From ce0cc752d985b82ca52e6d7f769329486f68ccf7 Mon Sep 17 00:00:00 2001
From: Alex Schultz <aschultz@redhat.com>
Date: Tue, 6 Aug 2019 16:41:25 -0600
Subject: [PATCH] [Queens] Enable container auth support

In queens we didn't use the ansible-role-container-registry so we need
to port the ansible logic that we use into puppet for the docker
service configuration.

Closes-Bug: #1833584
Depends-On: https://review.opendev.org/#/c/670082/
Change-Id: I5ee8f8b17ad3424a3bf9d4a420d6c65ab977c6b7
---
 puppet/services/docker.yaml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/puppet/services/docker.yaml b/puppet/services/docker.yaml
index 71ab3d6012..03c271bfc6 100644
--- a/puppet/services/docker.yaml
+++ b/puppet/services/docker.yaml
@@ -68,6 +68,23 @@ parameters:
     default: ''
     description: User added to the docker group in order to use container commands.
     type: string
+  ContainerImageRegistryLogin:
+    type: boolean
+    default: false
+    description: Flag to enable container registry login actions during the deployment.
+                 Setting this to true will cause login calls to be performed during the
+                 deployment.
+  ContainerImageRegistryCredentials:
+    type: json
+    hidden: true
+    default: {}
+    description: |
+      Mapping of image registry hosts to login credentials. Must be in the following example format
+
+        docker.io:
+          username: pa55word
+        '192.0.2.1:8787':
+          registry_username: password
 
 conditions:
   insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, []]}
@@ -75,6 +92,7 @@ conditions:
   service_debug_unset: {equals : [{get_param: DockerDebug}, '']}
   deployment_user_is_empty: {equals : [{get_param: DeploymentUser}, '']}
   additional_sockets_is_empty: {equals : [{get_param: DockerAdditionalSockets}, []]}
+  container_registry_login: {equals: [{get_param: ContainerImageRegistryLogin}, true]}
 
 outputs:
   role_data:
@@ -111,6 +129,10 @@ outputs:
             - additional_sockets_is_empty
             - {}
             - tripleo::profile::base::docker::additional_sockets: {get_param: DockerAdditionalSockets}
+          - if:
+            - container_registry_login
+            - tripleo::profile::base::docker::registry_credentials: {get_param: ContainerImageRegistryCredentials }
+            - {}
       step_config: |
         include ::tripleo::profile::base::docker
       upgrade_tasks: