feat(registry): add initial support to auth to an external Registry on per app basis

[helgi]

Summary of Changes

This will allow for setting username and password for an external registry to pull images from

IMAGE_AUTH_USER and IMAGE_AUTH_PASSWORD are support via config:set and this is per application.

Currently Docker Hub and Quay are supported and a basic support for long lived tokens under gcr.io - ECR is not supported at this time.

For GCR see https://cloud.google.com/container-registry/docs/auth#using_a_json_key_file
The JSON blob needs to be compacted using jq -c . or similar before being set

The UX for this will change, very soon. Doing a separate PR for that

Issue(s) that this PR Closes

Please list the issue(s) that this PR closes, similar to the below:
ref #639
ref #253

Associated End To End Test PR(s)

Will come when UX has been sorted out

Associated Documentation PR(s)

Will come when UX has been sorted out

Associated Design Document(s)

deis/workflow#163
#639

Testing Instructions

Please provide a detailed list for how to test the changes in this PR.

1. Create a Deis Cluster
2. Register an app
3. Create a Private Repo on Quay.io
4. Set user / pw via IMAGE_AUTH_USER and IMAGE_AUTH_PASSWORD using config:set for the app
5. Do deis pull referencing an image in a private repo

Also, please provide a description of the desired result after the tester completes the above steps.

1. The app called "abcd" should be deployed using the private image

Pull Request Hygiene TODOs

Please make sure the below checklist is complete.

• Your pull request is concise and to the point (make another PR for refactoring nearby code)
• Your commits are squashed into logical units of work
• Your commits follow the commit style guidelines

🌸 Thank you! 🌸

[codecov-io]

Current coverage is 82.67%

Merging #649 into master will increase coverage by +0.27% as of 37a449a

@@            master    #649   diff @@
======================================
  Files           29      29       
  Stmts         2444    2465    +21
  Branches       364     369     +5
  Methods          0       0       
======================================
+ Hit           2014    2038    +24
+ Partial        121     120     -1
+ Missed         309     307     -2

Review entire Coverage Diff as of 37a449a

Powered by Codecov. Updated on successful CI builds.

[bacongobbler]

This might be a clean way to attach credentials to a git push deis master as well. 👍

Could you also please write out some junk e2e tests and some documentation in deis/workflow?

[helgi]

@bacongobbler Not going to write e2e or documentation for this PR, going to do it when I finish the UX, which will be tomorrow most likely. I wanted to keep separation of concerns, as to not overload a single PR

[bacongobbler]

Isn't the UX just deis config:set IMAGE_AUTH_USER=bacongobbler IMAGE_AUTH_PASSWORD=secret as per deis/workflow#163, or is there another proposal on the way?

[helgi]

There is a different UX being talked about, it's basically making registry a top level object like tags, thay way credentials don't make their way into env vars

[aledbf]

@helgi why not imagePullSecrets in the spec?

[helgi]

@alefsbf Next iteration (happening soon) will include that option - this time around I am pulling into local registry