if there is a credential associated with an EE, create a JSON structure and write it to a file, then use that file to pull from protected registries from quay and edit the credential type for registries so that they combine the password and token fields into one field

awx/main/models/credential/__init__.py

@@ -1096,14 +1096,8 @@ ManagedCredentialType(
                 'type': 'string',
             },
             {
-                'id': 'password',
-                'label': ugettext_noop('Password'),
-                'type': 'string',
-                'secret': True,
-            },
-            {
-                'id': 'token',
-                'label': ugettext_noop('Access Token'),
+                'id': 'password/token',
+                'label': ugettext_noop('Password/Token'),
                 'type': 'string',
                 'secret': True,
                 'help_text': ugettext_noop('A token to use to authenticate with. ' 'This should not be set if username/password are being used.'),

awx/main/tasks.py

@@ -851,6 +851,17 @@ class BaseTask(object):
             "container_options": ['--user=root'],
         }
 
+        if instance.execution_environment.credential:
+            with open('/tmp/auth.json', 'w') as authfile:
+                host = instance.execution_environment.credential.get_input('host')
+                username = instance.execution_environment.credential.get_input('username')
+                password = instance.execution_environment.credential.get_input('password')
+                token = "{}:{}".format(username, password)
+                auth_data = {'auths': {host: {'auth': b64encode(token.encode('ascii')).decode()}}}
+                authfile.write(json.dumps(auth_data, indent=4))
+            authfile.close()
+            params["container_options"].append(f'--authfile={authfile.name}')
+
         pull = instance.execution_environment.pull
         if pull:
             params['container_options'].append(f'--pull={pull}')