Adds initial support for login before bootstrapped build step

hashicorp · Nov 25, 2024 · 5eb8ac0 · 5eb8ac0
1 parent 828656c
commit 5eb8ac0
Show file tree

Hide file tree

Showing 4 changed files with 68 additions and 35 deletions.
diff --git a/.web-docs/components/builder/docker/README.md b/.web-docs/components/builder/docker/README.md
@@ -298,20 +298,21 @@ You must specify (only) one of `commit`, `discard`, or `export_path`.
 
 - `platform` (string) - Set platform if server is multi-platform capable
 
-- `login` (bool) - This is used to login to dockerhub to pull a private base container. For
-  pushing to dockerhub, see the docker post-processors
+- `login` (bool) - This is used to login to a private docker repository (e.g., dockerhub)
+  to build or pull a private base container. For pushing to a private
+   repository, see the docker post-processors.
 
 - `login_password` (string) - The password to use to authenticate to login.
 
 - `login_server` (string) - The server address to login to.
 
 - `login_username` (string) - The username to use to authenticate to login.
 
-- `ecr_login` (bool) - Defaults to false. If true, the builder will login in order to pull the
-  image from Amazon EC2 Container Registry (ECR). The builder only logs in
-  for the duration of the pull. If true login_server is required and
-  login, login_username, and login_password will be ignored. For more
-  information see the section on ECR.
+- `ecr_login` (bool) - Defaults to false. If true, the builder will login in order to build or
+  pull the image from Amazon EC2 Container Registry (ECR). The builder
+  only logs in for the duration of the build or pull step. If true,
+  login_server is required and login, login_username, and login_password
+  will be ignored. For more information see the section on ECR.
 
 <!-- End of code generated from the comments of the Config struct in builder/docker/config.go; -->
 

diff --git a/builder/docker/config.go b/builder/docker/config.go
@@ -142,20 +142,21 @@ type Config struct {
 	// Set platform if server is multi-platform capable
 	Platform string `mapstructure:"platform" required:"false"`
 
-	// This is used to login to dockerhub to pull a private base container. For
-	// pushing to dockerhub, see the docker post-processors
+	// This is used to login to a private docker repository (e.g., dockerhub)
+	// to build or pull a private base container. For pushing to a private
+	//  repository, see the docker post-processors.
 	Login bool `mapstructure:"login" required:"false"`
 	// The password to use to authenticate to login.
 	LoginPassword string `mapstructure:"login_password" required:"false"`
 	// The server address to login to.
 	LoginServer string `mapstructure:"login_server" required:"false"`
 	// The username to use to authenticate to login.
 	LoginUsername string `mapstructure:"login_username" required:"false"`
-	// Defaults to false. If true, the builder will login in order to pull the
-	// image from Amazon EC2 Container Registry (ECR). The builder only logs in
-	// for the duration of the pull. If true login_server is required and
-	// login, login_username, and login_password will be ignored. For more
-	// information see the section on ECR.
+	// Defaults to false. If true, the builder will login in order to build or
+	// pull the image from Amazon EC2 Container Registry (ECR). The builder
+	// only logs in for the duration of the build or pull step. If true,
+	// login_server is required and login, login_username, and login_password
+	// will be ignored. For more information see the section on ECR.
 	EcrLogin        bool `mapstructure:"ecr_login" required:"false"`
 	AwsAccessConfig `mapstructure:",squash"`
 

diff --git a/builder/docker/step_build.go b/builder/docker/step_build.go
@@ -5,9 +5,7 @@ package docker
 
 import (
 	"context"
-	"errors"
 	"fmt"
-	"reflect"
 
 	"github.com/hashicorp/packer-plugin-sdk/multistep"
 	"github.com/hashicorp/packer-plugin-sdk/packer"
@@ -25,28 +23,60 @@ func (s *stepBuild) Run(ctx context.Context, state multistep.StateBag) multistep
 
 	ui := state.Get("ui").(packer.Ui)
 	driver := state.Get("driver").(Driver)
-	ui.Say("Building base image...")
-
-	imageId, err := driver.Build(s.buildArgs.BuildArgs())
-	if err != nil {
+	config, ok := state.Get("config").(*Config)
+	if !ok {
+		err := fmt.Errorf("error encountered obtaining docker config")
 		state.Put("error", err)
+		ui.Error(err.Error())
 		return multistep.ActionHalt
 	}
 
-	ui.Sayf("Finished building base image %q", imageId)
+	ui.Say("Building base image...")
 
-	cfg, ok := state.GetOk("config")
-	if !ok {
-		state.Put("error", errors.New("missing config in state; this is a docker plugin bug, please report upstream"))
-		return multistep.ActionHalt
+	if config.EcrLogin {
+		ui.Message("Fetching ECR credentials...")
+
+		username, password, err := config.EcrGetLogin(config.LoginServer)
+		if err != nil {
+			err := fmt.Errorf("Error fetching ECR credentials: %s", err)
+			state.Put("error", err)
+			ui.Error(err.Error())
+			return multistep.ActionHalt
+		}
+
+		config.LoginUsername = username
+		config.LoginPassword = password
 	}
 
-	config, ok := cfg.(*Config)
-	if !ok {
-		state.Put("error", fmt.Errorf("config object set but type (%s) doesn't match. This is a docker plugin bug, please report upstream", reflect.TypeOf(cfg).String()))
+	if config.Login || config.EcrLogin {
+		ui.Message("Logging in...")
+		err := driver.Login(
+			config.LoginServer,
+			config.LoginUsername,
+			config.LoginPassword)
+		if err != nil {
+			err := fmt.Errorf("Error logging in: %s", err)
+			state.Put("error", err)
+			ui.Error(err.Error())
+			return multistep.ActionHalt
+		}
+
+		defer func() {
+			ui.Message("Logging out...")
+			if err := driver.Logout(config.LoginServer); err != nil {
+				ui.Error(fmt.Sprintf("Error logging out: %s", err))
+			}
+		}()
+	}
+
+	imageId, err := driver.Build(s.buildArgs.BuildArgs())
+	if err != nil {
+		state.Put("error", err)
 		return multistep.ActionHalt
 	}
 
+	ui.Sayf("Finished building base image %q", imageId)
+
 	config.Image = imageId
 
 	s.ran = true

diff --git a/docs-partials/builder/docker/Config-not-required.mdx b/docs-partials/builder/docker/Config-not-required.mdx
@@ -100,19 +100,20 @@
 
 - `platform` (string) - Set platform if server is multi-platform capable
 
-- `login` (bool) - This is used to login to dockerhub to pull a private base container. For
-  pushing to dockerhub, see the docker post-processors
+- `login` (bool) - This is used to login to a private docker repository (e.g., dockerhub)
+  to build or pull a private base container. For pushing to a private
+   repository, see the docker post-processors.
 
 - `login_password` (string) - The password to use to authenticate to login.
 
 - `login_server` (string) - The server address to login to.
 
 - `login_username` (string) - The username to use to authenticate to login.
 
-- `ecr_login` (bool) - Defaults to false. If true, the builder will login in order to pull the
-  image from Amazon EC2 Container Registry (ECR). The builder only logs in
-  for the duration of the pull. If true login_server is required and
-  login, login_username, and login_password will be ignored. For more
-  information see the section on ECR.
+- `ecr_login` (bool) - Defaults to false. If true, the builder will login in order to build or
+  pull the image from Amazon EC2 Container Registry (ECR). The builder
+  only logs in for the duration of the build or pull step. If true,
+  login_server is required and login, login_username, and login_password
+  will be ignored. For more information see the section on ECR.
 
 <!-- End of code generated from the comments of the Config struct in builder/docker/config.go; -->