Merge pull request #266 from florindragos/docker_registry

davejrt · web-flow · commit 5c3d6e4688dd · 2018-07-13T15:57:27.000+10:00
Support private docker registries on windows
diff --git a/manifests/registry.pp b/manifests/registry.pp
@@ -47,55 +47,98 @@
 
   $docker_command = $docker::params::docker_command
 
+  if $::osfamily == 'windows' {
+    $exec_environment = ['PATH=C:/Program Files/Docker/']
+    $exec_timeout = 3000
+    $exec_path = ['c:/Windows/Temp/', 'C:/Program Files/Docker/']
+    $exec_provider = 'powershell'
+    $password_env = '$env:password'
+    $exec_user = undef
+  } else {
+    $exec_environment = ['HOME=/root']
+    $exec_path = ['/bin', '/usr/bin']
+    $exec_timeout = 0
+    $exec_provider = undef
+    $password_env = "\${password}"
+    $exec_user = $local_user
+  }
+
   if $ensure == 'present' {
     if $username != undef and $password != undef and $email != undef and $version != undef and $version =~ /1[.][1-9]0?/ {
-      $auth_cmd = "${docker_command} login -u '${username}' -p \"\${password}\" -e '${email}' ${server}"
+      $auth_cmd = "${docker_command} login -u '${username}' -p '${password_env}' -e '${email}' ${server}"
       $auth_environment = "password=${password}"
     }
     elsif $username != undef and $password != undef {
-      $auth_cmd = "${docker_command} login -u '${username}' -p \"\${password}\" ${server}"
+      $auth_cmd = "${docker_command} login -u '${username}' -p '${password_env}' ${server}"
       $auth_environment = "password=${password}"
     }
     else {
       $auth_cmd = "${docker_command} login ${server}"
-      $auth_environment = undef
+      $auth_environment = ''
     }
   }
   else {
     $auth_cmd = "${docker_command} logout ${server}"
-    $auth_environment = undef
+    $auth_environment = ''
   }
 
+  $docker_auth = "${title}${auth_environment}${auth_cmd}${local_user}"
   if $receipt {
-    # no - with pw_hash
-    $local_user_strip = regsubst($local_user, '-', '', 'G')
-
-    $_pass_hash = $pass_hash ? {
-      Undef   => pw_hash("${title}${auth_environment}${auth_cmd}${local_user}", 'SHA-512', $local_user_strip),
-      default => $pass_hash
-    }
 
     # server may be an URI, which can contain /
     $server_strip = regsubst($server, '/', '_', 'G')
-    $_auth_command = "${auth_cmd} || rm -f \"/root/registry-auth-puppet_receipt_${server_strip}_${local_user}\""
 
-    file { "/root/registry-auth-puppet_receipt_${server_strip}_${local_user}":
-      ensure  => $ensure,
-      content => $_pass_hash,
-      notify  => Exec["${title} auth"],
+    if $::osfamily != 'windows' {
+      # no - with pw_hash
+      $local_user_strip = regsubst($local_user, '-', '', 'G')
+
+      $_pass_hash = $pass_hash ? {
+        Undef   => pw_hash($docker_auth, 'SHA-512', $local_user_strip),
+        default => $pass_hash
+      }
+      $_auth_command = "${auth_cmd} || rm -f \"/root/registry-auth-puppet_receipt_${server_strip}_${local_user}\""
+
+      file { "/root/registry-auth-puppet_receipt_${server_strip}_${local_user}":
+        ensure  => $ensure,
+        content => $_pass_hash,
+        notify  => Exec["${title} auth"],
+      }
+    } else {
+      $_auth_command = $auth_cmd
+      $pw_hash_path = 'C:/Windows/Temp/compute_hash.ps1'
+      $passfile = "C:/Windows/Temp/registry-auth-puppet_receipt_${server_strip}_${local_user}"
+      file{ $pw_hash_path:
+          ensure  => present,
+          force   => true,
+          content => template('docker/windows/compute_hash.ps1.erb'),
+          notify  => Exec['compute-hash']
+      }
+      exec { 'compute-hash':
+          command     => "& ${pw_hash_path}",
+          provider    => $exec_provider,
+          refreshonly => true,
+          logoutput   => true,
+          notify      => Exec["${title} auth"],
+        }
     }
   }
   else {
     $_auth_command = $auth_cmd
   }
 
+  if $auth_environment != '' {
+    $exec_env = concat($exec_environment, $auth_environment, "docker_auth=${docker_auth}")
+  } else {
+    $exec_env = concat($exec_environment, "docker_auth=${docker_auth}")
+  }
+
   exec { "${title} auth":
-    environment => $auth_environment,
+    environment => $exec_env,
     command     => $_auth_command,
-    user        => $local_user,
-    cwd         => '/root',
-    path        => ['/bin', '/usr/bin'],
-    timeout     => 0,
+    user        => $exec_user,
+    path        => $exec_path,
+    timeout     => $exec_timeout,
+    provider    => $exec_provider,
     refreshonly => $receipt,
   }
 
diff --git a/spec/defines/registry_spec.rb b/spec/defines/registry_spec.rb
@@ -40,22 +40,22 @@
 
   context 'with ensure => present and username => user1, and password => secret and email => user1@example.io' do
     let(:params) { { 'ensure' => 'present', 'username' => 'user1', 'password' => 'secret', 'email' => 'user1@example.io', 'version' => '17.06', 'pass_hash' => 'test1234', 'receipt' => false } }
-    it { should contain_exec('localhost:5000 auth').with_command("docker login -u 'user1' -p \"${password}\" localhost:5000").with_environment('password=secret') }
+    it { should contain_exec('localhost:5000 auth').with_command("docker login -u 'user1' -p '${password}' localhost:5000").with_environment(/password=secret/) }
   end
 
  context 'with ensure => present and username => user1, and password => secret and email => user1@example.io and version < 1.11.0' do
     let(:params) { { 'ensure' => 'present', 'username' => 'user1', 'password' => 'secret', 'email' => 'user1@example.io', 'version' => '1.9.0', 'pass_hash' => 'test1234', 'receipt' => false } }
-    it { should contain_exec('localhost:5000 auth').with_command("docker login -u 'user1' -p \"${password}\" -e 'user1@example.io' localhost:5000").with_environment('password=secret') }
+    it { should contain_exec('localhost:5000 auth').with_command("docker login -u 'user1' -p '${password}' -e 'user1@example.io' localhost:5000").with_environment(/password=secret/) }
   end
 
   context 'with username => user1, and password => secret' do
     let(:params) { { 'username' => 'user1', 'password' => 'secret', 'version' => '17.06', 'pass_hash' => 'test1234', 'receipt' => false } }
-    it { should contain_exec('localhost:5000 auth').with_command("docker login -u 'user1' -p \"${password}\" localhost:5000").with_environment('password=secret') }
+    it { should contain_exec('localhost:5000 auth').with_command("docker login -u 'user1' -p '${password}' localhost:5000").with_environment(/password=secret/) }
   end
 
   context 'with username => user1, and password => secret and local_user => testuser' do
     let(:params) { { 'username' => 'user1', 'password' => 'secret', 'local_user' => 'testuser', 'version' => '17.06', 'pass_hash' => 'test1234', 'receipt' => false } }
-    it { should contain_exec('localhost:5000 auth').with_command("docker login -u 'user1' -p \"${password}\" localhost:5000").with_user('testuser').with_environment('password=secret') }
+    it { should contain_exec('localhost:5000 auth').with_command("docker login -u 'user1' -p '${password}' localhost:5000").with_user('testuser').with_environment(/password=secret/) }
   end
 
   context 'with an invalid ensure value' do
diff --git a/templates/windows/compute_hash.ps1.erb b/templates/windows/compute_hash.ps1.erb
@@ -0,0 +1,10 @@
+#file computes the 512SHA for a given string and writes it to a file
+
+$String = $env:docker_auth
+$HashName = "SHA512"
+$StringBuilder = New-Object System.Text.StringBuilder 
+[System.Security.Cryptography.HashAlgorithm]::Create($HashName).ComputeHash([System.Text.Encoding]::UTF8.GetBytes($String))|%{ 
+[Void]$StringBuilder.Append($_.ToString("x2")) 
+} 
+
+$StringBuilder.ToString() | Out-File <%= @passfile %>
