docker-push: use isolated client configuration (#96)

* docker-push: use isolated client configuration

When running multiple `docker-push` post processors concurrently, there
was a race condition where one `docker-push` post processor would finish
and call `docker logout` to  remove the credentials for a given registry
while another `docker-push` post processor was still running, causing
the other `docker-push` post processor to no longer have access to the
registry credentials to perform a `docker push`.

Since the underlying `DockerDriver` shells out to raw `docker` commands,
calls to `Login` store registry credentials in the default Docker client
configuration directory. Additionally, calls to `Logout` remove registry
credentials from the default Docker client configuration directory.
Since Packer post processors are unaware of each other, one
`docker-push` post processor was removing registry credentials that
another `docker-push` post processor relied on.

These changes modify the `docker-push` post processor to use a
temporary, isolated Docker client configuration directory. This allows
each `docker-push` post processor to store registry credentials in an
isolated file that will not be accessed by another `docker-push` post
processor.

The implementation not modify the `Driver` interface, choosing instead
to add an exported field to the `DockerDriver` type that the
`docker-push` sets.

* Implement pull request feedback

* Update variable name

Author: sudomateo

builder/docker/driver_docker.go

@@ -20,6 +20,11 @@ type DockerDriver struct {
 	Ui  packersdk.Ui
 	Ctx *interpolate.Context
 
+	// The directory Docker should use to store its client configuration.
+	// Provides an isolated client configuration to each Docker operation to
+	// prevent race conditions.
+	ConfigDir string
+
 	l sync.Mutex
 }
 
@@ -220,8 +225,7 @@ func (d *DockerDriver) Login(repo, user, pass string) error {
 		return err
 	}
 
-	cmd := exec.Command("docker")
-	cmd.Args = append(cmd.Args, "login")
+	cmd := d.newCommandWithConfig("login")
 
 	if user != "" {
 		cmd.Args = append(cmd.Args, "-u", user)
@@ -260,24 +264,26 @@ func (d *DockerDriver) Login(repo, user, pass string) error {
 }
 
 func (d *DockerDriver) Logout(repo string) error {
-	args := []string{"logout"}
+	cmd := d.newCommandWithConfig("logout")
+
 	if repo != "" {
-		args = append(args, repo)
+		cmd.Args = append(cmd.Args, repo)
 	}
 
-	cmd := exec.Command("docker", args...)
 	err := runAndStream(cmd, d.Ui)
 	d.l.Unlock()
 	return err
 }
 
 func (d *DockerDriver) Pull(image string) error {
-	cmd := exec.Command("docker", "pull", image)
+	cmd := d.newCommandWithConfig("pull", image)
+
 	return runAndStream(cmd, d.Ui)
 }
 
 func (d *DockerDriver) Push(name string) error {
-	cmd := exec.Command("docker", "push", name)
+	cmd := d.newCommandWithConfig("push", name)
+
 	return runAndStream(cmd, d.Ui)
 }
 
@@ -453,3 +459,15 @@ func (d *DockerDriver) Version() (*version.Version, error) {
 
 	return version.NewVersion(string(match[0]))
 }
+
+func (d *DockerDriver) newCommandWithConfig(args ...string) *exec.Cmd {
+	cmd := exec.Command("docker")
+
+	if d.ConfigDir != "" {
+		cmd.Args = append(cmd.Args, "--config", d.ConfigDir)
+	}
+
+	cmd.Args = append(cmd.Args, args...)
+
+	return cmd
+}

post-processor/docker-push/post-processor.go

@@ -5,6 +5,7 @@ package dockerpush
 import (
 	"context"
 	"fmt"
+	"os"
 
 	"github.com/hashicorp/hcl/v2/hcldec"
 	"github.com/hashicorp/packer-plugin-docker/builder/docker"
@@ -69,8 +70,32 @@ func (p *PostProcessor) PostProcess(ctx context.Context, ui packersdk.Ui, artifa
 
 	driver := p.Driver
 	if driver == nil {
+		var configDir string
+
+		if _, ok := os.LookupEnv("DOCKER_CONFIG"); !ok {
+			ui.Message("Creating temporary Docker configuration directory")
+			tmpDir, err := os.MkdirTemp("", "packer")
+			if err != nil {
+				return nil, false, false, fmt.Errorf(
+					"Error creating temporary Docker configuration directory: %s", err)
+			}
+			configDir = tmpDir
+
+			defer func() {
+				ui.Message("Removing temporary Docker configuration directory")
+				if err := os.RemoveAll(tmpDir); err != nil {
+					ui.Error(
+						fmt.Sprintf("Error removing temporary Docker configuration directory: %s", err))
+				}
+			}()
+		}
+
 		// If no driver is set, then we use the real driver
-		driver = &docker.DockerDriver{Ctx: &p.config.ctx, Ui: ui}
+		driver = &docker.DockerDriver{
+			Ctx:       &p.config.ctx,
+			Ui:        ui,
+			ConfigDir: configDir,
+		}
 	}
 
 	if p.config.EcrLogin {