[DRAFT][ACR] Add managed identity support for ACR cache rules#32967
Draft
[DRAFT][ACR] Add managed identity support for ACR cache rules#32967
Conversation
|
Validation for Azure CLI Full Test Starting...
Thanks for your contribution! |
|
Validation for Breaking Change Starting...
Thanks for your contribution! |
Collaborator
|
Thank you for your contribution! We will review the pull request and get back to you soon. |
|
The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR. Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions). pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>
|
microsoft-github-policy-service
bot
requested review from
northtyphoon,
terencet-dev,
wangzelin007,
yonzhan and
zhoxing-ms
microsoft-github-policy-service
bot
added
the
Managed Identity
Contributor
There was a problem hiding this comment.
Pull request overview
Adds managed identity support for az acr cache create / az acr cache update by vendoring a newer Container Registry management SDK (2026-01-01-preview) and wiring --identity through to cache rule create/update, along with scenario test coverage.
Changes:
- Vendor Container Registry 2026-01-01-preview SDK (generated client/models/operations + example payloads).
- Add
--identityparameter + validation foracr cachecommands and update cache rule request construction. - Add a live test scenario for managed identity cache rule create/show/update.
Reviewed changes
Copilot reviewed 97 out of 120 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| src/azure-cli/azure/cli/command_modules/acr/_client_factory.py | Switch cache client factory to vendored 2026-01-01-preview SDK client. |
| src/azure-cli/azure/cli/command_modules/acr/_constants.py | Add user-assigned identity resource ID template constant. |
| src/azure-cli/azure/cli/command_modules/acr/_params.py | Add --identity argument for acr cache commands. |
| src/azure-cli/azure/cli/command_modules/acr/_validators.py | Add cache credential/identity validation helper. |
| src/azure-cli/azure/cli/command_modules/acr/cache.py | Implement cache rule create/update support for managed identity using vendored SDK models. |
| src/azure-cli/azure/cli/command_modules/acr/tests/latest/test_acr_commands.py | Add managed identity cache rule scenario test. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/readme.md | Autorest generation configuration for the vendored SDK. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/generated/container_registry_management_client/py.typed | PEP 561 typing marker for vendored SDK package. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/generated/container_registry_management_client/init.py | Vendored SDK package init wiring + patch hook. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/generated/container_registry_management_client/_client.py | Sync vendored management client (generated). |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/generated/container_registry_management_client/_configuration.py | Sync client configuration (generated). |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/generated/container_registry_management_client/_patch.py | Generated customization hook for SDK. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/generated/container_registry_management_client/_utils/init.py | Generated utils package marker. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/generated/container_registry_management_client/models/_patch.py | Generated model customization hook. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/generated/container_registry_management_client/operations/init.py | Sync operations package init (generated). |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/generated/container_registry_management_client/operations/_patch.py | Generated operations customization hook. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/generated/container_registry_management_client/aio/init.py | Async vendored SDK package init (generated). |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/generated/container_registry_management_client/aio/_client.py | Async vendored management client (generated). |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/generated/container_registry_management_client/aio/_configuration.py | Async client configuration (generated). |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/generated/container_registry_management_client/aio/_patch.py | Generated async customization hook. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/generated/container_registry_management_client/aio/operations/init.py | Async operations package init (generated). |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/generated/container_registry_management_client/aio/operations/_patch.py | Generated async operations customization hook. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ArchiveCreate.json | Vendored REST example payload for Archives_Create. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ArchiveDelete.json | Vendored REST example payload for Archives_Delete. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ArchiveGet.json | Vendored REST example payload for Archives_Get. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ArchiveList.json | Vendored REST example payload for Archives_List. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ArchiveUpdate.json | Vendored REST example payload for Archives_Update. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ArchiveVersionCreate.json | Vendored REST example payload for ArchiveVersions_Create. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ArchiveVersionDelete.json | Vendored REST example payload for ArchiveVersions_Delete. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ArchiveVersionGet.json | Vendored REST example payload for ArchiveVersions_Get. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ArchiveVersionList.json | Vendored REST example payload for ArchiveVersions_List. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/CacheRuleCreate.json | Vendored REST example payload for CacheRules_Create (credential set). |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/CacheRuleCreateUserAssignedMIAuthentication.json | Vendored REST example payload for CacheRules_Create (managed identity). |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/CacheRuleDelete.json | Vendored REST example payload for CacheRules_Delete. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/CacheRuleGet.json | Vendored REST example payload for CacheRules_Get. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/CacheRuleList.json | Vendored REST example payload for CacheRules_List. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/CacheRuleUpdate.json | Vendored REST example payload for CacheRules_Update. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ConnectedRegistryCreate.json | Vendored REST example payload for ConnectedRegistries_Create. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ConnectedRegistryDeactivate.json | Vendored REST example payload for ConnectedRegistries_Deactivate. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ConnectedRegistryDelete.json | Vendored REST example payload for ConnectedRegistries_Delete. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ConnectedRegistryGet.json | Vendored REST example payload for ConnectedRegistries_Get. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ConnectedRegistryList.json | Vendored REST example payload for ConnectedRegistries_List. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ConnectedRegistryResync.json | Vendored REST example payload for ConnectedRegistries_Resync. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ConnectedRegistryUpdate.json | Vendored REST example payload for ConnectedRegistries_Update. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/CredentialSetCreate.json | Vendored REST example payload for CredentialSets_Create. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/CredentialSetDelete.json | Vendored REST example payload for CredentialSets_Delete. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/CredentialSetGet.json | Vendored REST example payload for CredentialSets_Get. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/CredentialSetList.json | Vendored REST example payload for CredentialSets_List. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/CredentialSetUpdate.json | Vendored REST example payload for CredentialSets_Update. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ExportPipelineCreate.json | Vendored REST example payload for ExportPipelines_Create. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ExportPipelineDelete.json | Vendored REST example payload for ExportPipelines_Delete. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ExportPipelineGet.json | Vendored REST example payload for ExportPipelines_Get. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ExportPipelineList.json | Vendored REST example payload for ExportPipelines_List. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ImportImageByManifestDigest.json | Vendored REST example payload for Registries_ImportImage (digest). |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ImportImageByTag.json | Vendored REST example payload for Registries_ImportImage (tag). |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ImportImageFromPublicRegistry.json | Vendored REST example payload for Registries_ImportImage (public). |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ImportPipelineCreate.json | Vendored REST example payload for ImportPipelines_Create. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ImportPipelineDelete.json | Vendored REST example payload for ImportPipelines_Delete. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ImportPipelineGet.json | Vendored REST example payload for ImportPipelines_Get. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ImportPipelineList.json | Vendored REST example payload for ImportPipelines_List. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/OperationList.json | Vendored REST example payload for Operations_List. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/PipelineRunCreate_Export.json | Vendored REST example payload for PipelineRuns_Create (export). |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/PipelineRunCreate_Import.json | Vendored REST example payload for PipelineRuns_Create (import). |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/PipelineRunDelete.json | Vendored REST example payload for PipelineRuns_Delete. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/PipelineRunGet.json | Vendored REST example payload for PipelineRuns_Get. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/PipelineRunList.json | Vendored REST example payload for PipelineRuns_List. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/PrivateEndpointConnectionCreateOrUpdate.json | Vendored REST example payload for PrivateEndpointConnections_CreateOrUpdate. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/PrivateEndpointConnectionDelete.json | Vendored REST example payload for PrivateEndpointConnections_Delete. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/PrivateEndpointConnectionGet.json | Vendored REST example payload for PrivateEndpointConnections_Get. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/PrivateEndpointConnectionList.json | Vendored REST example payload for PrivateEndpointConnections_List. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/RegistryCheckNameAvailable.json | Vendored REST example payload for Registries_CheckNameAvailability (available). |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/RegistryCheckNameNotAvailable.json | Vendored REST example payload for Registries_CheckNameAvailability (unavailable). |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/RegistryCreate.json | Vendored REST example payload for Registries_Create. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/RegistryCreateAbac.json | Vendored REST example payload for Registries_Create (ABAC mode). |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/RegistryCreateDomainNameLabelScope.json | Vendored REST example payload for Registries_Create (DNL scope). |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/RegistryCreateZoneRedundant.json | Vendored REST example payload for Registries_Create (zone redundant). |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/RegistryDelete.json | Vendored REST example payload for Registries_Delete. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/RegistryGenerateCredentials.json | Vendored REST example payload for Registries_GenerateCredentials. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/RegistryGet.json | Vendored REST example payload for Registries_Get. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/RegistryGetPrivateLinkResource.json | Vendored REST example payload for Registries_GetPrivateLinkResource. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/RegistryList.json | Vendored REST example payload for Registries_List. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/RegistryListByResourceGroup.json | Vendored REST example payload for Registries_ListByResourceGroup. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/RegistryListCredentials.json | Vendored REST example payload for Registries_ListCredentials. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/RegistryListPrivateLinkResources.json | Vendored REST example payload for Registries_ListPrivateLinkResources. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/RegistryListUsages.json | Vendored REST example payload for Registries_ListUsages. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/RegistryRegenerateCredential.json | Vendored REST example payload for Registries_RegenerateCredential. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/RegistryUpdate.json | Vendored REST example payload for Registries_Update. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ReplicationCreate.json | Vendored REST example payload for Replications_Create. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ReplicationCreateZoneRedundant.json | Vendored REST example payload for Replications_Create (zone redundant). |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ReplicationDelete.json | Vendored REST example payload for Replications_Delete. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ReplicationGet.json | Vendored REST example payload for Replications_Get. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ReplicationList.json | Vendored REST example payload for Replications_List. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ReplicationUpdate.json | Vendored REST example payload for Replications_Update. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ScopeMapCreate.json | Vendored REST example payload for ScopeMaps_Create. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ScopeMapDelete.json | Vendored REST example payload for ScopeMaps_Delete. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ScopeMapGet.json | Vendored REST example payload for ScopeMaps_Get. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ScopeMapList.json | Vendored REST example payload for ScopeMaps_List. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/ScopeMapUpdate.json | Vendored REST example payload for ScopeMaps_Update. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/TokenCreate.json | Vendored REST example payload for Tokens_Create. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/TokenDelete.json | Vendored REST example payload for Tokens_Delete. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/TokenGet.json | Vendored REST example payload for Tokens_Get. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/TokenList.json | Vendored REST example payload for Tokens_List. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/WebhookCreate.json | Vendored REST example payload for Webhooks_Create. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/WebhookDelete.json | Vendored REST example payload for Webhooks_Delete. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/WebhookGet.json | Vendored REST example payload for Webhooks_Get. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/WebhookGetCallbackConfig.json | Vendored REST example payload for Webhooks_GetCallbackConfig. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/WebhookList.json | Vendored REST example payload for Webhooks_List. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/WebhookListEvents.json | Vendored REST example payload for Webhooks_ListEvents. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/WebhookPing.json | Vendored REST example payload for Webhooks_Ping. |
| src/azure-cli/azure/cli/vendored_sdks/containerregistry/v2026_01_01_preview/examples/WebhookUpdate.json | Vendored REST example payload for Webhooks_Update. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+120
to
+142
| # Check if any update parameters are provided | ||
| has_cred_update = cred_set is not None or remove_cred_set | ||
| has_identity_update = identity is not None | ||
|
|
||
| if not has_cred_update and not has_identity_update: | ||
| raise InvalidArgumentValueError("You must provide at least one parameter to update (credential set, identity, or removal flag).") | ||
|
|
||
| # Handle credential set updates | ||
| if has_cred_update: | ||
| if remove_cred_set: | ||
| cred_set_id = AzureCoreNull | ||
| else: | ||
| sub_id = get_subscription_id(cmd.cli_ctx) | ||
| rg = get_resource_group_name_by_registry_name(cmd.cli_ctx, registry_name, resource_group_name) | ||
| # Format the credential set ID using subscription ID, resource group, registry name, and credential set name | ||
| cred_set_id = CREDENTIAL_SET_RESOURCE_ID_TEMPLATE.format( | ||
| sub_id=sub_id, | ||
| rg=rg, | ||
| reg_name=registry_name, | ||
| cred_set_name=cred_set | ||
| ) | ||
| instance.credential_set_resource_id = cred_set_id | ||
|
|
Comment on lines
+198
to
+211
| """Validate cache credential options - allow both --identity and --cred-set, but --remove-cred-set is exclusive.""" | ||
| has_identity = namespace.identity is not None | ||
| has_cred_set = namespace.cred_set is not None | ||
| has_remove_cred_set = getattr(namespace, 'remove_cred_set', False) | ||
|
|
||
| if has_remove_cred_set and (has_identity or has_cred_set): | ||
| raise InvalidArgumentValueError( | ||
| "Cannot specify --remove-cred-set with other credential options. Use --remove-cred-set alone to remove credentials." | ||
| ) | ||
|
|
||
| # Validate identity format if provided | ||
| if has_identity: | ||
| identity_pattern = r'^/subscriptions/[^/]+/resource[Gg]roups/[^/]+/providers/Microsoft\.ManagedIdentity/userAssignedIdentities/[^/]+$' | ||
|
|
Comment on lines
254
to
+262
| with self.argument_context('acr cache') as c: | ||
| c.argument('registry_name', options_list=['--registry', '-r']) | ||
| c.argument('name', options_list=['--name', '-n'], help='The name of the cache rule.') | ||
| c.argument('cred_set', options_list=['--cred-set', '-c'], help='The name of the credential set.') | ||
| c.argument('source_repo', options_list=['--source-repo', '-s'], help="The full source repository path such as 'docker.io/library/ubuntu'.") | ||
| c.argument('target_repo', options_list=['--target-repo', '-t'], help="The target repository namespace such as 'ubuntu'.") | ||
| c.argument('remove_cred_set', action="store_true", help='Optional boolean indicating whether to remove the credential set from the cache rule. False by default.') | ||
| c.argument('identity', options_list=['--identity'], validator=validate_cache_credentials, | ||
| help='User-assigned managed identity resource ID for ACR to authenticate with the upstream registry. Format: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. Cannot be used with --cred-set.') |
Comment on lines
+310
to
+322
| self.check('identity.type', 'UserAssigned')]) | ||
|
|
||
| # Test cache show includes identity | ||
| self.cmd('acr cache show -n {cr_name} -r {registry_name} -g {rg}', | ||
| checks=[self.check('name', '{cr_name}'), | ||
| self.check('provisioningState', 'Succeeded'), | ||
| self.check('identity.type', 'UserAssigned')]) | ||
|
|
||
| # Test cache update with different managed identity | ||
| self.cmd('acr cache update -n {cr_name} -r {registry_name} --identity {identity_id2}', | ||
| checks=[self.check('name', '{cr_name}'), | ||
| self.check('provisioningState', 'Succeeded'), | ||
| self.check('identity.type', 'UserAssigned')]) |
Comment on lines
+37
to
+43
| } | ||
| }, | ||
| "properties": { | ||
| "sourceRepository": "acr-registry.azurecr.io/library/repository", | ||
| "targetRepository": "cached-acr/hello-world", | ||
| "creationDate": "2022-11-07T18:20:33.8374968+00:00", | ||
| "provisioningState": "Succeeded" |
Comment on lines
+26
to
+31
| "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.ContainerRegistry/registries/myRegistry/packages/rpm/archives/myArchiveName/versions/myArchiveVersionName/operationStatuses/archoveversion-00000000-0000-0000-0000-000000000000?api-version=2023-01-01-preview" | ||
| }, | ||
| "body": { | ||
| "type": "Microsoft.ContainerRegistry/registries/packages/archives/versions", | ||
| "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.ContainerRegistry/registries/myRegistry/packages/rpm/archives/myArchiveName/versions/myArchiveVersionName", | ||
| "name": "myCacheRule", |
mabelegba
changed the title
mabelegba
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Related command
az acr cache create,az acr cache updatenew parameter: --identityDescription
This PR adds managed identity support for Azure Container Registry cache rules as an alternative authentication method to credential sets. Users can now authenticate cache rules with upstream registries using user-assigned managed identities instead of storing credentials in Azure Key Vault.
Changes made:
--identityparameter toaz acr cache createandaz acr cache updatecommandsTesting Guide
Prerequisites: Create two ACR registries (source and target)
az acr create -n sourceregistry -g myResourceGroup --sku Standard -l eastusaz acr create -n targetregistry -g myResourceGroup --sku Standard -l eastusImport a test image to the source registry
az acr import -n sourceregistry --source mcr.microsoft.com/dotnet/runtime-deps:8.0Create a user-assigned managed identity
az identity create -n cache-identity -g myResourceGroup -l eastusGet the identity resource ID
IDENTITY_ID=$(az identity show -n cache-identity -g myResourceGroup --query id -o tsv)Create cache rule with managed identity
az acr cache create -r targetregistry -n dotnet-cache -s sourceregistry.azurecr.io/dotnet/runtime-deps -t dotnet-runtime-deps --identity $IDENTITY_IDUpdate cache rule to use different managed identity
az identity create -n cache-identity2 -g myResourceGroup -l eastusIDENTITY_ID2=$(az identity show -n cache-identity2 -g myResourceGroup --query id -o tsv)az acr cache update -r targetregistry -n dotnet-cache --identity $IDENTITY_ID2Verify the cache rule shows managed identity configuration
az acr cache show -r targetregistry -n dotnet-cacheHistory Notes
[Component Name 1] BREAKING CHANGE:
az command a: Make some customer-facing breaking change[Component Name 2]
az command b: Add some customer-facing featureThis checklist is used to make sure that common guidelines for a pull request are followed.
The PR title and description has followed the guideline in Submitting Pull Requests.
I adhere to the Command Guidelines.
I adhere to the Error Handling Guidelines.