From a7e328c211262cda99ec1324a846b2ee30ee9a0a Mon Sep 17 00:00:00 2001
From: andyzhangx <xiazhang@microsoft.com>
Date: Fri, 20 Jul 2018 08:39:31 +0000
Subject: [PATCH] fix acr sp access issue

---
 .../azure/azure_credentials.go                | 36 ++++++++++---------
 .../azure/azure_credentials_test.go           | 12 +++++--
 2 files changed, 29 insertions(+), 19 deletions(-)

diff --git a/pkg/credentialprovider/azure/azure_credentials.go b/pkg/credentialprovider/azure/azure_credentials.go
index 7f698beacd..ffeab5ea5a 100644
--- a/pkg/credentialprovider/azure/azure_credentials.go
+++ b/pkg/credentialprovider/azure/azure_credentials.go
@@ -40,6 +40,8 @@ var flagConfigFile = pflag.String("azure-container-registry-config", "",
 
 const dummyRegistryEmail = "name@contoso.com"
 
+var containerRegistryUrls = []string{"*.azurecr.io", "*.azurecr.cn", "*.azurecr.de", "*.azurecr.us"}
+
 // init registers the various means by which credentials may
 // be resolved on Azure.
 func init() {
@@ -176,31 +178,33 @@ func (a *acrProvider) Provide() credentialprovider.DockerConfig {
 	ctx, cancel := getContextWithCancel()
 	defer cancel()
 
-	glog.V(4).Infof("listing registries")
-	result, err := a.registryClient.List(ctx)
-	if err != nil {
-		glog.Errorf("Failed to list registries: %v", err)
-		return cfg
-	}
+	if a.config.UseManagedIdentityExtension {
+		glog.V(4).Infof("listing registries")
+		result, err := a.registryClient.List(ctx)
+		if err != nil {
+			glog.Errorf("Failed to list registries: %v", err)
+			return cfg
+		}
 
-	for ix := range result {
-		loginServer := getLoginServer(result[ix])
-		var cred *credentialprovider.DockerConfigEntry
-
-		if a.config.UseManagedIdentityExtension {
-			cred, err = getACRDockerEntryFromARMToken(a, loginServer)
+		for ix := range result {
+			loginServer := getLoginServer(result[ix])
+			glog.V(2).Infof("loginServer: %s", loginServer)
+			cred, err := getACRDockerEntryFromARMToken(a, loginServer)
 			if err != nil {
 				continue
 			}
-		} else {
-			cred = &credentialprovider.DockerConfigEntry{
+			cfg[loginServer] = *cred
+		}
+	} else {
+		// Add our entry for each of the supported container registry URLs
+		for _, url := range containerRegistryUrls {
+			cred := &credentialprovider.DockerConfigEntry{
 				Username: a.config.AADClientID,
 				Password: a.config.AADClientSecret,
 				Email:    dummyRegistryEmail,
 			}
+			cfg[url] = *cred
 		}
-
-		cfg[loginServer] = *cred
 	}
 	return cfg
 }
diff --git a/pkg/credentialprovider/azure/azure_credentials_test.go b/pkg/credentialprovider/azure/azure_credentials_test.go
index 4465e89c9f..d0201f0a47 100644
--- a/pkg/credentialprovider/azure/azure_credentials_test.go
+++ b/pkg/credentialprovider/azure/azure_credentials_test.go
@@ -43,19 +43,25 @@ func Test(t *testing.T) {
 		{
 			Name: to.StringPtr("foo"),
 			RegistryProperties: &containerregistry.RegistryProperties{
-				LoginServer: to.StringPtr("foo-microsoft.azurecr.io"),
+				LoginServer: to.StringPtr("*.azurecr.io"),
 			},
 		},
 		{
 			Name: to.StringPtr("bar"),
 			RegistryProperties: &containerregistry.RegistryProperties{
-				LoginServer: to.StringPtr("bar-microsoft.azurecr.io"),
+				LoginServer: to.StringPtr("*.azurecr.cn"),
 			},
 		},
 		{
 			Name: to.StringPtr("baz"),
 			RegistryProperties: &containerregistry.RegistryProperties{
-				LoginServer: to.StringPtr("baz-microsoft.azurecr.io"),
+				LoginServer: to.StringPtr("*.azurecr.de"),
+			},
+		},
+		{
+			Name: to.StringPtr("bus"),
+			RegistryProperties: &containerregistry.RegistryProperties{
+				LoginServer: to.StringPtr("*.azurecr.us"),
 			},
 		},
 	}