Replace k8s secret's default server values

 When approriating the .dockerconfigjson secrets for Container Metadata retrieval
 replace the default `https://index.docker.io/v1/` or `domain.io` docker-server values
 to `registry-1.docker.io`.

 Backport #4428
 Resolves #4429

Author: tzolov

spring-cloud-dataflow-container-registry/src/main/java/org/springframework/cloud/dataflow/container/registry/ContainerRegistryProperties.java

@@ -64,6 +64,19 @@ public class ContainerRegistryProperties {
 	 */
 	private HttpProxy httpProxy = new HttpProxy();
 
+	/**
+	 * When the `kubectl create secret docker-registry` command is used without explicit docker-server property set
+	 * the later defaults to `https://index.docker.io/v1/` (or to `domain.io`). Those secrets can be used as
+	 * K8s `imagePullSecret` to pull images from Docker Hub but can not be used for SCDF Metadata Container Registry access.
+	 * Later expects a docker-server=registry-1.docker.io instead.
+	 * To be able to reuse docker registry secretes for the purpose of imagePullSecrets and SCDF Container Metadata retrieval.
+	 * by default the `https://index.docker.io/v1/` and `domain.io` docker-server values found in any mounted dockerconfigjson secret
+	 * are replaced by `registry-1.docker.io`.
+	 *
+	 * You can override this behaviour by setting replaceDefaultDockerRegistryServer to false.
+	 */
+	private boolean replaceDefaultDockerRegistryServer = true;
+
 	public static class HttpProxy {
 		private String host = "";
 		private int port = 0;
@@ -125,6 +138,14 @@ public void setOfficialRepositoryNamespace(String officialRepositoryNamespace) {
 		this.officialRepositoryNamespace = officialRepositoryNamespace;
 	}
 
+	public boolean isReplaceDefaultDockerRegistryServer() {
+		return replaceDefaultDockerRegistryServer;
+	}
+
+	public void setReplaceDefaultDockerRegistryServer(boolean replaceDefaultDockerRegistryServer) {
+		this.replaceDefaultDockerRegistryServer = replaceDefaultDockerRegistryServer;
+	}
+
 	@Override
 	public String toString() {
 		return "ContainerRegistryProperties{" +

spring-cloud-dataflow-container-registry/src/main/java/org/springframework/cloud/dataflow/container/registry/authorization/DockerConfigJsonSecretToRegistryConfigurationConverter.java

@@ -49,15 +49,21 @@ public class DockerConfigJsonSecretToRegistryConfigurationConverter implements C
 	private static final Logger logger = LoggerFactory.getLogger(DockerConfigJsonSecretToRegistryConfigurationConverter.class);
 	public static final String BEARER_REALM_ATTRIBUTE = "Bearer realm";
 	public static final String SERVICE_ATTRIBUTE = "service";
+	public static final String HTTPS_INDEX_DOCKER_IO_V_1 = "https://index.docker.io/v1/";
+	public static final String DOCKER_IO = "docker.io";
+	public static final String REGISTRY_1_DOCKER_IO = "registry-1.docker.io";
 
 	//	private final RestTemplate restTemplate;
 	private final ContainerImageRestTemplateFactory containerImageRestTemplate;
 
 	private final Map<String, Boolean> httpProxyPerHost;
 
+	private final boolean replaceDefaultDockerRegistryServer;
+
 	public DockerConfigJsonSecretToRegistryConfigurationConverter(ContainerRegistryProperties properties,
 			ContainerImageRestTemplateFactory containerImageRestTemplate) {
 
+		this.replaceDefaultDockerRegistryServer = properties.isReplaceDefaultDockerRegistryServer();
 		// Retrieve registry configurations, explicitly declared via properties.
 		this.httpProxyPerHost = properties.getRegistryConfigurations().entrySet().stream()
 				.collect(Collectors.toMap(e -> e.getValue().getRegistryHost(), e -> e.getValue().isUseHttpProxy()));
@@ -86,7 +92,7 @@ public Map<String, ContainerRegistryConfiguration> convert(String dockerconfigjs
 				Map<String, ContainerRegistryConfiguration> registryConfigurationMap = new HashMap<>();
 				for (Object registryUrl : authsMap.keySet()) {
 					ContainerRegistryConfiguration rc = new ContainerRegistryConfiguration();
-					rc.setRegistryHost(registryUrl.toString());
+					rc.setRegistryHost(replaceDefaultDockerRegistryServerUrl(registryUrl.toString()));
 					Map registryMap = (Map) authsMap.get(registryUrl.toString());
 					rc.setUser((String) registryMap.get("username"));
 					rc.setSecret((String) registryMap.get("password"));
@@ -120,6 +126,26 @@ public Map<String, ContainerRegistryConfiguration> convert(String dockerconfigjs
 		return Collections.emptyMap();
 	}
 
+	/**
+	 * When the `kubectl create secret docker-registry` command is used without explicit docker-server property set
+	 * the later defaults to `https://index.docker.io/v1/` (or to `domain.io`). Those secrets can be used as
+	 * K8s `imagePullSecret` to pull images from Docker Hub but can not be used for SCDF Metadata Container Registry access.
+	 * Later expects a docker-server=registry-1.docker.io instead.
+	 * To be able to reuse docker registry secretes for the purpose of imagePullSecrets and SCDF Container Metadata retrieval.
+	 * by default the `https://index.docker.io/v1/` and `domain.io` docker-server values found in any mounted dockerconfigjson secret
+	 * are replaced by `registry-1.docker.io`.
+	 *
+	 * You can override this behaviour by setting replaceDefaultDockerRegistryServer to false.
+	 *
+	 * @param dockerConfigJsonRegistryHost Docker-Server property value as extracted from the dockerconfigjson.
+	 * @return If input url is "https://index.docker.io/v1/" or "docker.io" then return "registry-1.docker.io". Otherwise return the input url.
+	 */
+	private String replaceDefaultDockerRegistryServerUrl(String dockerConfigJsonRegistryHost) {
+		return (this.replaceDefaultDockerRegistryServer && (DOCKER_IO.equals(dockerConfigJsonRegistryHost)
+				|| HTTPS_INDEX_DOCKER_IO_V_1.equals(dockerConfigJsonRegistryHost))) ?
+				REGISTRY_1_DOCKER_IO : dockerConfigJsonRegistryHost;
+	}
+
 	/**
 	 * Best effort to construct a valid Docker OAuth2 token authorization uri from the HTTP 401 Error response.
 	 *