feature: support environment variable auth

Author: hhyasdf

Diff for: .github/ISSUE_TEMPLATE/bug-report.md

@@ -25,7 +25,5 @@ Type: *bug report*
 ### Environment
 - image-syncer version:
 - OS (e.g. `cat /etc/os-release`):
-- Kernel (e.g. `uname -a`):
-- Kubernetes version:
-- Install tools:
+- Registry version (e.g. `habor`):
 - Others:

Diff for: README-zh_CN.md

@@ -75,8 +75,8 @@ ACR(Ali Container Registry) 是阿里云提供的容器镜像服务，ACR企业
 
     "quay.io": {    // 支持 "registry" 和 "registry/namespace"（v1.0.3之后的版本） 的形式，需要跟下面images中的registry(registry/namespace)对应
                     // images中被匹配到的的url会使用对应账号密码进行镜像同步, 优先匹配 "registry/namespace" 的形式
-        "username": "xxx",               // 用户名，可选
-        "password": "xxxxxxxxx",         // 密码，可选
+        "username": "xxx",               // 用户名，可选，（v1.3.1 之后支持）valuse 使用 "${env}" 或者 "$env" 类型的字符串可以引用环境变量
+        "password": "xxxxxxxxx",         // 密码，可选，（v1.3.1 之后支持）valuse 使用 "${env}" 或者 "$env" 类型的字符串可以引用环境变量
         "insecure": true                 // registry是否是http服务，如果是，insecure 字段需要为true，默认是false，可选，支持这个选项需要image-syncer版本 > v1.0.1
     },
     "registry.cn-beijing.aliyuncs.com": {

Diff for: README.md

@@ -62,8 +62,8 @@ Authentication file holds all the authentication information for each registry,
 
     "quay.io": {        // This "registry" or "registry/namespace" string should be the same as registry or registry/namespace used below in "images" field.  
                             // The format of "registry/namespace" will be more prior matched than "registry"
-        "username": "xxx",             
-        "password": "xxxxxxxxx",
+        "username": "xxx",       // Optional, if the value is a string of "${env}" or "$env", image-syncer will try to find the value in environment variables, after v1.3.1       
+        "password": "xxxxxxxxx", // Optional, if the value is a string of "${env}" or "$env", image-syncer will try to find the value in environment variables, after v1.3.1
         "insecure": true         // "insecure" field needs to be true if this registry is a http service, default value is false, version of image-syncer need to be later than v1.0.1 to support this field
     },
     "registry.cn-beijing.aliyuncs.com": {

Diff for: pkg/client/config.go

@@ -55,6 +55,7 @@ func NewSyncConfig(configFile, authFilePath, imageFilePath, defaultDestRegistry,
 				return nil, fmt.Errorf("decode auth file %v error: %v", authFilePath, err)
 			}
 		}
+		config.AuthList = expandEnv(config.AuthList)
 
 		if err := openAndDecode(imageFilePath, &config.ImageList); err != nil {
 			return nil, fmt.Errorf("decode image file %v error: %v", imageFilePath, err)
@@ -116,3 +117,21 @@ func (c *Config) GetAuth(registry string, namespace string) (Auth, bool) {
 func (c *Config) GetImageList() map[string]string {
 	return c.ImageList
 }
+
+func expandEnv(authMap map[string]Auth) map[string]Auth {
+
+	result := make(map[string]Auth)
+
+	for registry, auth := range authMap {
+		pwd := os.ExpandEnv(auth.Password)
+		name := os.ExpandEnv(auth.Username)
+		newAuth := Auth{
+			Username: name,
+			Password: pwd,
+			Insecure: auth.Insecure,
+		}
+		result[registry] = newAuth
+	}
+
+	return result
+}