-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: migrate azure-sdk-for-go/containerregistry to the latest release #1829
base: dev
Are you sure you want to change the base?
chore: migrate azure-sdk-for-go/containerregistry to the latest release #1829
Conversation
Signed-off-by: Shahram Kalantari <shahramk@gmail.com>
Codecov ReportAttention: Patch coverage is
|
@@ -130,9 +130,23 @@ func (d *azureWIAuthProvider) Provide(ctx context.Context, artifact string) (pro | |||
serverURL := "https://" + artifactHostName | |||
|
|||
// create registry client and exchange AAD token for registry refresh token | |||
refreshTokenClient := containerregistry.NewRefreshTokensClient(serverURL) | |||
// TODO: Consider adding authentication client options for multicloud scenarios | |||
client, err := azcontainerregistry.NewAuthenticationClient(serverURL, nil) // &AuthenticationClientOptions{ClientOptions: options}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
suggestion to make a variable ( improved readability for why the param is nil) , assign it to nil then pass into NewAuthenticationClient
Hi @shahramk64 , thanks for the PR. please link to the AKS run in your fork once this is ready for review. thanks! |
rt, err := refreshTokenClient.GetFromExchange(ctx, "access_token", artifactHostName, d.tenantID, "", d.identityToken.Token) | ||
client, err := azcontainerregistry.NewAuthenticationClient(serverURL, nil) // &AuthenticationClientOptions{ClientOptions: options}) | ||
if err != nil { | ||
return provider.AuthConfig{}, re.ErrorCodeAuthDenied.NewError(re.AuthProvider, "", re.AzureWorkloadIdentityLink, err, "failed to create authentication client for container registry by azure managed identity token", re.HideStackTrace) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: we can follow the new pattern to generate a Ratify error: https://github.com/ratify-project/ratify/blob/dev/pkg/controllers/utils/verifier.go#L63
Description
What this PR does / why we need it:
auth provider currently uses an old preview version of azure sdk for go. With the latest release of the sdk, the necessary API to exchange the AAD access token for an ACR refresh token is exposed and we can migrate to this latest release.
Which issue(s) this PR fixes (optional, using
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close the issue(s) when the PR gets merged):Fixes #959
Type of change
Please delete options that are not relevant.
main
branch)How Has This Been Tested?
Please describe the tests that you ran to verify your changes. Please also list any relevant details for your test configuration
Checklist:
Post Merge Requirements
Helm Chart Change