From ac50220a9fbdc4d1b25e97e9ff7a1a6951c0e5f7 Mon Sep 17 00:00:00 2001 From: andyzhangx Date: Fri, 20 Jul 2018 08:39:31 +0000 Subject: [PATCH] fix acr sp access issue --- .../azure/azure_credentials.go | 36 +++++++++++-------- .../azure/azure_credentials_test.go | 12 +++++-- 2 files changed, 30 insertions(+), 18 deletions(-) diff --git a/pkg/credentialprovider/azure/azure_credentials.go b/pkg/credentialprovider/azure/azure_credentials.go index ff251497ce30f..6fe58e8e0e8c8 100644 --- a/pkg/credentialprovider/azure/azure_credentials.go +++ b/pkg/credentialprovider/azure/azure_credentials.go @@ -36,6 +36,8 @@ var flagConfigFile = pflag.String("azure-container-registry-config", "", const dummyRegistryEmail = "name@contoso.com" +var containerRegistryUrls = []string{"*.azurecr.io", "*.azurecr.cn", "*.azurecr.de", "*.azurecr.us"} + // init registers the various means by which credentials may // be resolved on Azure. func init() { @@ -111,31 +113,35 @@ func (a *acrProvider) Enabled() bool { func (a *acrProvider) Provide() credentialprovider.DockerConfig { cfg := credentialprovider.DockerConfig{} - glog.V(4).Infof("listing registries") - res, err := a.registryClient.List() - if err != nil { - glog.Errorf("Failed to list registries: %v", err) - return cfg - } + if a.config.UseManagedIdentityExtension { + glog.V(4).Infof("listing registries") + res, err := a.registryClient.List() + if err != nil { + glog.Errorf("Failed to list registries: %v", err) + return cfg + } - for ix := range *res.Value { - loginServer := getLoginServer((*res.Value)[ix]) - var cred *credentialprovider.DockerConfigEntry + for ix := range *res.Value { + loginServer := getLoginServer((*res.Value)[ix]) + glog.V(2).Infof("loginServer: %s", loginServer) + var cred *credentialprovider.DockerConfigEntry - if a.config.UseManagedIdentityExtension { - cred, err = getACRDockerEntryFromARMToken(a, loginServer) + cred, err := getACRDockerEntryFromARMToken(a, loginServer) if err != nil { continue } - } else { - cred = &credentialprovider.DockerConfigEntry{ + cfg[loginServer] = *cred + } + } else { + // Add our entry for each of the supported container registry URLs + for _, url := range containerRegistryUrls { + cred := &credentialprovider.DockerConfigEntry{ Username: a.config.AADClientID, Password: a.config.AADClientSecret, Email: dummyRegistryEmail, } + cfg[url] = *cred } - - cfg[loginServer] = *cred } return cfg } diff --git a/pkg/credentialprovider/azure/azure_credentials_test.go b/pkg/credentialprovider/azure/azure_credentials_test.go index 9d966fe6be54c..3487e07af6169 100644 --- a/pkg/credentialprovider/azure/azure_credentials_test.go +++ b/pkg/credentialprovider/azure/azure_credentials_test.go @@ -43,19 +43,25 @@ func Test(t *testing.T) { { Name: to.StringPtr("foo"), RegistryProperties: &containerregistry.RegistryProperties{ - LoginServer: to.StringPtr("foo-microsoft.azurecr.io"), + LoginServer: to.StringPtr("*.azurecr.io"), }, }, { Name: to.StringPtr("bar"), RegistryProperties: &containerregistry.RegistryProperties{ - LoginServer: to.StringPtr("bar-microsoft.azurecr.io"), + LoginServer: to.StringPtr("*.azurecr.cn"), }, }, { Name: to.StringPtr("baz"), RegistryProperties: &containerregistry.RegistryProperties{ - LoginServer: to.StringPtr("baz-microsoft.azurecr.io"), + LoginServer: to.StringPtr("*.azurecr.de"), + }, + }, + { + Name: to.StringPtr("bus"), + RegistryProperties: &containerregistry.RegistryProperties{ + LoginServer: to.StringPtr("*.azurecr.us"), }, }, },