Incorrect documentation around docker auth

[geekodour]

https://developer.hashicorp.com/nomad/docs/v1.6.x/drivers/docker#authentication
mentions the following

plugin "docker" {
  config {
    auth {
      helper = "ecr-login"
    }
  }
}

while as per

nomad/drivers/docker/config.go

Lines 60 to 63 in a3b1810

	if v, ok := opts["docker.auth.helper"]; ok {
	authConf["helper"] = v
	}
	conf["auth"] = authConf

it should be

plugin "docker" {
    auth {
      helper = "ecr-login"
    }
}

[geekodour]

In nixos config, it would go file

      plugin = {
        docker."auth.helper" = "ecr-login";
      };

Update: The above did not actually work, what worked in nixos+nomad for specifying plugin options is the following:

• see https://discuss.hashicorp.com/t/what-is-the-best-way-to-configure-nomad-to-pull-from-ecr-private-registries/20939/7
• see (json parse) Plugin Stanza does not parse JSON correctly #7981

# ecr support for docker
# 1. IAM role to be assumed by ec2 instance
# 2. Needs docker-credential-ecr-login to be installed on the machine
# echo "<acc>.dkr.ecr.<region>.amazonaws.com/<repo>" | docker-credential-ecr-login get
# NOTE: If other public images start failing, we'd need to use "auth_soft_fail"

      plugin = [{
        docker = [{
            config = [{
              auth = [{
                # NOTE: We're not specifying the config directly, so no
                #       additional handling of docker config is required
                # NOTE: If we needed to use config, we'd do it something like:
                #       config = "/etc/docker/config.json";
                helper = "ecr-login";
              }];
            }];
        }];
      }];

[pkazmierczak]

Hi @geekodour, thanks for filing an issue! I'm afraid the documentation is correct, though, plugin configuration must live within a config block. Have a look at the configSpec structure to better understand how plugin config is parsed.

[geekodour]

@pkazmierczak yes you're right, I've updated my previous comment to reflect the same. Apologies for the confusion!

[geekodour]

@tgross ^ updated the comment with appropriate config that worked. Think it's an issue already being tracked.

[github-actions]

I'm going to lock this issue because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.