Skip to content

Commit

Permalink
Merge pull request #66645 from andyzhangx/automated-cherry-pick-of-#6…
Browse files Browse the repository at this point in the history 
…6429-upstream-release-1.9

Automatic merge from submit-queue.

Automated cherry pick of #66429: fix acr sp access issue

Cherry pick of #66429 on release-1.9.

#66429: fix acr sp access issue

**Release note**:

```
fix issue that pull image failed from a cross-subscription Azure Container Registry
```
  • Loading branch information
Kubernetes Submit Queue authored Sep 2, 2018
2 parents 5b936a4 + ac50220 commit 4f2f68f
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 18 deletions.
36 changes: 21 additions & 15 deletions pkg/credentialprovider/azure/azure_credentials.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@ var flagConfigFile = pflag.String("azure-container-registry-config", "",

const dummyRegistryEmail = "name@contoso.com"

var containerRegistryUrls = []string{"*.azurecr.io", "*.azurecr.cn", "*.azurecr.de", "*.azurecr.us"}

// init registers the various means by which credentials may
// be resolved on Azure.
func init() {
Expand Down Expand Up @@ -111,31 +113,35 @@ func (a *acrProvider) Enabled() bool {
func (a *acrProvider) Provide() credentialprovider.DockerConfig {
cfg := credentialprovider.DockerConfig{}

glog.V(4).Infof("listing registries")
res, err := a.registryClient.List()
if err != nil {
glog.Errorf("Failed to list registries: %v", err)
return cfg
}
if a.config.UseManagedIdentityExtension {
glog.V(4).Infof("listing registries")
res, err := a.registryClient.List()
if err != nil {
glog.Errorf("Failed to list registries: %v", err)
return cfg
}

for ix := range *res.Value {
loginServer := getLoginServer((*res.Value)[ix])
var cred *credentialprovider.DockerConfigEntry
for ix := range *res.Value {
loginServer := getLoginServer((*res.Value)[ix])
glog.V(2).Infof("loginServer: %s", loginServer)
var cred *credentialprovider.DockerConfigEntry

if a.config.UseManagedIdentityExtension {
cred, err = getACRDockerEntryFromARMToken(a, loginServer)
cred, err := getACRDockerEntryFromARMToken(a, loginServer)
if err != nil {
continue
}
} else {
cred = &credentialprovider.DockerConfigEntry{
cfg[loginServer] = *cred
}
} else {
// Add our entry for each of the supported container registry URLs
for _, url := range containerRegistryUrls {
cred := &credentialprovider.DockerConfigEntry{
Username: a.config.AADClientID,
Password: a.config.AADClientSecret,
Email: dummyRegistryEmail,
}
cfg[url] = *cred
}

cfg[loginServer] = *cred
}
return cfg
}
Expand Down
12 changes: 9 additions & 3 deletions pkg/credentialprovider/azure/azure_credentials_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,19 +43,25 @@ func Test(t *testing.T) {
{
Name: to.StringPtr("foo"),
RegistryProperties: &containerregistry.RegistryProperties{
LoginServer: to.StringPtr("foo-microsoft.azurecr.io"),
LoginServer: to.StringPtr("*.azurecr.io"),
},
},
{
Name: to.StringPtr("bar"),
RegistryProperties: &containerregistry.RegistryProperties{
LoginServer: to.StringPtr("bar-microsoft.azurecr.io"),
LoginServer: to.StringPtr("*.azurecr.cn"),
},
},
{
Name: to.StringPtr("baz"),
RegistryProperties: &containerregistry.RegistryProperties{
LoginServer: to.StringPtr("baz-microsoft.azurecr.io"),
LoginServer: to.StringPtr("*.azurecr.de"),
},
},
{
Name: to.StringPtr("bus"),
RegistryProperties: &containerregistry.RegistryProperties{
LoginServer: to.StringPtr("*.azurecr.us"),
},
},
},
Expand Down

0 comments on commit 4f2f68f

Please sign in to comment.