Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

provider: add password back #78

Merged
merged 1 commit into from
Dec 20, 2024
Merged

provider: add password back #78

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
87 changes: 80 additions & 7 deletions docs/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,21 +28,51 @@ description: |-

Authentication
We have multiple ways to set your Docker credentials.
Setting credentials
Use docker login to log in to aregistry https://docs.docker.com/reference/cli/docker/login/. The docker CLI
Setting credentials with docker login
To login in an interactive command-line:

docker login

To login in a non-interactive script:

cat ~/my_password.txt | docker login --username my-username --password-stdin

The docker CLI
will store your credentials securely in your credential store, such as the
operating system native keychain. The Docker Terraform provider will
use these credentials automatically.
Setting credentials in CI
The Docker Terraform provider will work with your CI provider's
native Docker login action. For example, in GitHub Actions https://github.com/marketplace/actions/docker-login:

cat ~/my_password.txt | docker login --username my-username --password-stdin
jobs:
login:
runs-on: ubuntu-latest
steps:
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ vars.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

Setting credentials with environment variables
If you'd like to use a different account for running the provider,
you can set credentials in the environment:

export DOCKER_USERNAME=my-username
export DOCKER_PASSWORD=my-secret-token
terraform plan ...

Setting credentials in Terraform (NOT RECOMMENDED)
[!WARNING]Hard-coding secrets in Terraform is risky. You risk leaking the secretsif they're committed to version control.
Only pass in a password in Terraform if you're pulling the secret from a secure
location, or if you're doing local testing.

provider "docker" {
username = "my-username"
password = "my-secret-token"
}

Credential types
You can create a personal access token (PAT) to use as an alternative to your
password for Docker CLI authentication.
Expand Down Expand Up @@ -90,18 +120,44 @@ resource "docker_repository" "example" {

We have multiple ways to set your Docker credentials.

### Setting credentials
### Setting credentials with `docker login`

To login in an interactive command-line:

```
docker login
```

To login in a non-interactive script:

```
cat ~/my_password.txt | docker login --username my-username --password-stdin
```

Use `docker login` to [log in to a
registry](https://docs.docker.com/reference/cli/docker/login/). The `docker` CLI
The `docker` CLI
will store your credentials securely in your credential store, such as the
operating system native keychain. The Docker Terraform provider will
use these credentials automatically.

### Setting credentials in CI

The Docker Terraform provider will work with your CI provider's
native Docker login action. For example, in [GitHub Actions](https://github.com/marketplace/actions/docker-login):

```
cat ~/my_password.txt | docker login --username my-username --password-stdin
jobs:
login:
runs-on: ubuntu-latest
steps:
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ vars.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
```

### Setting credentials with environment variables

If you'd like to use a different account for running the provider,
you can set credentials in the environment:

Expand All @@ -111,6 +167,22 @@ export DOCKER_PASSWORD=my-secret-token
terraform plan ...
```

### Setting credentials in Terraform (NOT RECOMMENDED)

> [!WARNING]
> Hard-coding secrets in Terraform is risky. You risk leaking the secrets
> if they're committed to version control.

Only pass in a password in Terraform if you're pulling the secret from a secure
location, or if you're doing local testing.

```hcl
provider "docker" {
username = "my-username"
password = "my-secret-token"
}
```

### Credential types

You can create a personal access token (PAT) to use as an alternative to your
Expand All @@ -134,4 +206,5 @@ this provider to manage organizations and teams, you will need to authenticate
### Optional

- `host` (String) Docker Hub API Host. Default is `hub.docker.com`.
- `password` (String, Sensitive) Password for authentication
- `username` (String) Username for authentication
67 changes: 62 additions & 5 deletions internal/provider/provider.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ type DockerProvider struct {
// DockerProviderModel describes the provider data model.
type DockerProviderModel struct {
Username types.String `tfsdk:"username"`
Password types.String `tfsdk:"password"`
Host types.String `tfsdk:"host"`
}

Expand Down Expand Up @@ -105,18 +106,44 @@ resource "docker_repository" "example" {

We have multiple ways to set your Docker credentials.

### Setting credentials
### Setting credentials with ` + "`docker login`" + `

Use ` + "`docker login`" + ` to [log in to a
registry](https://docs.docker.com/reference/cli/docker/login/). The ` + "`docker`" + ` CLI
To login in an interactive command-line:

` + "```" + `
docker login
` + "```" + `

To login in a non-interactive script:

` + "```" + `
cat ~/my_password.txt | docker login --username my-username --password-stdin
` + "```" + `

The ` + "`docker`" + ` CLI
will store your credentials securely in your credential store, such as the
operating system native keychain. The Docker Terraform provider will
use these credentials automatically.

### Setting credentials in CI

The Docker Terraform provider will work with your CI provider's
native Docker login action. For example, in [GitHub Actions](https://github.com/marketplace/actions/docker-login):

` + "```" + `
cat ~/my_password.txt | docker login --username my-username --password-stdin
jobs:
login:
runs-on: ubuntu-latest
steps:
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ vars.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
` + "```" + `

### Setting credentials with environment variables

If you'd like to use a different account for running the provider,
you can set credentials in the environment:

Expand All @@ -126,6 +153,22 @@ export DOCKER_PASSWORD=my-secret-token
terraform plan ...
` + "```" + `

### Setting credentials in Terraform (NOT RECOMMENDED)

> [!WARNING]
> Hard-coding secrets in Terraform is risky. You risk leaking the secrets
> if they're committed to version control.

Only pass in a password in Terraform if you're pulling the secret from a secure
location, or if you're doing local testing.

` + "```" + `hcl
provider "docker" {
username = "my-username"
password = "my-secret-token"
}
` + "```" + `

### Credential types

You can create a personal access token (PAT) to use as an alternative to your
Expand Down Expand Up @@ -153,6 +196,11 @@ this provider to manage organizations and teams, you will need to authenticate
MarkdownDescription: "Username for authentication",
Optional: true,
},
"password": schema.StringAttribute{
MarkdownDescription: "Password for authentication",
Optional: true,
Sensitive: true,
},
},
}
}
Expand All @@ -174,14 +222,20 @@ func (p *DockerProvider) Configure(ctx context.Context, req provider.ConfigureRe
"Either target apply the source of the value first, set the value statically in the configuration, or use the DOCKER_HUB_HOST environment variable.",
)
}

if data.Username.IsUnknown() {
resp.Diagnostics.AddAttributeError(
path.Root("username"),
"Unknown Docker Hub API Username",
"The provider cannot create the Docker Hub API client as there is an unknown configuration value for the Docker Hub API username.",
)
}
if data.Password.IsUnknown() {
resp.Diagnostics.AddAttributeError(
path.Root("password"),
"Unknown Docker Hub API Password",
"The provider cannot create the Docker Hub API client as there is an unknown configuration value for the Docker Hub API password.",
)
}

if resp.Diagnostics.HasError() {
return
Expand All @@ -203,6 +257,9 @@ func (p *DockerProvider) Configure(ctx context.Context, req provider.ConfigureRe
}

password := os.Getenv("DOCKER_PASSWORD")
if !data.Password.IsNull() {
password = data.Password.ValueString()
}

// If DOCKER_USERNAME and DOCKER_PASSWORD are not set, or if they are empty,
// retrieve them from the credential store
Expand Down
Loading