From 7c57aebd46efd892b53d8b27d51202d82cf8f038 Mon Sep 17 00:00:00 2001
From: Rebeccah <rhunter@redhat.com>
Date: Wed, 24 Mar 2021 11:44:40 -0400
Subject: [PATCH] if there is a credential associated with an EE, create a JSON
 structure and write it to a file, then use that file to pull from protected
 registries from quay and edit the credential type for registries so that they
 combine the password and token fields into one field

---
 awx/main/models/credential/__init__.py | 10 ++--------
 awx/main/tasks.py                      | 11 +++++++++++
 2 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/awx/main/models/credential/__init__.py b/awx/main/models/credential/__init__.py
index f37bfee884..77ee3fe106 100644
--- a/awx/main/models/credential/__init__.py
+++ b/awx/main/models/credential/__init__.py
@@ -1096,14 +1096,8 @@ ManagedCredentialType(
                 'type': 'string',
             },
             {
-                'id': 'password',
-                'label': ugettext_noop('Password'),
-                'type': 'string',
-                'secret': True,
-            },
-            {
-                'id': 'token',
-                'label': ugettext_noop('Access Token'),
+                'id': 'password/token',
+                'label': ugettext_noop('Password/Token'),
                 'type': 'string',
                 'secret': True,
                 'help_text': ugettext_noop('A token to use to authenticate with. ' 'This should not be set if username/password are being used.'),
diff --git a/awx/main/tasks.py b/awx/main/tasks.py
index 0acaee3b9c..31d029daf0 100644
--- a/awx/main/tasks.py
+++ b/awx/main/tasks.py
@@ -851,6 +851,17 @@ class BaseTask(object):
             "container_options": ['--user=root'],
         }
 
+        if instance.execution_environment.credential:
+            with open('/tmp/auth.json', 'w') as authfile:
+                host = instance.execution_environment.credential.get_input('host')
+                username = instance.execution_environment.credential.get_input('username')
+                password = instance.execution_environment.credential.get_input('password')
+                token = "{}:{}".format(username, password)
+                auth_data = {'auths': {host: {'auth': b64encode(token.encode('ascii')).decode()}}}
+                authfile.write(json.dumps(auth_data, indent=4))
+            authfile.close()
+            params["container_options"].append(f'--authfile={authfile.name}')
+
         pull = instance.execution_environment.pull
         if pull:
             params['container_options'].append(f'--pull={pull}')