public async Task ImportImageAsync(string registry, string repository, List <string> tags)
{
var credential = new AzureCredentials(
new ServicePrincipalLoginInformation
{
ClientId = TestEnvironment.ClientId,
ClientSecret = TestEnvironment.ClientSecret,
},
TestEnvironment.TenantId,
AzureEnvironment.AzureGlobalCloud);
var managementClient = new ContainerRegistryManagementClient(credential.WithDefaultSubscription(TestEnvironment.SubscriptionId));
managementClient.SubscriptionId = TestEnvironment.SubscriptionId;
var importSource = new ImportSource
{
SourceImage = repository,
RegistryUri = "registry.hub.docker.com"
};
var targetTags = tags.Select(tag => $"{repository}:{tag}");
await managementClient.Registries.ImportImageAsync(
resourceGroupName : TestEnvironment.ResourceGroup,
registryName : registry,
parameters :
new ImportImageParameters
{
Mode = ImportMode.Force,
Source = importSource,
TargetTags = targetTags.ToList()
});
}
public TransferClient(
AzureEnvironmentConfiguration azureEnvironmentConfiguration,
IdentityConfiguration identityConfiguration,
RegistryConfiguration registryConfiguration)
{
_registryConfiguration = registryConfiguration ?? throw new ArgumentNullException(nameof(registryConfiguration));
var env = AzureEnvironment.FromName(azureEnvironmentConfiguration.Name);
if (env == null)
{
env = new AzureEnvironment
{
Name = azureEnvironmentConfiguration.Name,
AuthenticationEndpoint = azureEnvironmentConfiguration.AuthenticationEndpoint,
ManagementEndpoint = azureEnvironmentConfiguration.ManagementEndpoint,
ResourceManagerEndpoint = azureEnvironmentConfiguration.ResourceManagerEndpoint,
GraphEndpoint = azureEnvironmentConfiguration.GraphEndpoint,
KeyVaultSuffix = azureEnvironmentConfiguration.KeyVaultSuffix,
StorageEndpointSuffix = azureEnvironmentConfiguration.StorageEndpointSuffix
};
}
var credential = new AzureCredentials(
new ServicePrincipalLoginInformation
{
ClientId = identityConfiguration.ClientId,
ClientSecret = identityConfiguration.ClientSecret
},
registryConfiguration.TenantId,
env);
_registryClient = new ContainerRegistryManagementClient(credential.WithDefaultSubscription(registryConfiguration.SubscriptionId));
_registryClient.SubscriptionId = registryConfiguration.SubscriptionId;
}
public async Task ImportImage(string tag)
{
var credential = new AzureCredentials(
new ServicePrincipalLoginInformation
{
ClientId = TestEnvironment.ClientId,
ClientSecret = TestEnvironment.ClientSecret,
},
TestEnvironment.TenantId,
AzureEnvironment.AzureGlobalCloud);
var _registryClient = new ContainerRegistryManagementClient(credential.WithDefaultSubscription(TestEnvironment.SubscriptionId));
_registryClient.SubscriptionId = TestEnvironment.SubscriptionId;
var importSource = new ImportSource
{
SourceImage = "library/hello-world",
RegistryUri = "registry.hub.docker.com"
};
await _registryClient.Registries.ImportImageAsync(
resourceGroupName : TestEnvironment.ResourceGroup,
registryName : TestEnvironment.Registry,
parameters :
new ImportImageParameters
{
Mode = ImportMode.Force,
Source = importSource,
TargetTags = new List <string>()
{
$"library/hello-world:{tag}"
}
});
}
public PipelineUtils(ContainerRegistryManagementClient registryClient, WebSiteManagementClient webappClient, String subscriptionID)
{
_registryClient = registryClient;
_registryClient.SubscriptionId = subscriptionID;
_webappClient = webappClient;
_webappClient.SubscriptionId = subscriptionID;
}
public static ContainerRegistryManagementClient GetContainerRegistryManagementClient(MockContext context, RecordedDelegatingHandler handler)
{
handler.IsPassThrough = true;
ContainerRegistryManagementClient client = context.GetServiceClient <ContainerRegistryManagementClient>(handlers: handler);
return(client);
}
public static ScopeMap CreatedContainerRegistryScopeMap(ContainerRegistryManagementClient client, string resourceGroupName, string registryName)
{
return(client.ScopeMaps.Create(
resourceGroupName,
registryName,
TestUtilities.GenerateName("acrscopemap"),
DefaultScopeMapActions
));
}
public static Replication CreatedContainerRegistryReplication(ContainerRegistryManagementClient client, string resourceGroupName, string registryName, string location)
{
return(client.Replications.Create(
resourceGroupName,
registryName,
NormalizeLocation(location),
location,
DefaultTags));
}
public static Token CreatedContainerRegistryToken(ContainerRegistryManagementClient client, string resourceGroupName, string registryName, string scopeMapId)
{
return(client.Tokens.Create(
resourceGroupName,
registryName,
TestUtilities.GenerateName("acrtoken"),
new Token(
scopeMapId: scopeMapId
)
));
}
private static async System.Threading.Tasks.Task DeleteImageAsync(
ContainerRegistryImageDeletedEventData deleteEvent,
AppConfiguration configuration,
ILogger log)
{
// Create the resourceId from the target ACR resourceId string
var targetACRResourceId = ResourceId.FromString(configuration.TargetACRResourceId);
// Create Azure credentials to talk to target Cloud using the Active directory application
var credential = new AzureCredentials(
new ServicePrincipalLoginInformation
{
ClientId = configuration.TargetAzureServicePrincipalClientId,
ClientSecret = configuration.TargetAzureServicePrincipalClientKey
},
configuration.TargetAzureServicePrincipalTenantId,
AzureEnvironment.FromName(configuration.TargetAzureEnvironmentName))
.WithDefaultSubscription(targetACRResourceId.SubscriptionId);
var builder = RestClient
.Configure()
.WithEnvironment(AzureEnvironment.FromName(configuration.TargetAzureEnvironmentName))
.WithCredentials(credential)
.Build();
// Create ACR management client using the Azure credentials
var _registryClient = new ContainerRegistryManagementClient(builder);
_registryClient.SubscriptionId = targetACRResourceId.SubscriptionId;
// Fetch the target ACR properties to identify its login server.
var targetRegistry = await _registryClient.Registries.GetAsync(
resourceGroupName : targetACRResourceId.ResourceGroupName,
registryName : targetACRResourceId.Name) ??
throw new InvalidOperationException($"'{configuration.TargetACRResourceId}' is not found");
// Create ACR data plane client using the Azure credentials
var registryCredentials = new ContainerRegistryCredentials(
ContainerRegistryCredentials.LoginMode.TokenAuth,
targetRegistry.LoginServer,
configuration.TargetAzureServicePrincipalClientId,
configuration.TargetAzureServicePrincipalClientKey);
var client = new AzureContainerRegistryClient(registryCredentials);
// Invoke Delete of the image that is part of the delete event on the target ACR.
await client.Manifests.DeleteAsync(
name : deleteEvent.Target.Repository,
reference : deleteEvent.Target.Digest);
log.LogInformation($"Image '{deleteEvent.Target.Repository}:@{deleteEvent.Target.Digest}' deleted from registry '{configuration.TargetACRResourceId}'");
}
public static Registry CreateManagedContainerRegistry(ContainerRegistryManagementClient client, string resourceGroupName, string location)
{
return(client.Registries.Create(
resourceGroupName,
TestUtilities.GenerateName("acrregistry"),
new Registry
{
Location = location,
Sku = new Sku
{
Name = SkuName.Premium
},
Tags = DefaultTags
}));
}
public static Webhook CreatedContainerRegistryWebhook(ContainerRegistryManagementClient client, string resourceGroupName, string registryName, string location)
{
return(client.Webhooks.Create(
resourceGroupName,
registryName,
TestUtilities.GenerateName("acrwebhook"),
new WebhookCreateParameters
{
Location = location,
ServiceUri = DefaultWebhookServiceUri,
Actions = new List <string>()
{
WebhookAction.Push
},
Tags = DefaultTags
}));
}
public static Registry CreateClassicContainerRegistry(ContainerRegistryManagementClient client, ResourceGroup resourceGroup, StorageAccount storageAccount)
{
return(client.Registries.Create(
resourceGroup.Name,
TestUtilities.GenerateName("acrregistry"),
new Registry
{
Location = resourceGroup.Location,
Sku = new Sku
{
Name = SkuName.Classic
},
StorageAccount = new StorageAccountProperties
{
Id = storageAccount.Id
},
Tags = DefaultTags
}));
}
public static ContainerRegistryManagementClient GetContainerRegistryManagementClient(Options options)
{
var credential = GetAzureCredentials(
options.AzureEnvironment,
options.TenantId,
options.MIClientId,
options.SPClientId,
options.SPClientSecret);
var subscriptionId = options.SubscriptionId;
if (string.IsNullOrWhiteSpace(subscriptionId))
{
throw new ArgumentNullException(nameof(subscriptionId));
}
var registryClient = new ContainerRegistryManagementClient(credential.WithDefaultSubscription(subscriptionId));
registryClient.SubscriptionId = subscriptionId;
return(registryClient);
}
public static ConnectedRegistry CreatedContainerRegistryConnectedRegistry(ContainerRegistryManagementClient client, string resourceGroupName, string registryName, string connectedRegistryName, string tokenId)
{
return(client.ConnectedRegistries.Create(
resourceGroupName,
registryName,
connectedRegistryName,
new ConnectedRegistry(
mode: "ReadWrite",
parent: new ParentProperties(
syncProperties: new SyncProperties(
tokenId: tokenId,
schedule: "0 9 * * *",
messageTtl: XmlConvert.ToTimeSpan("PT48H"),
syncWindow: XmlConvert.ToTimeSpan("PT4H")
)
),
logging: new LoggingProperties(
logLevel: "Information"
)
)
));
}
public AzureUtility(AzureEnvironment environment, string tenantId, string subscriptionId, string miClientId, string spClientId, string spClientSecret)
{
if (string.IsNullOrWhiteSpace(tenantId))
{
throw new ArgumentNullException(nameof(tenantId));
}
if (string.IsNullOrWhiteSpace(subscriptionId))
{
throw new ArgumentNullException(nameof(subscriptionId));
}
if (!string.IsNullOrWhiteSpace(miClientId))
{
credential = new AzureCredentials(
new MSILoginInformation(MSIResourceType.VirtualMachine, miClientId),
environment,
tenantId);
}
else if (!string.IsNullOrWhiteSpace(spClientId) &&
!string.IsNullOrWhiteSpace(spClientSecret))
{
credential = new AzureCredentials(
new ServicePrincipalLoginInformation
{
ClientId = spClientId,
ClientSecret = spClientSecret
},
tenantId,
environment);
}
else
{
throw new ArgumentNullException("No subscription credential");
}
RegistryClient = new ContainerRegistryManagementClient(credential.WithDefaultSubscription(subscriptionId));
RegistryClient.SubscriptionId = subscriptionId;
}
private void ContainerRegistryCoreScenario(ContainerRegistryManagementClient registryClient, ResourceGroup resourceGroup, Registry registry)
{
// Validate the created registry
ContainerRegistryTestUtilities.ValidateResourceDefaultTags(registry);
Assert.NotNull(registry.Sku);
Assert.Equal(SkuName.Premium, registry.Sku.Name);
Assert.Equal(SkuName.Premium, registry.Sku.Tier);
Assert.NotNull(registry.LoginServer);
Assert.NotNull(registry.CreationDate);
Assert.Equal(ProvisioningState.Succeeded, registry.ProvisioningState);
Assert.False(registry.AdminUserEnabled);
// List container registries by resource group
var registriesByResourceGroup = registryClient.Registries.ListByResourceGroup(resourceGroup.Name);
registry = registriesByResourceGroup.First(
r => StringComparer.OrdinalIgnoreCase.Equals(r.Name, registry.Name));
Assert.Single(registriesByResourceGroup);
ContainerRegistryTestUtilities.ValidateResourceDefaultTags(registry);
// Get the container registry
registry = registryClient.Registries.Get(resourceGroup.Name, registry.Name);
ContainerRegistryTestUtilities.ValidateResourceDefaultTags(registry);
// Try to list credentials, should fail when admin user is disabled
try
{
registryClient.Registries.ListCredentials(resourceGroup.Name, registry.Name);
Assert.True(false);
}
catch (CloudException ex)
{
Assert.NotNull(ex);
Assert.Equal(HttpStatusCode.BadRequest, ex.Response.StatusCode);
}
// Update the container registry
registry = registryClient.Registries.Update(resourceGroup.Name, registry.Name, new RegistryUpdateParameters
{
Tags = ContainerRegistryTestUtilities.DefaultNewTags,
AdminUserEnabled = true,
Sku = new Sku
{
Name = SkuName.Basic
}
});
// Validate the updated registry
ContainerRegistryTestUtilities.ValidateResourceDefaultNewTags(registry);
Assert.NotNull(registry.Sku);
Assert.Equal(SkuName.Basic, registry.Sku.Name);
Assert.Equal(SkuName.Basic, registry.Sku.Tier);
Assert.NotNull(registry.LoginServer);
Assert.NotNull(registry.CreationDate);
Assert.Equal(ProvisioningState.Succeeded, registry.ProvisioningState);
Assert.True(registry.AdminUserEnabled);
// List credentials
var credentials = registryClient.Registries.ListCredentials(resourceGroup.Name, registry.Name);
// Validate username and password
Assert.NotNull(credentials);
Assert.NotNull(credentials.Username);
Assert.Equal(2, credentials.Passwords.Count);
var password1 = credentials.Passwords[0].Value;
var password2 = credentials.Passwords[1].Value;
Assert.NotNull(password1);
Assert.NotNull(password2);
// Regenerate credential
credentials = registryClient.Registries.RegenerateCredential(resourceGroup.Name, registry.Name, PasswordName.Password);
// Validate if generated password is different
var newPassword1 = credentials.Passwords[0].Value;
var newPassword2 = credentials.Passwords[1].Value;
Assert.NotEqual(password1, newPassword1);
Assert.Equal(password2, newPassword2);
credentials = registryClient.Registries.RegenerateCredential(resourceGroup.Name, registry.Name, PasswordName.Password2);
// Validate if generated password is different
Assert.Equal(newPassword1, credentials.Passwords[0].Value);
Assert.NotEqual(newPassword2, credentials.Passwords[1].Value);
// Delete the container registry
registryClient.Registries.Delete(resourceGroup.Name, registry.Name);
// Delete the container registry again
registryClient.Registries.Delete(resourceGroup.Name, registry.Name);
}
private static async System.Threading.Tasks.Task ImportImageAsync(
ContainerRegistryImagePushedEventData pushEvent,
AppConfiguration configuration,
ILogger log)
{
// Create the resourceId from the target ACR resourceId string
var targetACRResourceId = ResourceId.FromString(configuration.TargetACRResourceId);
// Create Azure credentials to talk to target Cloud using the Active directory application
var credential = new AzureCredentials(
new ServicePrincipalLoginInformation
{
ClientId = configuration.TargetAzureServicePrincipalClientId,
ClientSecret = configuration.TargetAzureServicePrincipalClientKey
},
configuration.TargetAzureServicePrincipalTenantId,
AzureEnvironment.FromName(configuration.TargetAzureEnvironmentName))
.WithDefaultSubscription(targetACRResourceId.SubscriptionId);
var builder = RestClient
.Configure()
.WithEnvironment(AzureEnvironment.FromName(configuration.TargetAzureEnvironmentName))
.WithCredentials(credential)
.Build();
// Create ACR management client using the Azure credentials
var _registryClient = new ContainerRegistryManagementClient(builder);
_registryClient.SubscriptionId = targetACRResourceId.SubscriptionId;
// Initiate import of the image that is part of the push event into target ACR
// Configure the pull of image from source ACR using the token
var imageTag = $"{pushEvent.Target.Repository}:{pushEvent.Target.Tag}";
var importSource = new ImportSource
{
SourceImage = imageTag,
RegistryUri = pushEvent.Request.Host,
Credentials = new ImportSourceCredentials
{
Username = configuration.SourceACRPullTokenName,
Password = configuration.SourceACRPullTokenPassword,
}
};
await _registryClient.Registries.ImportImageAsync(
resourceGroupName : targetACRResourceId.ResourceGroupName,
registryName : targetACRResourceId.Name,
parameters : new ImportImageParametersInner
{
// Existing Tag will be overwritten with Force option,
// If the desired behavior is to fail the operation instead of overwriting, use ImportMode.NoForce
Mode = ImportMode.Force,
Source = importSource,
TargetTags = new List <string>()
{
imageTag
}
});
log.LogInformation($"Import of '{imageTag}' success to '{configuration.TargetACRResourceId}'");
}
public ContainerRegistryClient(IAzureContext context)
{
_client = AzureSession.Instance.ClientFactory.CreateArmClient <ContainerRegistryManagementClient>(context, AzureEnvironment.Endpoint.ResourceManager);
}
public ExportClient(ContainerRegistryManagementClient registryClient, KeyVaultManagementClient keyVaultClient, Options options)
{
this.registryClient = registryClient;
this.keyVaultClient = keyVaultClient;
this.options = options;
}
