feat: allow other credential helpers in Finch VM (#1265)

Signed-off-by: Austin Vazquez <macedonv@amazon.com>

pkg/config/nerdctl_config_applier.go

@@ -91,11 +91,18 @@ func addLineToBashrc(fs afero.Fs, profileFilePath string, profStr string, cmd st
 func updateEnvironment(fs afero.Fs, fc *Finch, finchDir, homeDir, limaVMHomeDir string) error {
 	cmdArr := []string{
 		`export DOCKER_CONFIG="$FINCH_DIR"`,
-		"[ -L /usr/local/bin/docker-credential-ecr-login ] " +
-			`|| sudo ln -s "$FINCH_DIR"/cred-helpers/docker-credential-ecr-login /usr/local/bin/`,
 		`[ -L /root/.aws ] || sudo ln -fs "$AWS_DIR" /root/.aws`,
 	}
 
+	//nolint:gosec // G101: Potential hardcoded credentials false positive
+	const configureCredHelperTemplate = `([ -e "$FINCH_DIR"/cred-helpers/docker-credential-%s ] 
+|| (echo "error: docker-credential-%s not found in $FINCH_DIR/cred-helpers directory.")) && 
+([ -L /usr/local/bin/docker-credential-%s ] || sudo ln -s "$FINCH_DIR"/cred-helpers/docker-credential-%s /usr/local/bin)`
+
+	for _, credHelper := range fc.CredsHelpers {
+		cmdArr = append(cmdArr, fmt.Sprintf(configureCredHelperTemplate, credHelper, credHelper, credHelper, credHelper))
+	}
+
 	awsDir := fmt.Sprintf("%s/.aws", homeDir)
 
 	if *fc.VMType == "wsl2" {

pkg/config/nerdctl_config_applier_test.go

@@ -67,7 +67,6 @@ func Test_updateEnvironment(t *testing.T) {
 FINCH_DIR=/finch/dir
 AWS_DIR=/home/dir/.aws
 export DOCKER_CONFIG="$FINCH_DIR"
-[ -L /usr/local/bin/docker-credential-ecr-login ] || sudo ln -s "$FINCH_DIR"/cred-helpers/docker-credential-ecr-login /usr/local/bin/
 [ -L /root/.aws ] || sudo ln -fs "$AWS_DIR" /root/.aws
 [ -L /home/mock_user.linux/.finch ] || ln -s $FINCH_DIR /home/mock_user.linux/.finch`), string(fileBytes))
 			},
@@ -95,7 +94,6 @@ export DOCKER_CONFIG="$FINCH_DIR"
 FINCH_DIR=/finch/dir
 AWS_DIR=/home/dir/.aws
 export DOCKER_CONFIG="$FINCH_DIR"
-[ -L /usr/local/bin/docker-credential-ecr-login ] || sudo ln -s "$FINCH_DIR"/cred-helpers/docker-credential-ecr-login /usr/local/bin/
 [ -L /root/.aws ] || sudo ln -fs "$AWS_DIR" /root/.aws)
 [ -L /home/mock_user.linux/.finch ] || ln -s $FINCH_DIR /home/mock_user.linux/.finch`,
 						),
@@ -110,7 +108,6 @@ export DOCKER_CONFIG="$FINCH_DIR"
 FINCH_DIR=/finch/dir
 AWS_DIR=/home/dir/.aws
 export DOCKER_CONFIG="$FINCH_DIR"
-[ -L /usr/local/bin/docker-credential-ecr-login ] || sudo ln -s "$FINCH_DIR"/cred-helpers/docker-credential-ecr-login /usr/local/bin/
 [ -L /root/.aws ] || sudo ln -fs "$AWS_DIR" /root/.aws)
 [ -L /home/mock_user.linux/.finch ] || ln -s $FINCH_DIR /home/mock_user.linux/.finch`), string(fileBytes))
 			},
@@ -140,6 +137,82 @@ export DOCKER_CONFIG="$FINCH_DIR"
 				},
 			),
 		},
+		{
+			name: "put docker-credential-ecr-login in path",
+			cfg: &Finch{
+				SystemSettings: SystemSettings{
+					SharedSystemSettings: SharedSystemSettings{
+						VMType: pointer.String("vz"),
+					},
+				},
+				SharedSettings: SharedSettings{
+					CredsHelpers: []string{"ecr-login"},
+				},
+			},
+			finchDir:      "/finch/dir",
+			homeDir:       "/home/dir",
+			limaVMHomeDir: "/home/mock_user.linux",
+			mockSvc: func(t *testing.T, fs afero.Fs) {
+				require.NoError(t, afero.WriteFile(fs, "/home/mock_user.linux/.bashrc", []byte(""), 0o644))
+			},
+			postRunCheck: func(t *testing.T, fs afero.Fs) {
+				fileBytes, err := afero.ReadFile(fs, "/home/mock_user.linux/.bashrc")
+				require.NoError(t, err)
+				assert.Equal(t, string(
+					"\nFINCH_DIR=/finch/dir\n"+
+						"AWS_DIR=/home/dir/.aws\n"+
+						"export DOCKER_CONFIG=\"$FINCH_DIR\"\n"+
+						"[ -L /root/.aws ] || sudo ln -fs \"$AWS_DIR\" /root/.aws\n"+
+						"([ -e \"$FINCH_DIR\"/cred-helpers/docker-credential-ecr-login ] \n"+
+						"|| (echo \"error: docker-credential-ecr-login not found in $FINCH_DIR/cred-helpers directory.\")) && \n"+
+						"([ -L /usr/local/bin/docker-credential-ecr-login ] "+
+						"|| sudo ln -s \"$FINCH_DIR\"/cred-helpers/docker-credential-ecr-login /usr/local/bin)\n"+
+						"[ -L /home/mock_user.linux/.finch ] || ln -s $FINCH_DIR /home/mock_user.linux/.finch"),
+					string(fileBytes),
+				)
+			},
+			want: nil,
+		},
+		{
+			name: "put docker-credential-ecr-login and secretservice in path",
+			cfg: &Finch{
+				SystemSettings: SystemSettings{
+					SharedSystemSettings: SharedSystemSettings{
+						VMType: pointer.String("vz"),
+					},
+				},
+				SharedSettings: SharedSettings{
+					CredsHelpers: []string{"ecr-login", "secretservice"},
+				},
+			},
+			finchDir:      "/finch/dir",
+			homeDir:       "/home/dir",
+			limaVMHomeDir: "/home/mock_user.linux",
+			mockSvc: func(t *testing.T, fs afero.Fs) {
+				require.NoError(t, afero.WriteFile(fs, "/home/mock_user.linux/.bashrc", []byte(""), 0o644))
+			},
+			postRunCheck: func(t *testing.T, fs afero.Fs) {
+				fileBytes, err := afero.ReadFile(fs, "/home/mock_user.linux/.bashrc")
+				require.NoError(t, err)
+				assert.Equal(t, string(
+					"\nFINCH_DIR=/finch/dir\n"+
+						"AWS_DIR=/home/dir/.aws\n"+
+						"export DOCKER_CONFIG=\"$FINCH_DIR\"\n"+
+						"[ -L /root/.aws ] || sudo ln -fs \"$AWS_DIR\" /root/.aws\n"+
+						"([ -e \"$FINCH_DIR\"/cred-helpers/docker-credential-ecr-login ] \n"+
+						"|| (echo \"error: docker-credential-ecr-login not found in $FINCH_DIR/cred-helpers directory.\")) && \n"+
+						"([ -L /usr/local/bin/docker-credential-ecr-login ] "+
+						"|| sudo ln -s \"$FINCH_DIR\"/cred-helpers/docker-credential-ecr-login /usr/local/bin)\n"+
+						"([ -e \"$FINCH_DIR\"/cred-helpers/docker-credential-secretservice ] \n"+
+						"|| (echo \"error: docker-credential-secretservice not found in $FINCH_DIR/cred-helpers directory.\")) && \n"+
+						"([ -L /usr/local/bin/docker-credential-secretservice ] "+
+						"|| sudo ln -s \"$FINCH_DIR\"/cred-helpers/docker-credential-secretservice /usr/local/bin)\n"+
+						"[ -L /home/mock_user.linux/.finch ] || ln -s $FINCH_DIR /home/mock_user.linux/.finch"),
+					string(fileBytes),
+				)
+			},
+			want: nil,
+		},
 	}
 
 	for _, tc := range testCases {