def _disabled_test_classic_registry(self, resource_group, location,
storage_account):
registry_name = self.get_resource_name('pyacr')
name_status = self.client.registries.check_name_availability(
registry_name)
self.assertTrue(name_status.name_available)
# Create a classic registry
registry = self.client.registries.create(
resource_group_name=resource_group.name,
registry_name=registry_name,
registry=Registry(location=location,
sku=Sku(name=SkuName.classic),
storage_account=StorageAccountProperties(
id=storage_account.id))).result()
self.assertEqual(registry.name, registry_name)
self.assertEqual(registry.location, location)
self.assertEqual(registry.sku.name, SkuName.classic.value)
self.assertEqual(registry.sku.tier, SkuTier.classic.value)
self.assertEqual(registry.provisioning_state,
ProvisioningState.succeeded.value)
self.assertEqual(registry.admin_user_enabled, False)
self._core_registry_scenario(registry_name, resource_group.name)
def _create_managed_registry(self, registry_name, resource_group_name,
location):
registry = self.client.registries.create(
resource_group_name=resource_group_name,
registry_name=registry_name,
registry=Registry(location=location,
sku=Sku(name=SkuName.managed_premium))).result()
self.assertEqual(registry.name, registry_name)
self.assertEqual(registry.location, location)
self.assertEqual(registry.sku.name, SkuName.managed_premium.value)
self.assertEqual(registry.sku.tier, SkuTier.managed.value)
self.assertEqual(registry.provisioning_state,
ProvisioningState.succeeded.value)
self.assertEqual(registry.admin_user_enabled, False)
self.assertEqual(registry.storage_account, None)
def acr_create(cmd,
client,
registry_name,
resource_group_name,
sku,
location=None,
storage_account_name=None,
admin_enabled=False,
deployment_name=None):
if sku in MANAGED_REGISTRY_SKU and storage_account_name:
raise CLIError(
"Please specify '--sku Basic' without providing an existing storage account "
"to create a managed registry, or specify '--sku Classic --storage-account-name {}' "
"to create a Classic registry using storage account `{}`.".format(
storage_account_name, storage_account_name))
if sku in CLASSIC_REGISTRY_SKU:
logger.warning(
"Due to the planned deprecation of the Classic registry SKU, we recommend using "
"Basic, Standard, or Premium for all new registries. See https://aka.ms/acr/skus for details."
)
if storage_account_name is None:
storage_account_name = random_storage_account_name(
cmd.cli_ctx, registry_name)
logger.warning(
"A new storage account '%s' will be created in resource group '%s'.",
storage_account_name, resource_group_name)
LongRunningOperation(cmd.cli_ctx)(arm_deploy_template_new_storage(
cmd.cli_ctx, resource_group_name, registry_name, location, sku,
storage_account_name, admin_enabled, deployment_name))
else:
LongRunningOperation(
cmd.cli_ctx)(arm_deploy_template_existing_storage(
cmd.cli_ctx, resource_group_name, registry_name, location,
sku, storage_account_name, admin_enabled, deployment_name))
return client.get(resource_group_name, registry_name)
else:
if storage_account_name:
logger.warning(
"The registry '%s' in '%s' SKU is a managed registry. The specified storage account will be ignored.",
registry_name, sku)
registry = Registry(location=location,
sku=Sku(name=sku),
admin_user_enabled=admin_enabled)
return client.create(resource_group_name, registry_name, registry)
def acr_update_custom(instance,
sku=None,
storage_account_name=None,
admin_enabled=None,
tags=None):
if sku is not None:
instance.sku = Sku(name=sku)
if storage_account_name is not None:
instance.storage_account = StorageAccountProperties(
get_resource_id_by_storage_account_name(storage_account_name))
if admin_enabled is not None:
instance.admin_user_enabled = admin_enabled == 'true'
if tags is not None:
instance.tags = tags
return instance
def test_get_docker_credentials(self, mock_requests_get,
mock_requests_post,
mock_get_registry_by_name,
mock_get_refresh_token):
cmd = mock.MagicMock()
cmd.cli_ctx = TestCli()
registry = Registry(location='westus', sku=Sku('Standard'))
registry.login_server = 'testregistry.azurecr.io'
mock_get_registry_by_name.return_value = registry, None
# Set up challenge response
challenge_response = mock.MagicMock()
challenge_response.headers = {
'WWW-Authenticate':
'Bearer realm="https://testregistry.azurecr.io/oauth2/token",service="testregistry.azurecr.io"'
}
challenge_response.status_code = 401
mock_requests_get.return_value = challenge_response
# Set up refresh/access token response
refresh_token_response = mock.MagicMock()
refresh_token_response.headers = {}
refresh_token_response.status_code = 200
refresh_token_response.content = json.dumps({
'refresh_token':
'testrefreshtoken',
'access_token':
'testaccesstoken'
}).encode()
mock_requests_post.return_value = refresh_token_response
# Set up AAD token with both refresh and access tokens
mock_get_refresh_token.return_value = None, 'aadrefreshtoken', 'aadaccesstoken', 'testtenant'
get_login_credentials(cmd.cli_ctx, 'testregistry', None, None, None)
mock_requests_get.assert_called_with(
'https://testregistry.azurecr.io/v2/', verify=mock.ANY)
mock_requests_post.assert_called_with(
'https://testregistry.azurecr.io/oauth2/exchange',
urlencode({
'grant_type': 'access_token_refresh_token',
'service': 'testregistry.azurecr.io',
'tenant': 'testtenant',
'access_token': 'aadaccesstoken',
'refresh_token': 'aadrefreshtoken'
}),
headers={'Content-Type': 'application/x-www-form-urlencoded'},
verify=mock.ANY)
get_access_credentials(cmd.cli_ctx, 'testregistry', None, None, None,
'testrepository')
mock_requests_post.assert_called_with(
'https://testregistry.azurecr.io/oauth2/token',
urlencode({
'grant_type': 'refresh_token',
'service': 'testregistry.azurecr.io',
'scope': 'repository:testrepository:*',
'refresh_token': 'testrefreshtoken'
}),
headers={'Content-Type': 'application/x-www-form-urlencoded'},
verify=mock.ANY)
# Set up AAD token with only access token
mock_get_refresh_token.return_value = None, None, 'aadaccesstoken', 'testtenant'
get_login_credentials(cmd.cli_ctx, 'testregistry', None, None, None)
mock_requests_get.assert_called_with(
'https://testregistry.azurecr.io/v2/', verify=mock.ANY)
mock_requests_post.assert_called_with(
'https://testregistry.azurecr.io/oauth2/exchange',
urlencode({
'grant_type': 'access_token',
'service': 'testregistry.azurecr.io',
'tenant': 'testtenant',
'access_token': 'aadaccesstoken'
}),
headers={'Content-Type': 'application/x-www-form-urlencoded'},
verify=mock.ANY)
get_access_credentials(cmd.cli_ctx, 'testregistry', None, None, None,
'testrepository')
mock_requests_post.assert_called_with(
'https://testregistry.azurecr.io/oauth2/token',
urlencode({
'grant_type': 'refresh_token',
'service': 'testregistry.azurecr.io',
'scope': 'repository:testrepository:*',
'refresh_token': 'testrefreshtoken'
}),
headers={'Content-Type': 'application/x-www-form-urlencoded'},
verify=mock.ANY)
# Set up AAD token with service principal
mock_get_refresh_token.return_value = 'testspid', 'testsppassword', None, 'testtenant'
get_login_credentials(cmd.cli_ctx, 'testregistry', None, None, None)
mock_requests_get.assert_called_with(
'https://testregistry.azurecr.io/v2/', verify=mock.ANY)
mock_requests_post.assert_called_with(
'https://testregistry.azurecr.io/oauth2/exchange',
urlencode({
'grant_type': 'spn',
'service': 'testregistry.azurecr.io',
'tenant': 'testtenant',
'username': '******',
'password': '******'
}),
headers={'Content-Type': 'application/x-www-form-urlencoded'},
verify=mock.ANY)
get_access_credentials(cmd.cli_ctx, 'testregistry', None, None, None,
'testrepository')
mock_requests_post.assert_called_with(
'https://testregistry.azurecr.io/oauth2/token',
urlencode({
'grant_type': 'refresh_token',
'service': 'testregistry.azurecr.io',
'scope': 'repository:testrepository:*',
'refresh_token': 'testrefreshtoken'
}),
headers={'Content-Type': 'application/x-www-form-urlencoded'},
verify=mock.ANY)