From 43dbdff91e5176d79806e95f55cd07f1ba39c46d Mon Sep 17 00:00:00 2001
From: Sergey Serebryakov <serebryakov.sergey@gmail.com>
Date: Tue, 8 Aug 2023 15:15:08 -0700
Subject: [PATCH] Support for docker user name and password environmen
 variables. (#337)

This commit adds capability to provide docker user name and password via two environment variables - `SINGULARITY_DOCKER_USERNAME` and `SINGULARITY_DOCKER_PASSWORD`. If these variables found (when retrieving image manifest), JSON configuration files (such as `~/.docker/config.json`) are not scanned.
---
 .../mlcube_singularity/singularity_client.py  | 37 ++++++++++++++-----
 1 file changed, 27 insertions(+), 10 deletions(-)

diff --git a/runners/mlcube_singularity/mlcube_singularity/singularity_client.py b/runners/mlcube_singularity/mlcube_singularity/singularity_client.py
index 14a1fdf..17d2036 100644
--- a/runners/mlcube_singularity/mlcube_singularity/singularity_client.py
+++ b/runners/mlcube_singularity/mlcube_singularity/singularity_client.py
@@ -1,6 +1,7 @@
 import base64
 import json
 import logging
+import os
 import platform
 import typing as t
 from enum import Enum
@@ -578,21 +579,37 @@ def _get_authentication_token(www_authenticate: t.Optional[str], auth_key: str)
     )
 
     url: t.Optional[str] = parsed.pop("realm", None)
-    loggable_url: t.Optional[str] = url
-
-    auth_token: t.Optional[str] = _get_auth_token(auth_key)
-    if auth_token:
-        logger.info("_get_authentication_token using auth token from config file.")
-        if url.startswith("https://"):
-            url = url[8:]
-        loggable_url = f"https://***:***@{url}"
-        url = "https://" + base64.b64decode(auth_token).decode() + "@" + url
-
     if not url:
         raise MLCubeError(
             f"_get_authentication_token unrecognized www_authenticate format (www_authenticate={www_authenticate}, "
             f"parsed={parsed})."
         )
+    loggable_url: str = url
+
+    if url.startswith("https://"):
+        url = url[8:]
+
+    if os.environ.get("SINGULARITY_DOCKER_USERNAME", None) and os.environ.get(
+        "SINGULARITY_DOCKER_PASSWORD", None
+    ):
+        logger.info(
+            "_get_authentication_token found docker username (SINGULARITY_DOCKER_USERNAME) and "
+            "password (SINGULARITY_DOCKER_PASSWORD) environment variables."
+        )
+        loggable_url = f"https://***:***@{url}"
+        username, password = (
+            os.environ["SINGULARITY_DOCKER_USERNAME"],
+            os.environ["SINGULARITY_DOCKER_PASSWORD"],
+        )
+        url = f"{username}:{password}@{url}"
+    else:
+        auth_token: t.Optional[str] = _get_auth_token(auth_key)
+        if auth_token:
+            logger.info("_get_authentication_token using auth token from config file.")
+            loggable_url = f"https://***:***@{url}"
+            url = base64.b64decode(auth_token).decode() + "@" + url
+
+    url = f"https://{url}"
     logger.debug(
         "_get_authentication_token requesting token at %s for %s.", loggable_url, parsed
     )