps: []resource.TestStep{
+			{
+				Config: fmt.Sprintf(testAccDockerImageFromDataPrivateConfigFileContent, registry, dockerConfig, image),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestMatchResourceAttr("docker_image.foo_private", "latest", contentDigestRegexp),
+				),
+			},
+		},
+		CheckDestroy: checkAndRemoveImages,
+	})
+}
+
 func TestAccDockerImage_sha265(t *testing.T) {
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -251,6 +273,20 @@ resource "docker_image" "foo_private" {
 }
 `
 
+const testAccDockerImageFromDataPrivateConfigFileContent = `
+provider "docker" {
+	alias = "private"
+	registry_auth {
+		address = "%s"
+		config_file_content = "${file("%s")}"
+	}
+}
+resource "docker_image" "foo_private" {
+	provider = "docker.private"
+	name = "%s"
+}
+`
+
 const testAddDockerImageWithSHA256RepoDigest = `
 resource "docker_image" "foobar" {
 	name = "stocard/gotthard@sha256:ed752380c07940c651b46c97ca2101034b3be112f4d86198900aa6141f37fe7b"
diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown
@@ -62,6 +62,11 @@ provider "docker" {
     config_file = "${pathexpand("~/.docker/config.json")}"
   }
 
+  registry_auth {
+    address = "registry.my.company.com"
+    config_file_content = "${var.plain_content_of_config_file}"
+  }
+
   registry_auth {
     address = "quay.io:8181"
     username = "someuser"
@@ -149,8 +154,11 @@ The following arguments are supported:
   will also be checked.
  
   * `config_file` - (Optional) The path to a config file containing credentials for
-  authenticating to the registry. Cannot be used with the `username`/`password` options.
+  authenticating to the registry. Cannot be used with the `username`/`password` or `config_file_content` options.
   If this is blank, the `DOCKER_CONFIG` will also be checked.
+  
+  * `config_file_content` - (Optional) The content of a config file as string containing credentials for
+  authenticating to the registry. Cannot be used with the `username`/`password` or `config_file` options.
  
  
 
