WX-1595 GCP Batch: Fix metadata pulling from private GCR (#7464)

CHANGELOG.md

@@ -13,7 +13,8 @@ be found [here](https://cromwell.readthedocs.io/en/stable/backends/HPC/#optional
 
 ### GCP Batch
 
-The `genomics` configuration entry was renamed to `batch`, see [ReadTheDocs](https://cromwell.readthedocs.io/en/stable/backends/GCPBatch/) for more information.
+- The `genomics` configuration entry was renamed to `batch`, see [ReadTheDocs](https://cromwell.readthedocs.io/en/stable/backends/GCPBatch/) for more information.
+- Fixes pulling Docker image metadata from private GCR repositories.
 
 ### Improved handling of Life Sciences API quota errors
 

supportedBackends/google/batch/src/main/scala/cromwell/backend/google/batch/GcpBatchBackendLifecycleActorFactory.scala

@@ -14,15 +14,21 @@ import cromwell.backend.google.batch.GcpBatchBackendLifecycleActorFactory.{
 }
 import cromwell.backend.google.batch.actors._
 import cromwell.backend.google.batch.api.request.{BatchRequestExecutor, RequestHandler}
+import cromwell.backend.google.batch.authentication.GcpBatchDockerCredentials
 import cromwell.backend.google.batch.callcaching.{BatchBackendCacheHitCopyingActor, BatchBackendFileHashingActor}
-import cromwell.backend.google.batch.models.{GcpBatchConfiguration, GcpBatchConfigurationAttributes}
+import cromwell.backend.google.batch.models.{
+  GcpBackendInitializationData,
+  GcpBatchConfiguration,
+  GcpBatchConfigurationAttributes
+}
 import cromwell.backend.standard._
 import cromwell.backend.standard.callcaching.{StandardCacheHitCopyingActor, StandardFileHashingActor}
 import cromwell.cloudsupport.gcp.GoogleConfiguration
-import cromwell.core.CallOutputs
+import cromwell.cloudsupport.gcp.auth.GoogleAuthMode
+import cromwell.core.{CallOutputs, DockerCredentials}
 import wom.graph.CommandCallNode
 
-import scala.util.{Failure, Try}
+import scala.util.{Failure, Success, Try}
 
 class GcpBatchBackendLifecycleActorFactory(override val name: String,
                                            override val configurationDescriptor: BackendConfigurationDescriptor
@@ -104,6 +110,31 @@ class GcpBatchBackendLifecycleActorFactory(override val name: String,
       )(requestHandler)
     )
   }
+
+  override def dockerHashCredentials(
+    workflowDescriptor: BackendWorkflowDescriptor,
+    initializationData: Option[BackendInitializationData]
+  ): List[Any] =
+    Try(BackendInitializationData.as[GcpBackendInitializationData](initializationData)) match {
+      case Success(data) =>
+        val tokenFromWorkflowOptions = workflowDescriptor.workflowOptions
+          .get(GoogleAuthMode.DockerCredentialsTokenKey)
+          .toOption
+        val effectiveToken = tokenFromWorkflowOptions.orElse {
+          data.gcpBatchConfiguration.dockerCredentials.map(_.token)
+        }
+
+        val dockerCredentials: Option[GcpBatchDockerCredentials] = effectiveToken.map { token =>
+          // These credentials are being returned for hashing and all that matters in this context is the token
+          // so just `None` the auth and key.
+          val baseDockerCredentials = new DockerCredentials(token = token, authName = None, keyName = None)
+          GcpBatchDockerCredentials.apply(baseDockerCredentials, googleConfig)
+        }
+        val googleCredentials = Option(data.gcsCredentials)
+        List(dockerCredentials, googleCredentials).flatten
+
+      case _ => List.empty[Any]
+    }
 }
 
 object GcpBatchBackendLifecycleActorFactory extends StrictLogging {