Registry elastic.co return 401 unauthorized

[YoannMa]

Hi, it seems that elastic.co changed how the registry authentication works and is breaking the provider.

When requesting the manifest, I receive a 401 Unauthorized with the correct WWW-Authenticate header redirecting you to https://docker-auth.elastic.co/auth

The token returned by the authentication service is stored in the access_token attribute instead of token

docker pull docker.elastic.co/elasticsearch/elasticsearch:7.6.0 works fine on Docker 19.03.5

Terraform Version

Terraform v0.12.20
+ provider.docker v2.7.0

Affected Resource(s)

• docker_registry_image
• docker_image
• (maybe more ?)

Terraform Configuration Files

provider "docker" {}

data "docker_registry_image" "elasticsearch" {
  name = "docker.elastic.co/elasticsearch/elasticsearch:7.6.0"
}

resource "docker_image" "elasticsearch" {
  name = data.docker_registry_image.elasticsearch.name

  pull_triggers = [
    data.docker_registry_image.elasticsearch.sha256_digest
  ]
}

Debug Output

https://gist.github.com/YoannMa/1fb27a4d71aa12d72dc21ac506018deb

Expected Behavior

As Docker cli works fine I suppose the image should have been pulled without issue

Actual Behavior

Got error when attempting to fetch image version from registry: Got bad response from registry: 401 Unauthorized

Steps to Reproduce

1. terraform init
2. terraform plan

Important Factoids

It was working fine until today so I think Elastic changed their authentication method not long ago

I made it work by building myself the provider and changing few things but I never done any Go before

type TokenResponse struct {
    Token string
    AccessToken string `json:"access_token"`
}

if token.AccessToken != "" {
    req.Header.Set("Authorization", "Bearer "+token.AccessToken)
 } else {
    req.Header.Set("Authorization", "Bearer "+token.Token)
}