Skip to content

Commit

Permalink
fix acr sp access issue
Browse files Browse the repository at this point in the history
  • Loading branch information
@andyzhangx
andyzhangx committed Jul 26, 2018
1 parent 017beba commit ac50220
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 18 deletions.
36 changes: 21 additions & 15 deletions pkg/credentialprovider/azure/azure_credentials.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@ var flagConfigFile = pflag.String("azure-container-registry-config", "",

const dummyRegistryEmail = "name@contoso.com"

var containerRegistryUrls = []string{"*.azurecr.io", "*.azurecr.cn", "*.azurecr.de", "*.azurecr.us"}

// init registers the various means by which credentials may
// be resolved on Azure.
func init() {
Expand Down Expand Up @@ -111,31 +113,35 @@ func (a *acrProvider) Enabled() bool {
func (a *acrProvider) Provide() credentialprovider.DockerConfig {
cfg := credentialprovider.DockerConfig{}

glog.V(4).Infof("listing registries")
res, err := a.registryClient.List()
if err != nil {
glog.Errorf("Failed to list registries: %v", err)
return cfg
}
if a.config.UseManagedIdentityExtension {
glog.V(4).Infof("listing registries")
res, err := a.registryClient.List()
if err != nil {
glog.Errorf("Failed to list registries: %v", err)
return cfg
}

for ix := range *res.Value {
loginServer := getLoginServer((*res.Value)[ix])
var cred *credentialprovider.DockerConfigEntry
for ix := range *res.Value {
loginServer := getLoginServer((*res.Value)[ix])
glog.V(2).Infof("loginServer: %s", loginServer)
var cred *credentialprovider.DockerConfigEntry

if a.config.UseManagedIdentityExtension {
cred, err = getACRDockerEntryFromARMToken(a, loginServer)
cred, err := getACRDockerEntryFromARMToken(a, loginServer)
if err != nil {
continue
}
} else {
cred = &credentialprovider.DockerConfigEntry{
cfg[loginServer] = *cred
}
} else {
// Add our entry for each of the supported container registry URLs
for _, url := range containerRegistryUrls {
cred := &credentialprovider.DockerConfigEntry{
Username: a.config.AADClientID,
Password: a.config.AADClientSecret,
Email: dummyRegistryEmail,
}
cfg[url] = *cred
}

cfg[loginServer] = *cred
}
return cfg
}
Expand Down
12 changes: 9 additions & 3 deletions pkg/credentialprovider/azure/azure_credentials_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,19 +43,25 @@ func Test(t *testing.T) {
{
Name: to.StringPtr("foo"),
RegistryProperties: &containerregistry.RegistryProperties{
LoginServer: to.StringPtr("foo-microsoft.azurecr.io"),
LoginServer: to.StringPtr("*.azurecr.io"),
},
},
{
Name: to.StringPtr("bar"),
RegistryProperties: &containerregistry.RegistryProperties{
LoginServer: to.StringPtr("bar-microsoft.azurecr.io"),
LoginServer: to.StringPtr("*.azurecr.cn"),
},
},
{
Name: to.StringPtr("baz"),
RegistryProperties: &containerregistry.RegistryProperties{
LoginServer: to.StringPtr("baz-microsoft.azurecr.io"),
LoginServer: to.StringPtr("*.azurecr.de"),
},
},
{
Name: to.StringPtr("bus"),
RegistryProperties: &containerregistry.RegistryProperties{
LoginServer: to.StringPtr("*.azurecr.us"),
},
},
},
Expand Down

0 comments on commit ac50220

Please sign in to comment.