From 2da5dcdc4a567297f67772c26cfd9c1b7f5fd76d Mon Sep 17 00:00:00 2001
From: Austin Vazquez <macedonv@amazon.com>
Date: Fri, 31 Jan 2025 13:21:19 -0800
Subject: [PATCH] feat: allow other credential helpers in Finch VM

Signed-off-by: Austin Vazquez <macedonv@amazon.com>
---
 pkg/config/nerdctl_config_applier.go      | 11 ++++-
 pkg/config/nerdctl_config_applier_test.go | 52 +++++++++++++++++++++--
 2 files changed, 58 insertions(+), 5 deletions(-)

diff --git a/pkg/config/nerdctl_config_applier.go b/pkg/config/nerdctl_config_applier.go
index 9dbe97adc..dc522a697 100644
--- a/pkg/config/nerdctl_config_applier.go
+++ b/pkg/config/nerdctl_config_applier.go
@@ -91,11 +91,18 @@ func addLineToBashrc(fs afero.Fs, profileFilePath string, profStr string, cmd st
 func updateEnvironment(fs afero.Fs, fc *Finch, finchDir, homeDir, limaVMHomeDir string) error {
 	cmdArr := []string{
 		`export DOCKER_CONFIG="$FINCH_DIR"`,
-		"[ -L /usr/local/bin/docker-credential-ecr-login ] " +
-			`|| sudo ln -s "$FINCH_DIR"/cred-helpers/docker-credential-ecr-login /usr/local/bin/`,
 		`[ -L /root/.aws ] || sudo ln -fs "$AWS_DIR" /root/.aws`,
 	}
 
+	for _, credHelper := range fc.CredsHelpers {
+		cmdArr = append(cmdArr,
+			fmt.Sprintf(
+				`[ -L /usr/local/bin/docker-credential-%s ] || sudo ln -s "$FINCH_DIR"/cred-helpers/docker-credential-%s /usr/local/bin/`,
+				credHelper, credHelper,
+			),
+		)
+	}
+
 	awsDir := fmt.Sprintf("%s/.aws", homeDir)
 
 	if *fc.VMType == "wsl2" {
diff --git a/pkg/config/nerdctl_config_applier_test.go b/pkg/config/nerdctl_config_applier_test.go
index 5039506cd..478fc8eb7 100644
--- a/pkg/config/nerdctl_config_applier_test.go
+++ b/pkg/config/nerdctl_config_applier_test.go
@@ -67,7 +67,6 @@ func Test_updateEnvironment(t *testing.T) {
 FINCH_DIR=/finch/dir
 AWS_DIR=/home/dir/.aws
 export DOCKER_CONFIG="$FINCH_DIR"
-[ -L /usr/local/bin/docker-credential-ecr-login ] || sudo ln -s "$FINCH_DIR"/cred-helpers/docker-credential-ecr-login /usr/local/bin/
 [ -L /root/.aws ] || sudo ln -fs "$AWS_DIR" /root/.aws
 [ -L /home/mock_user.linux/.finch ] || ln -s $FINCH_DIR /home/mock_user.linux/.finch`), string(fileBytes))
 			},
@@ -95,7 +94,6 @@ export DOCKER_CONFIG="$FINCH_DIR"
 FINCH_DIR=/finch/dir
 AWS_DIR=/home/dir/.aws
 export DOCKER_CONFIG="$FINCH_DIR"
-[ -L /usr/local/bin/docker-credential-ecr-login ] || sudo ln -s "$FINCH_DIR"/cred-helpers/docker-credential-ecr-login /usr/local/bin/
 [ -L /root/.aws ] || sudo ln -fs "$AWS_DIR" /root/.aws)
 [ -L /home/mock_user.linux/.finch ] || ln -s $FINCH_DIR /home/mock_user.linux/.finch`,
 						),
@@ -110,7 +108,6 @@ export DOCKER_CONFIG="$FINCH_DIR"
 FINCH_DIR=/finch/dir
 AWS_DIR=/home/dir/.aws
 export DOCKER_CONFIG="$FINCH_DIR"
-[ -L /usr/local/bin/docker-credential-ecr-login ] || sudo ln -s "$FINCH_DIR"/cred-helpers/docker-credential-ecr-login /usr/local/bin/
 [ -L /root/.aws ] || sudo ln -fs "$AWS_DIR" /root/.aws)
 [ -L /home/mock_user.linux/.finch ] || ln -s $FINCH_DIR /home/mock_user.linux/.finch`), string(fileBytes))
 			},
@@ -140,6 +137,55 @@ export DOCKER_CONFIG="$FINCH_DIR"
 				},
 			),
 		},
+		{
+			name: "put docker-credential-ecr-login in path",
+			cfg: &Finch{
+				SharedSettings: SharedSettings{
+					CredsHelpers: []string{"ecr-login"},
+				},
+			},
+			finchDir:      "/finch/dir",
+			homeDir:       "/home/dir",
+			limaVMHomeDir: "/home/mock_user.linux",
+			mockSvc:       func(_ *testing.T, _ afero.Fs) {},
+			postRunCheck: func(t *testing.T, fs afero.Fs) {
+				fileBytes, err := afero.ReadFile(fs, "/home/mock_user.linux/.bashrc")
+				require.NoError(t, err)
+				assert.Equal(t, string(`
+FINCH_DIR=/finch/dir
+AWS_DIR=/home/dir/.aws
+export DOCKER_CONFIG="$FINCH_DIR"
+[ -L /usr/local/bin/docker-credential-ecr-login ] || sudo ln -s "$FINCH_DIR"/cred-helpers/docker-credential-ecr-login /usr/local/bin/
+[ -L /root/.aws ] || sudo ln -fs "$AWS_DIR" /root/.aws)
+[ -L /home/mock_user.linux/.finch ] || ln -s $FINCH_DIR /home/mock_user.linux/.finch`), string(fileBytes))
+			},
+			want: nil,
+		},
+		{
+			name: "put docker-credential-ecr-login and secretservice in path",
+			cfg: &Finch{
+				SharedSettings: SharedSettings{
+					CredsHelpers: []string{"ecr-login", "secretservice"},
+				},
+			},
+			finchDir:      "/finch/dir",
+			homeDir:       "/home/dir",
+			limaVMHomeDir: "/home/mock_user.linux",
+			mockSvc:       func(_ *testing.T, _ afero.Fs) {},
+			postRunCheck: func(t *testing.T, fs afero.Fs) {
+				fileBytes, err := afero.ReadFile(fs, "/home/mock_user.linux/.bashrc")
+				require.NoError(t, err)
+				assert.Equal(t, string(`
+FINCH_DIR=/finch/dir
+AWS_DIR=/home/dir/.aws
+export DOCKER_CONFIG="$FINCH_DIR"
+[ -L /usr/local/bin/docker-credential-ecr-login ] || sudo ln -s "$FINCH_DIR"/cred-helpers/docker-credential-ecr-login /usr/local/bin/
+[ -L /usr/local/bin/docker-credential-secretservice ] || sudo ln -s "$FINCH_DIR"/cred-helpers/docker-credential-secretservice /usr/local/bin/
+[ -L /root/.aws ] || sudo ln -fs "$AWS_DIR" /root/.aws)
+[ -L /home/mock_user.linux/.finch ] || ln -s $FINCH_DIR /home/mock_user.linux/.finch`), string(fileBytes))
+			},
+			want: nil,
+		},
 	}
 
 	for _, tc := range testCases {