From 51af91876f47f3597431a2bfea641fd09136f81b Mon Sep 17 00:00:00 2001
From: "J.Zimmerman" <john.zimm@gmail.com>
Date: Thu, 28 Sep 2017 16:57:57 -0700
Subject: [PATCH] Add a receipt so auth_cmd exec only runs when parameters
 change.

---
 README.md             | 14 ++++++++++++++
 manifests/registry.pp | 32 +++++++++++++++++++++++++-------
 2 files changed, 39 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 2ba750e1d..e8588e019 100755
--- a/README.md
+++ b/README.md
@@ -559,6 +559,20 @@ docker::registry { 'example.docker.io:5000':
 }
 ```
 
+By default the exec to add registries will run on every Puppet run.  To prevent this you can enable the use of a receipt.
+Caveat: If the values in config.json for this registry are modified outside of Puppet, puppet will not correct them unless the receipt file is removed from /root/.docker/
+
+Default: receipt => false
+
+```puppet
+docker::registry { 'example.docker.io:5000':
+  username => 'user',
+  password => 'secret',
+  email    => 'user@example.com',
+  receipt  => true,
+}
+```
+
 You can logout of a registry if it is no longer required.
 
 ```puppet
diff --git a/manifests/registry.pp b/manifests/registry.pp
index d85c6138f..287e86820 100644
--- a/manifests/registry.pp
+++ b/manifests/registry.pp
@@ -25,19 +25,27 @@
 # [*local_user*]
 #   The local user to log in as. Docker will store credentials in this
 #   users home directory
-#
+# 
+# [*receipt*]
+#   Creates a receipt file for this specific registry preventing the exec 
+#   modifing config.json from triggering every puppet run. 
+#   Caveat: if you modify the entry for this registry in 
+#   /root/.docker/config.json outside of puppet the exec won't trigger
+#   again unless the receipt is removed.
 #
 define docker::registry(
-  $server      = $title,
-  $ensure      = 'present',
-  $username    = undef,
-  $password    = undef,
-  $email       = undef,
-  $local_user  = 'root',
+  $server     = $title,
+  $ensure     = 'present',
+  $username   = undef,
+  $password   = undef,
+  $email      = undef,
+  $local_user = 'root',
+  $receipt    = false,
 ) {
   include docker::params
 
   validate_re($ensure, '^(present|absent)$')
+  validate_bool($receipt)
 
   $docker_command = $docker::params::docker_command
 
@@ -60,6 +68,15 @@
     $auth_environment = undef
   }
 
+  # Using Receipt?
+  if $receipt {
+    file { "/root/.docker/registry-auth-puppet_receipt_${title}":
+      ensure  => $ensure,
+      content => pw_hash("${title}${auth_environment}${auth_cmd}${local_user}", 'SHA-512', $local_user),
+      notify  => Exec["${title} auth"],
+    }
+  }
+
   exec { "${title} auth":
     environment => $auth_environment,
     command     => $auth_cmd,
@@ -67,6 +84,7 @@
     cwd         => '/root',
     path        => ['/bin', '/usr/bin'],
     timeout     => 0,
+    refreshonly => $receipt,
   }
 
 }