feat(cli): add user-assigned managed identity support to ACR cache rules #9340
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Co-authored-by: Kunal Mitra <[email protected]>
Triggered by Azure CLI Extensions Release Pipeline - ADO_BUILD_URL: https://dev.azure.com/azclitools/release/_build/results?buildId=177061&view=results Last commit: Azure@1557c7a
* Updated vendored SDK files * code changes for updated SDK * New test cases * Test fixes * styling * Version and history edits * CI failures and test fixes * CI failures and test fixes * Re-run the test to trigger CI pipeline --------- Co-authored-by: Harshit Surana <[email protected]> Co-authored-by: Siddhant Singh <[email protected]>
…62.0 and release 0.3.54 (Azure#7837)
Triggered by Azure CLI Extensions Release Pipeline - ADO_BUILD_URL: https://dev.azure.com/azclitools/release/_build/results?buildId=177797&view=results Last commit: https://github.com/Azure/azure-cli-extensions/commit/
Triggered by Azure CLI Extensions Release Pipeline - ADO_BUILD_URL: https://dev.azure.com/azclitools/release/_build/results?buildId=177803&view=results Last commit: Azure@0a40f5c
Triggered by Azure CLI Extensions Release Pipeline - ADO_BUILD_URL: https://dev.azure.com/azclitools/release/_build/results?buildId=177810&view=results Last commit: Azure@d0eff77
Triggered by Azure CLI Extensions Release Pipeline - ADO_BUILD_URL: https://dev.azure.com/azclitools/release/_build/results?buildId=177816&view=results Last commit: Azure@a297133
Triggered by Azure CLI Extensions Release Pipeline - ADO_BUILD_URL: https://dev.azure.com/azclitools/release/_build/results?buildId=177827&view=results Last commit: Azure@8977f76
* add vmmserver props field * updated release history for v1.1.1 * update version in setup.py
Triggered by Azure CLI Extensions Release Pipeline - ADO_BUILD_URL: https://dev.azure.com/azclitools/release/_build/results?buildId=177941&view=results Last commit: Azure@9415618
Triggered by Azure CLI Extensions Release Pipeline - ADO_BUILD_URL: https://dev.azure.com/azclitools/release/_build/results?buildId=178115&view=results Last commit: Azure@7524130
* changing containers to be hosted on mcr * changing input args for genpolicy * some containers use empty string env vars. this allows for that * updating tests and readme for new kata interface * updating images and getting rid of unused code * moving import statement * using MCR images * updating test to have empty command
Triggered by Azure CLI Extensions Release Pipeline - ADO_BUILD_URL: https://dev.azure.com/azclitools/release/_build/results?buildId=178704&view=results Last commit: Azure@d554ce1
* adjust workflow vars
* generate code * update version * add gateway commands * remove vmware update * run tests * add gateway tests * add tests * hide subscription * add arc module * add gateway tests * add NSP get test * add service name for gateway * add 200 response in nsp reconcile * remove NSP PATCH * fix pylint errors * update codebase * Update src/connectedmachine/azext_connectedmachine/aaz/latest/connectedmachine/license/_update.py Co-authored-by: Yan Zhu <[email protected]> * fix ci error * fix ci * fix ci * remove arc * fix comment * fix comment * fix comment --------- Co-authored-by: Yan Zhu <[email protected]>
Triggered by Azure CLI Extensions Release Pipeline - ADO_BUILD_URL: https://dev.azure.com/azclitools/release/_build/results?buildId=179040&view=results Last commit: Azure@d9baa11
yml to build and deploy azure-cli and azure-cli-extensions repos build acrcache extension
Removing unused yml pipeline
This checklist is used to make sure that common guidelines for a pull
request are followed.
### Related command
<!--- Please provide the related command with az {command} if you can,
so that we can quickly route to the related person to review. --->
### General Guidelines
- [ ] Have you run `azdev style <YOUR_EXT>` locally? (`pip install
azdev` required)
- [ ] Have you run `python scripts/ci/test_index.py -q` locally? (`pip
install wheel==0.30.0` required)
- [ ] My extension version conforms to the [Extension version
schema](https://github.com/Azure/azure-cli/blob/release/doc/extensions/versioning_guidelines.md)
For new extensions:
- [ ] My extension description/summary conforms to the [Extension
Summary
Guidelines](https://github.com/Azure/azure-cli/blob/dev/doc/extensions/extension_summary_guidelines.md).
### About Extension Publish
There is a pipeline to automatically build, upload and publish extension
wheels.
Once your pull request is merged into main branch, a new pull request
will be created to update `src/index.json` automatically.
You only need to update the version information in file setup.py and
historical information in file HISTORY.rst in your PR but do not modify
`src/index.json`.
---
This checklist is used to make sure that common guidelines for a pull
request are followed.
### Related command
<!--- Please provide the related command with az {command} if you can,
so that we can quickly route to the related person to review. --->
### General Guidelines
- [ ] Have you run `azdev style <YOUR_EXT>` locally? (`pip install
azdev` required)
- [ ] Have you run `python scripts/ci/test_index.py -q` locally? (`pip
install wheel==0.30.0` required)
- [ ] My extension version conforms to the [Extension version
schema](https://github.com/Azure/azure-cli/blob/release/doc/extensions/versioning_guidelines.md)
For new extensions:
- [ ] My extension description/summary conforms to the [Extension
Summary
Guidelines](https://github.com/Azure/azure-cli/blob/dev/doc/extensions/extension_summary_guidelines.md).
### About Extension Publish
There is a pipeline to automatically build, upload and publish extension
wheels.
Once your pull request is merged into main branch, a new pull request
will be created to update `src/index.json` automatically.
You only need to update the version information in file setup.py and
historical information in file HISTORY.rst in your PR but do not modify
`src/index.json`.
Update python SDK to include platform filtering commands
---
This checklist is used to make sure that common guidelines for a pull
request are followed.
### Related command
<!--- Please provide the related command with az {command} if you can,
so that we can quickly route to the related person to review. --->
### General Guidelines
- [ ] Have you run `azdev style <YOUR_EXT>` locally? (`pip install
azdev` required)
- [ ] Have you run `python scripts/ci/test_index.py -q` locally? (`pip
install wheel==0.30.0` required)
- [ ] My extension version conforms to the [Extension version
schema](https://github.com/Azure/azure-cli/blob/release/doc/extensions/versioning_guidelines.md)
For new extensions:
- [ ] My extension description/summary conforms to the [Extension
Summary
Guidelines](https://github.com/Azure/azure-cli/blob/dev/doc/extensions/extension_summary_guidelines.md).
### About Extension Publish
There is a pipeline to automatically build, upload and publish extension
wheels.
Once your pull request is merged into main branch, a new pull request
will be created to update `src/index.json` automatically.
You only need to update the version information in file setup.py and
historical information in file HISTORY.rst in your PR but do not modify
`src/index.json`.
---
Added CLI arguments for --platforms, --sync-referrers,
--include-artifact-types, and --exclude-artifact-types to az acr cache
create and az acr cache update.
Documentation:
Updated help and README to reflect new parameter options and usage
examples.
Wheel file updated to VERSION = '1.0.0c3' to avoid mix up with previous
whl files.
This checklist is used to make sure that common guidelines for a pull
request are followed.
### Related command
<!--- Please provide the related command with az {command} if you can,
so that we can quickly route to the related person to review. --->
### General Guidelines
- [ ] Have you run `azdev style <YOUR_EXT>` locally? (`pip install
azdev` required)
- [ ] Have you run `python scripts/ci/test_index.py -q` locally? (`pip
install wheel==0.30.0` required)
- [ ] My extension version conforms to the [Extension version
schema](https://github.com/Azure/azure-cli/blob/release/doc/extensions/versioning_guidelines.md)
For new extensions:
- [ ] My extension description/summary conforms to the [Extension
Summary
Guidelines](https://github.com/Azure/azure-cli/blob/dev/doc/extensions/extension_summary_guidelines.md).
### About Extension Publish
There is a pipeline to automatically build, upload and publish extension
wheels.
Once your pull request is merged into main branch, a new pull request
will be created to update `src/index.json` automatically.
You only need to update the version information in file setup.py and
historical information in file HISTORY.rst in your PR but do not modify
`src/index.json`.
---
This checklist is used to make sure that common guidelines for a pull
request are followed.
### Related command
<!--- Please provide the related command with az {command} if you can,
so that we can quickly route to the related person to review. --->
### General Guidelines
- [ ] Have you run `azdev style <YOUR_EXT>` locally? (`pip install
azdev` required)
- [ ] Have you run `python scripts/ci/test_index.py -q` locally? (`pip
install wheel==0.30.0` required)
- [ ] My extension version conforms to the [Extension version
schema](https://github.com/Azure/azure-cli/blob/release/doc/extensions/versioning_guidelines.md)
For new extensions:
- [ ] My extension description/summary conforms to the [Extension
Summary
Guidelines](https://github.com/Azure/azure-cli/blob/dev/doc/extensions/extension_summary_guidelines.md).
### About Extension Publish
There is a pipeline to automatically build, upload and publish extension
wheels.
Once your pull request is merged into main branch, a new pull request
will be created to update `src/index.json` automatically.
You only need to update the version information in file setup.py and
historical information in file HISTORY.rst in your PR but do not modify
`src/index.json`.
…e values in cache rule creation/update logic
update version
…pdate operations Add user-assigned managed identity support to cache rule create and update operations
|
Validation for Breaking Change Starting...
Thanks for your contribution! |
|
Hi @mabelegba, |
|
Thank you for your contribution! We will review the pull request and get back to you soon. |
|
The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR. Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions). pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>
|
There was a problem hiding this comment.
Pull Request Overview
This PR adds support for user-assigned managed identities to Azure Container Registry (ACR) cache rules, enabling secure cross-tenant authentication. The implementation includes CLI argument additions, identity validation logic, model updates, and comprehensive unit tests.
Key changes:
- Added
--assign-identityparameter toaz acr cache createandaz acr cache updatecommands - Implemented identity resource ID validation with proper error handling
- Extended unit tests covering identity parameter handling and validation scenarios
Reviewed Changes
Copilot reviewed 124 out of 169 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| src/acrcache/setup.py | Incremented extension version to 1.0.0c7 and added vendored SDK package references |
| src/acrcache/azext_acrcache/tests/latest/test_cache.py | Added comprehensive unit tests for identity processing, validation, and integration with create/update operations |
| src/acrcache/azext_acrcache/vendored_sdks/containerregistry/v2025_09_01_preview/* | Added vendored SDK files for the new API version with cache rule examples |
| @@ -0,0 +1,4 @@ | |||
| ```yaml | |||
| input-file: | |||
| - ./containerregistry.json | |||
There was a problem hiding this comment.
The input-file reference './containerregistry.json' does not exist in the diff or related files shown. Verify that this JSON specification file exists or update the reference path.
Suggested change
| - ./containerregistry.json | |
| - ./containerregistry.yaml |
| @@ -0,0 +1,4 @@ | |||
| ```yaml | |||
| input-file: | |||
| - ./containerregistry_aspnetcore1.json | |||
There was a problem hiding this comment.
The input-file reference './containerregistry_aspnetcore1.json' does not exist in the diff or related files shown. Verify that this JSON specification file exists or update the reference path.
Suggested change
| - ./containerregistry_aspnetcore1.json |
| }, | ||
| "201": { | ||
| "headers": { | ||
| "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.ContainerRegistry/registries/myRegistry/packages/rpm/archives/myArchiveName/versions/myArchiveVersionName/operationStatuses/archoveversion-00000000-0000-0000-0000-000000000000?api-version=2023-01-01-preview" |
There was a problem hiding this comment.
Typo in URL segment: 'archoveversion' should be 'archiveversion'.
Suggested change
| "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.ContainerRegistry/registries/myRegistry/packages/rpm/archives/myArchiveName/versions/myArchiveVersionName/operationStatuses/archoveversion-00000000-0000-0000-0000-000000000000?api-version=2023-01-01-preview" | |
| "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.ContainerRegistry/registries/myRegistry/packages/rpm/archives/myArchiveName/versions/myArchiveVersionName/operationStatuses/archiveversion-00000000-0000-0000-0000-000000000000?api-version=2023-01-01-preview" |
|
Hi @mabelegba Release SuggestionsModule: acrcache
Notes
|
|
Total execution time: 0.04 seconds |
&color=red)
| arg_group="Properties", | ||
| help="Webhook status.", | ||
| enum={"false": "Enabled", "true": "Disabled"}, | ||
| default="Enalbed", |
There was a problem hiding this comment.
Corrected spelling of 'Enalbed' to 'Enabled'.
Suggested change
| default="Enalbed", | |
| default="Enabled", |
| "acat report webhook update", | ||
| ) | ||
| class Update(AAZCommand): | ||
| """Update an exiting AppComplianceAutomation webhook. |
There was a problem hiding this comment.
Corrected spelling of 'exiting' to 'existing'.
Suggested change
| """Update an exiting AppComplianceAutomation webhook. | |
| """Update an existing AppComplianceAutomation webhook. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
78 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Added user-assigned managed identity to ACR cache rule create/update
Support for specifying user-assigned managed identities was added to both cache rule creation and update commands, enabling secure tenant authentication. This includes CLI argument, parameter validation, model updates, CLI help, and unit tests.
Changes
Impact
No breaking interface changes; non-identity operations remain unaffected.
Additional tests improve reliability; no evident performance impact or new external dependencies.
This checklist is used to make sure that common guidelines for a pull request are followed.
Related command
General Guidelines
azdev style <YOUR_EXT>locally? (pip install azdevrequired)python scripts/ci/test_index.py -qlocally? (pip install wheel==0.30.0required)For new extensions:
About Extension Publish
There is a pipeline to automatically build, upload and publish extension wheels.
Once your pull request is merged into main branch, a new pull request will be created to update
src/index.jsonautomatically.You only need to update the version information in file setup.py and historical information in file HISTORY.rst in your PR but do not modify
src/index.json.