mirror of https://github.com/k3s-io/k3s
fix acr sp access issue
andyzhangx
parent
b68c9440da
commit
a7e328c211
|
|
@ -40,6 +40,8 @@ var flagConfigFile = pflag.String("azure-container-registry-config", "",
|
|||
|
||||
const dummyRegistryEmail = "name@contoso.com"
|
||||
|
||||
var containerRegistryUrls = []string{"*.azurecr.io", "*.azurecr.cn", "*.azurecr.de", "*.azurecr.us"}
|
||||
|
||||
// init registers the various means by which credentials may
|
||||
// be resolved on Azure.
|
||||
func init() {
|
||||
|
|
@ -176,6 +178,7 @@ func (a *acrProvider) Provide() credentialprovider.DockerConfig {
|
|||
ctx, cancel := getContextWithCancel()
|
||||
defer cancel()
|
||||
|
||||
if a.config.UseManagedIdentityExtension {
|
||||
glog.V(4).Infof("listing registries")
|
||||
result, err := a.registryClient.List(ctx)
|
||||
if err != nil {
|
||||
|
|
@ -185,22 +188,23 @@ func (a *acrProvider) Provide() credentialprovider.DockerConfig {
|
|||
|
||||
for ix := range result {
|
||||
loginServer := getLoginServer(result[ix])
|
||||
var cred *credentialprovider.DockerConfigEntry
|
||||
|
||||
if a.config.UseManagedIdentityExtension {
|
||||
cred, err = getACRDockerEntryFromARMToken(a, loginServer)
|
||||
glog.V(2).Infof("loginServer: %s", loginServer)
|
||||
cred, err := getACRDockerEntryFromARMToken(a, loginServer)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
cfg[loginServer] = *cred
|
||||
}
|
||||
} else {
|
||||
cred = &credentialprovider.DockerConfigEntry{
|
||||
// Add our entry for each of the supported container registry URLs
|
||||
for _, url := range containerRegistryUrls {
|
||||
cred := &credentialprovider.DockerConfigEntry{
|
||||
Username: a.config.AADClientID,
|
||||
Password: a.config.AADClientSecret,
|
||||
Email: dummyRegistryEmail,
|
||||
}
|
||||
cfg[url] = *cred
|
||||
}
|
||||
|
||||
cfg[loginServer] = *cred
|
||||
}
|
||||
return cfg
|
||||
}
|
||||
|
|
|
|||
|
|
@ -43,19 +43,25 @@ func Test(t *testing.T) {
|
|||
{
|
||||
Name: to.StringPtr("foo"),
|
||||
RegistryProperties: &containerregistry.RegistryProperties{
|
||||
LoginServer: to.StringPtr("foo-microsoft.azurecr.io"),
|
||||
LoginServer: to.StringPtr("*.azurecr.io"),
|
||||
},
|
||||
},
|
||||
{
|
||||
Name: to.StringPtr("bar"),
|
||||
RegistryProperties: &containerregistry.RegistryProperties{
|
||||
LoginServer: to.StringPtr("bar-microsoft.azurecr.io"),
|
||||
LoginServer: to.StringPtr("*.azurecr.cn"),
|
||||
},
|
||||
},
|
||||
{
|
||||
Name: to.StringPtr("baz"),
|
||||
RegistryProperties: &containerregistry.RegistryProperties{
|
||||
LoginServer: to.StringPtr("baz-microsoft.azurecr.io"),
|
||||
LoginServer: to.StringPtr("*.azurecr.de"),
|
||||
},
|
||||
},
|
||||
{
|
||||
Name: to.StringPtr("bus"),
|
||||
RegistryProperties: &containerregistry.RegistryProperties{
|
||||
LoginServer: to.StringPtr("*.azurecr.us"),
|
||||
},
|
||||
},
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue