allow authentication for docker registries (#19)

* allow authentication for docker registries

* fix lint

Cargo.toml

@@ -17,6 +17,7 @@ annotate-snippets = { version = "^0.9", features = ["color"] }
 async-std = { version = "^1.6", features = ["attributes"] }
 async-trait = "^0.1"
 atty = "^0.2"
+base64 = "^0.12"
 colored = "^2.0"
 color-eyre = "^0.5.5"
 crossbeam-channel = "^0.4"

docs/docs/schemas/executor-conf.md

@@ -51,7 +51,9 @@ The Host Executor has no possible arguments. It ignores all possible options.
 | tcp_ports_to_expose            | Comma Seperated String [OPTIONAL]          | a comma seperated list of ports to export to the host machine. you won't need to set these if you're using two tasks in a pipeline, as each pipeline gets it's own docker network that allows services to natively communicate. |
 | udp_ports_to_expose            | Comma Seperated String [OPTIONAL]          | the same as `tcp_ports_to_export` just for udp instead.                                                                                                                                                                         |
 | experimental_permission_helper | String'd Boolean [OPTIONAL] [EXPERIMENTAL] | [EXPERIMENTAL] will break in a later update, a flag that tells dev-loop to fix permissions on linux hosts for it's mounted volumes.                                                                                             |
-
+| run_until_ctrlc                | String'd Boolean [OPTIONAL]                | Used to indicate that a task will run until Ctrl-C is pressed. Effectively will not cause a failure when Ctrl-C is pressed.                                                                                                     |
+| docker_auth_username_env       | String                                     | The environment variable that contains the username for authentication.                                                                                                                                                         |
+| docker_auth_password_env       | String                                     | The environment variable that contains the password for authentication.                                                                                                                                                         |
 - `provides`: List[<a href="/docs/schemas/provide-conf" class="internal-link">ProvideConf</a>] [OPTIONAL]
 
 A list of things this particular executor provides. See ProvideConf for more information.

src/config/types.rs

@@ -16,6 +16,31 @@ pub struct ProvideConf {
 	version: Option<String>,
 }
 
+impl ProvideConf {
+	/// Create a new implementation of `ProvideConf`
+	#[cfg(test)]
+	#[must_use]
+	pub fn new(name: String, version: Option<String>) -> Self {
+		Self { name, version }
+	}
+
+	/// Get the name of the thing provided.
+	#[must_use]
+	pub fn get_name(&self) -> &str {
+		&self.name
+	}
+
+	/// Get the version of the thing provided.
+	#[must_use]
+	pub fn get_version(&self) -> &str {
+		if self.version.is_none() {
+			""
+		} else {
+			self.version.as_ref().unwrap()
+		}
+	}
+}
+
 /// All of the possible types of executors that dev-loop supports executing.
 #[derive(Debug, Deserialize, PartialEq, Serialize)]
 pub enum ExecutorType {
@@ -43,31 +68,6 @@ pub struct ExecutorConf {
 	provides: Option<Vec<ProvideConf>>,
 }
 
-impl ProvideConf {
-	/// Create a new implementation of `ProvideConf`
-	#[cfg(test)]
-	#[must_use]
-	pub fn new(name: String, version: Option<String>) -> Self {
-		Self { name, version }
-	}
-
-	/// Get the name of the thing provided.
-	#[must_use]
-	pub fn get_name(&self) -> &str {
-		&self.name
-	}
-
-	/// Get the version of the thing provided.
-	#[must_use]
-	pub fn get_version(&self) -> &str {
-		if self.version.is_none() {
-			""
-		} else {
-			self.version.as_ref().unwrap()
-		}
-	}
-}
-
 impl ExecutorConf {
 	/// Get the type of this executor.
 	#[must_use]

src/executors/docker.rs

@@ -21,6 +21,7 @@ use color_eyre::{
 use crossbeam_channel::Sender;
 use isahc::{
 	config::{Dialer, VersionNegotiation},
+	http::{header::HeaderName, HeaderMap},
 	prelude::*,
 	Error as HttpError, HttpClient, HttpClientBuilder,
 };
@@ -105,9 +106,45 @@ impl Executor {
 			provides.insert(provided.get_name().to_owned(), version_opt);
 		}
 
+		let mut default_headers = HeaderMap::new();
+		if executor_args.contains_key("docker_auth_username_env") {
+			if executor_args.contains_key("docker_auth_password_env") {
+				let user_env_var = executor_args.get("docker_auth_username_env").unwrap();
+				let pass_env_var = executor_args.get("docker_auth_password_env").unwrap();
+
+				if let Ok(username_ref) = std::env::var(user_env_var) {
+					if let Ok(password_ref) = std::env::var(pass_env_var) {
+						default_headers.insert(
+							"X-Registry-Auth".parse::<HeaderName>()?,
+							base64::encode(format!(
+								"{opening_bracket}\"username\": \"{}\", \"password\": \"{}\"}}",
+								username_ref,
+								password_ref,
+								opening_bracket = "{",
+							))
+							.parse()?,
+						);
+					} else {
+						warn!(
+							"No password variable specified in: [{}], not authenticating",
+							pass_env_var
+						);
+					}
+				} else {
+					warn!(
+						"No username variable specified in: [{}], not authenticating",
+						user_env_var
+					);
+				}
+			} else {
+				warn!("`docker_auth_username_env` specified with no `docker_auth_password_env`, not authenticating.");
+			}
+		}
+
 		let client = if cfg!(target_os = "windows") {
 			// TODO(xxx): set windows named pipe/url
 			HttpClientBuilder::new()
+				.default_headers(&default_headers)
 				.version_negotiation(VersionNegotiation::http11())
 				.build()
 		} else {
@@ -117,6 +154,7 @@ impl Executor {
 						.unwrap_or_else(|| SOCKET_PATH.to_owned())
 						.parse::<Dialer>()?,
 				)
+				.default_headers(&default_headers)
 				.version_negotiation(VersionNegotiation::http11())
 				.build()
 		}?;