From 6798c64d315c822b3a774a01a92281232b248972 Mon Sep 17 00:00:00 2001 From: Yuan Xi Date: Mon, 1 Mar 2021 11:04:27 -0800 Subject: [PATCH 1/8] provide connection string in installation command --- .../command_modules/acr/connected_registry.py | 28 +++++-------------- 1 file changed, 7 insertions(+), 21 deletions(-) diff --git a/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py b/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py index 2dac6b803a2..b251a84121d 100644 --- a/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py +++ b/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py @@ -394,20 +394,12 @@ def _get_install_info(cmd, registry_name, regenerate_credentials, resource_group_name=None): - registry, resource_group_name = validate_managed_registry( + _, resource_group_name = validate_managed_registry( cmd, registry_name, resource_group_name) connected_registry = acr_connected_registry_show( cmd, client, connected_registry_name, registry_name, resource_group_name) parent_gateway_endpoint = connected_registry.parent.sync_properties.gateway_endpoint - parent_id = connected_registry.parent.id sync_token_name = connected_registry.parent.sync_properties.token_id.split('/tokens/')[1] - if parent_id: - parent = parent_id.split('/connectedRegistries/')[1] - parent = acr_connected_registry_show( - cmd, client, parent, registry_name, resource_group_name) - parent_registry_endpoint = parent.login_server.host - else: - parent_registry_endpoint = registry.login_server connected_registry_login_server = "" @@ -421,10 +413,7 @@ def _get_install_info(cmd, password1=True, password2=True, resource_group_name=resource_group_name) credentials = LongRunningOperation(cmd.cli_ctx)(poller) sync_username = credentials.username - sync_password = { - "password1": credentials.passwords[0].value, - "password2": credentials.passwords[1].value - } + sync_password = credentials.passwords[0].value logger.warning('Please store your generated credentials safely.') else: sync_username = sync_token_name @@ -432,14 +421,11 @@ def _get_install_info(cmd, logger.warning("Value 'ACR_SYNC_TOKEN_USERNAME' has been deprecated and will be removed in a future release." " Use 'ACR_SYNC_TOKEN_NAME' instead.") + connection_string = "ConnectedRegistryName=%s;" % connected_registry_name + \ + "SyncTokenName=%s;SyncTokenPassword=%s;" % (sync_username, sync_password) + \ + "ParentGatewayEndpoint=%s;ParentEndpointProtocol=https" % parent_gateway_endpoint return { - "ACR_REGISTRY_NAME": connected_registry_name, - "ACR_REGISTRY_LOGIN_SERVER": connected_registry_login_server, - "ACR_SYNC_TOKEN_NAME": sync_username, - "ACR_SYNC_TOKEN_USERNAME": sync_username, - "ACR_SYNC_TOKEN_PASSWORD": sync_password, - "ACR_PARENT_GATEWAY_ENDPOINT": parent_gateway_endpoint, - "ACR_PARENT_LOGIN_SERVER": parent_registry_endpoint, - "ACR_PARENT_PROTOCOL": "https" + "ACR_REGISTRY_CONNECTION_STRING": connection_string, + "ACR_REGISTRY_LOGIN_SERVER": connected_registry_login_server } # endregion From 0959be34ac5438c0ead663f05f07b499e001bac2 Mon Sep 17 00:00:00 2001 From: Yuan Xi Date: Tue, 23 Mar 2021 11:06:52 -0700 Subject: [PATCH 2/8] keep old env vars --- .../command_modules/acr/connected_registry.py | 36 +++++++++++++++---- 1 file changed, 29 insertions(+), 7 deletions(-) diff --git a/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py b/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py index b251a84121d..0ac862a44f2 100644 --- a/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py +++ b/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py @@ -394,12 +394,20 @@ def _get_install_info(cmd, registry_name, regenerate_credentials, resource_group_name=None): - _, resource_group_name = validate_managed_registry( + registry, resource_group_name = validate_managed_registry( cmd, registry_name, resource_group_name) connected_registry = acr_connected_registry_show( cmd, client, connected_registry_name, registry_name, resource_group_name) parent_gateway_endpoint = connected_registry.parent.sync_properties.gateway_endpoint + parent_id = connected_registry.parent.id sync_token_name = connected_registry.parent.sync_properties.token_id.split('/tokens/')[1] + if parent_id: + parent = parent_id.split('/connectedRegistries/')[1] + parent = acr_connected_registry_show( + cmd, client, parent, registry_name, resource_group_name) + parent_registry_endpoint = parent.login_server.host + else: + parent_registry_endpoint = registry.login_server connected_registry_login_server = "" @@ -413,19 +421,33 @@ def _get_install_info(cmd, password1=True, password2=True, resource_group_name=resource_group_name) credentials = LongRunningOperation(cmd.cli_ctx)(poller) sync_username = credentials.username - sync_password = credentials.passwords[0].value + sync_password = { + "password1": credentials.passwords[0].value, + "password2": credentials.passwords[1].value + } + connection_string_sync_password = sync_password["password1"] logger.warning('Please store your generated credentials safely.') else: sync_username = sync_token_name sync_password = "" + connection_string_sync_password = sync_password - logger.warning("Value 'ACR_SYNC_TOKEN_USERNAME' has been deprecated and will be removed in a future release." - " Use 'ACR_SYNC_TOKEN_NAME' instead.") + logger.warning("Value 'ACR_REGISTRY_NAME', 'ACR_SYNC_TOKEN_NAME', 'ACR_SYNC_TOKEN_USERNAME', " + "'ACR_SYNC_TOKEN_PASSWORD', 'ACR_PARENT_GATEWAY_ENDPOINT', " + "'ACR_PARENT_LOGIN_SERVER', and 'ACR_PARENT_PROTOCOL' are going to be deprecated and " + "will be removed in a future release. Use 'ACR_REGISTRY_CONNECTION_STRING' instead.") connection_string = "ConnectedRegistryName=%s;" % connected_registry_name + \ - "SyncTokenName=%s;SyncTokenPassword=%s;" % (sync_username, sync_password) + \ + "SyncTokenName=%s;SyncTokenPassword=%s;" % (sync_username, connection_string_sync_password) + \ "ParentGatewayEndpoint=%s;ParentEndpointProtocol=https" % parent_gateway_endpoint return { - "ACR_REGISTRY_CONNECTION_STRING": connection_string, - "ACR_REGISTRY_LOGIN_SERVER": connected_registry_login_server + "ACR_REGISTRY_NAME": connected_registry_name, + "ACR_REGISTRY_LOGIN_SERVER": connected_registry_login_server, + "ACR_SYNC_TOKEN_NAME": sync_username, + "ACR_SYNC_TOKEN_USERNAME": sync_username, + "ACR_SYNC_TOKEN_PASSWORD": sync_password, + "ACR_PARENT_GATEWAY_ENDPOINT": parent_gateway_endpoint, + "ACR_PARENT_LOGIN_SERVER": parent_registry_endpoint, + "ACR_PARENT_PROTOCOL": "https", + "ACR_REGISTRY_CONNECTION_STRING": connection_string } # endregion From 505ad9235c2eaf7493177ca26d7bb3e379ba3109 Mon Sep 17 00:00:00 2001 From: Yuan Xi Date: Mon, 29 Mar 2021 15:42:27 -0700 Subject: [PATCH 3/8] Remove old env vars --- .../command_modules/acr/connected_registry.py | 33 ++++--------------- 1 file changed, 6 insertions(+), 27 deletions(-) diff --git a/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py b/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py index 0ac862a44f2..9b8daaf9275 100644 --- a/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py +++ b/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py @@ -394,20 +394,14 @@ def _get_install_info(cmd, registry_name, regenerate_credentials, resource_group_name=None): - registry, resource_group_name = validate_managed_registry( + _, resource_group_name = validate_managed_registry( cmd, registry_name, resource_group_name) connected_registry = acr_connected_registry_show( cmd, client, connected_registry_name, registry_name, resource_group_name) parent_gateway_endpoint = connected_registry.parent.sync_properties.gateway_endpoint - parent_id = connected_registry.parent.id + if parent_gateway_endpoint is None or parent_gateway_endpoint == '': + parent_gateway_endpoint = "" sync_token_name = connected_registry.parent.sync_properties.token_id.split('/tokens/')[1] - if parent_id: - parent = parent_id.split('/connectedRegistries/')[1] - parent = acr_connected_registry_show( - cmd, client, parent, registry_name, resource_group_name) - parent_registry_endpoint = parent.login_server.host - else: - parent_registry_endpoint = registry.login_server connected_registry_login_server = "" @@ -421,33 +415,18 @@ def _get_install_info(cmd, password1=True, password2=True, resource_group_name=resource_group_name) credentials = LongRunningOperation(cmd.cli_ctx)(poller) sync_username = credentials.username - sync_password = { - "password1": credentials.passwords[0].value, - "password2": credentials.passwords[1].value - } - connection_string_sync_password = sync_password["password1"] + sync_password = credentials.passwords[0].value logger.warning('Please store your generated credentials safely.') else: sync_username = sync_token_name sync_password = "" connection_string_sync_password = sync_password - logger.warning("Value 'ACR_REGISTRY_NAME', 'ACR_SYNC_TOKEN_NAME', 'ACR_SYNC_TOKEN_USERNAME', " - "'ACR_SYNC_TOKEN_PASSWORD', 'ACR_PARENT_GATEWAY_ENDPOINT', " - "'ACR_PARENT_LOGIN_SERVER', and 'ACR_PARENT_PROTOCOL' are going to be deprecated and " - "will be removed in a future release. Use 'ACR_REGISTRY_CONNECTION_STRING' instead.") connection_string = "ConnectedRegistryName=%s;" % connected_registry_name + \ "SyncTokenName=%s;SyncTokenPassword=%s;" % (sync_username, connection_string_sync_password) + \ "ParentGatewayEndpoint=%s;ParentEndpointProtocol=https" % parent_gateway_endpoint return { - "ACR_REGISTRY_NAME": connected_registry_name, - "ACR_REGISTRY_LOGIN_SERVER": connected_registry_login_server, - "ACR_SYNC_TOKEN_NAME": sync_username, - "ACR_SYNC_TOKEN_USERNAME": sync_username, - "ACR_SYNC_TOKEN_PASSWORD": sync_password, - "ACR_PARENT_GATEWAY_ENDPOINT": parent_gateway_endpoint, - "ACR_PARENT_LOGIN_SERVER": parent_registry_endpoint, - "ACR_PARENT_PROTOCOL": "https", - "ACR_REGISTRY_CONNECTION_STRING": connection_string + "ACR_REGISTRY_CONNECTION_STRING": connection_string, + "ACR_REGISTRY_LOGIN_SERVER": connected_registry_login_server } # endregion From 9776d10b3dac10dc72860e2e133494cff4bae0ca Mon Sep 17 00:00:00 2001 From: Yuan Xi Date: Tue, 30 Mar 2021 14:23:49 -0700 Subject: [PATCH 4/8] only rotate password1 --- .../azure/cli/command_modules/acr/connected_registry.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py b/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py index 9b8daaf9275..54f118d4f46 100644 --- a/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py +++ b/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py @@ -412,7 +412,7 @@ def _get_install_info(cmd, cred_client = cf_acr_token_credentials(cmd.cli_ctx) poller = acr_token_credential_generate( cmd, cred_client, registry_name, sync_token_name, - password1=True, password2=True, resource_group_name=resource_group_name) + password1=True, password2=False, resource_group_name=resource_group_name) credentials = LongRunningOperation(cmd.cli_ctx)(poller) sync_username = credentials.username sync_password = credentials.passwords[0].value From 8b5fa579fa90d55f344d54e2338a87a3bbff1ab0 Mon Sep 17 00:00:00 2001 From: Yuan Xi Date: Mon, 5 Apr 2021 12:42:20 -0700 Subject: [PATCH 5/8] parent endpoint protocol --- .../azure/cli/command_modules/acr/connected_registry.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py b/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py index 54f118d4f46..94f073f30f4 100644 --- a/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py +++ b/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py @@ -401,9 +401,13 @@ def _get_install_info(cmd, parent_gateway_endpoint = connected_registry.parent.sync_properties.gateway_endpoint if parent_gateway_endpoint is None or parent_gateway_endpoint == '': parent_gateway_endpoint = "" + if parent_gateway_endpoint.endswith(".data.azurecr.io") or parent_gateway_endpoint.endswith(".data.azurecr-test.io"): + parent_endpoint_protocol = "https" + else: + parent_endpoint_protocol = "" sync_token_name = connected_registry.parent.sync_properties.token_id.split('/tokens/')[1] - connected_registry_login_server = "" if regenerate_credentials: @@ -424,7 +428,7 @@ def _get_install_info(cmd, connection_string = "ConnectedRegistryName=%s;" % connected_registry_name + \ "SyncTokenName=%s;SyncTokenPassword=%s;" % (sync_username, connection_string_sync_password) + \ - "ParentGatewayEndpoint=%s;ParentEndpointProtocol=https" % parent_gateway_endpoint + "ParentGatewayEndpoint=%s;ParentEndpointProtocol=%s" % (parent_gateway_endpoint, parent_endpoint_protocol) return { "ACR_REGISTRY_CONNECTION_STRING": connection_string, "ACR_REGISTRY_LOGIN_SERVER": connected_registry_login_server From f2c84b03aba9efa3a8fd572ff6e6f65316d882c8 Mon Sep 17 00:00:00 2001 From: Yuan Xi Date: Mon, 5 Apr 2021 14:03:49 -0700 Subject: [PATCH 6/8] fix style --- .../azure/cli/command_modules/acr/connected_registry.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py b/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py index 94f073f30f4..894de7dbcc4 100644 --- a/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py +++ b/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py @@ -401,7 +401,8 @@ def _get_install_info(cmd, parent_gateway_endpoint = connected_registry.parent.sync_properties.gateway_endpoint if parent_gateway_endpoint is None or parent_gateway_endpoint == '': parent_gateway_endpoint = "" - if parent_gateway_endpoint.endswith(".data.azurecr.io") or parent_gateway_endpoint.endswith(".data.azurecr-test.io"): + if parent_gateway_endpoint.endswith(".data.azurecr.io") \ + or parent_gateway_endpoint.endswith(".data.azurecr-test.io"): parent_endpoint_protocol = "https" else: parent_endpoint_protocol = "" From 9864896c964b60dde32282ad3ec43ca9d6b3f7bc Mon Sep 17 00:00:00 2001 From: Yuan Xi Date: Mon, 5 Apr 2021 15:06:48 -0700 Subject: [PATCH 7/8] fix parent checker --- .../azure/cli/command_modules/acr/connected_registry.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py b/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py index 894de7dbcc4..36c27e05800 100644 --- a/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py +++ b/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py @@ -401,8 +401,8 @@ def _get_install_info(cmd, parent_gateway_endpoint = connected_registry.parent.sync_properties.gateway_endpoint if parent_gateway_endpoint is None or parent_gateway_endpoint == '': parent_gateway_endpoint = "" - if parent_gateway_endpoint.endswith(".data.azurecr.io") \ - or parent_gateway_endpoint.endswith(".data.azurecr-test.io"): + parent_id = connected_registry.parent.id + if parent_id: parent_endpoint_protocol = "https" else: parent_endpoint_protocol = "" @@ -425,10 +425,9 @@ def _get_install_info(cmd, else: sync_username = sync_token_name sync_password = "" - connection_string_sync_password = sync_password connection_string = "ConnectedRegistryName=%s;" % connected_registry_name + \ - "SyncTokenName=%s;SyncTokenPassword=%s;" % (sync_username, connection_string_sync_password) + \ + "SyncTokenName=%s;SyncTokenPassword=%s;" % (sync_username, sync_password) + \ "ParentGatewayEndpoint=%s;ParentEndpointProtocol=%s" % (parent_gateway_endpoint, parent_endpoint_protocol) return { "ACR_REGISTRY_CONNECTION_STRING": connection_string, From 1113e621257c9b55b748571139811ae1a253c2e8 Mon Sep 17 00:00:00 2001 From: Yuan Xi Date: Mon, 5 Apr 2021 17:08:10 -0700 Subject: [PATCH 8/8] fix parent_id checking --- .../azure/cli/command_modules/acr/connected_registry.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py b/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py index 36c27e05800..0ebc47fd64a 100644 --- a/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py +++ b/src/azure-cli/azure/cli/command_modules/acr/connected_registry.py @@ -402,10 +402,12 @@ def _get_install_info(cmd, if parent_gateway_endpoint is None or parent_gateway_endpoint == '': parent_gateway_endpoint = "" parent_id = connected_registry.parent.id + # if parent_id is not none, parent is a connected registry if parent_id: - parent_endpoint_protocol = "https" - else: parent_endpoint_protocol = "" + # if parent_id is none, parent is a cloud registry + else: + parent_endpoint_protocol = "https" sync_token_name = connected_registry.parent.sync_properties.token_id.split('/tokens/')[1] connected_registry_login_server = "