Skip to content

Added service principal, admin user, and tags #17

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
djyou merged 1 commit into from
Oct 18, 2016
Merged

Added service principal, admin user, and tags #17

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
104 changes: 79 additions & 25 deletions src/command_modules/azure-cli-acr/README.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,9 @@ Commands to manage Azure container registries
az acr: Commands to manage Azure container registries.

Subgroups:
repository
credential: Manage admin user credential for Azure container registries.
repository: Manage repositories for Azure container registries.
storage : Manage storage accounts for Azure container registries.

Commands:
create : Create a container registry.
Expand All @@ -29,13 +31,25 @@ Create a container registry
--location -l [Required]: Location.
--name -n [Required]: Name of container registry.
--resource-group -g [Required]: Name of resource group.
--storage-account-name -s : Name of storage account.
--app-id : The app id of an existing service principal. If provided, no
--new-sp or -p should be specified.
--enable-admin : Enable admin user.
--new-sp : Create a new service principal. If provided, no --app-id should
be specified. Optional: Use -p to specify a password.
--password -p : Password used to log into a container registry.
--role -r : Name of role. (Owner, Contributor, Reader). Default: Reader.
--storage-account-name -s : Name of new or existing storage account. If not provided, a
random storage account name will be generated.

Examples
Create a container registry with a new storage account
az acr create -n <registry-name> -g <resource-group> -l <location>
Create a container registry with a new/existing storage account
az acr create -n <registry-name> -g <resource-group> -l <location> -s <storage-account-name>
az acr create -n myRegistry -g myResourceGroup -l southus
Create a container registry with an existing storage account
az acr create -n myRegistry -g myResourceGroup -l southus -s myStorageAccount
Create a container registry with a new service principal
az acr create -n myRegistry -g myResourceGroup -l southus --new-sp -p myPassword -r Owner
Create a container registry with an existing service principal
az acr create -n myRegistry -g myResourceGroup -l southus --app-id myAppId -r Owner

Delete a container registry
-------------
Expand All @@ -46,6 +60,7 @@ Delete a container registry

Arguments
--name -n [Required]: Name of container registry.
--resource-group -g : Name of resource group.

List container registries
-------------
Expand All @@ -61,7 +76,7 @@ List container registries
List container registries and show result in a table
az acr list -o table
List container registries in a resource group and show result in a table
az acr list -g <resource-group> -o table
az acr list -g myResourceGroup -o table

Get a container registry
-------------
Expand All @@ -72,6 +87,7 @@ Get a container registry

Arguments
--name -n [Required]: Name of container registry.
--resource-group -g : Name of resource group.

Update a container registry
-------------
Expand All @@ -82,11 +98,50 @@ Update a container registry

Arguments
--name -n [Required]: Name of container registry.
--tags : Multiple semicolon separated tags in 'key[=value]' format. Use "" to
clear existing tags.
--app-id : The app id of an existing service principal. If provided, no --new-sp or
-p should be specified.
--disable-admin : Disable admin user.
--enable-admin : Enable admin user.
--new-sp : Create a new service principal. If provided, no --app-id should be
specified. Optional: Use -p to specify a password.
--password -p : Password used to log into a container registry.
--resource-group -g : Name of resource group.
--role -r : Name of role. (Owner, Contributor, Reader). Default: Reader.
--tags : Space separated tags in 'key[=value]' format. Use "" to clear existing
tags.
--tenant-id -t : Tenant id for service principal login. Warning: Changing tenant id will
invalidate assigned access of existing service principals.

Examples
Update tags of a container registry and show result in a table
az acr update -n <registry-name> --tags key1=value1;key2=value2 -o table
Update tags of a container registry
az acr update -n myRegistry --tags key1=value1;key2=value2
Update a container registry with a new service principal
az acr update -n myRegistry --new-sp -p myPassword -r Owner
Update a container registry with an existing service principal
az acr update -n myRegistry --app-id myAppId -r Owner

Update storage account for a container registry
-------------
::

Command
az acr storage update: Update storage account for a container registry.

Arguments
--name -n [Required]: Name of container registry.
--storage-account-name -s [Required]: Name of new or existing storage account.
--resource-group -g : Name of resource group.

Get admin username and password for a container registry
-------------
::

Command
az acr credential show: Get admin username and password for a container registry.

Arguments
--name -n [Required]: Name of container registry.
--resource-group -g : Name of resource group.

List repositories in a given container registry
-------------
Expand All @@ -96,16 +151,15 @@ List repositories in a given container registry
az acr repository list: List repositories in a given container registry.

Arguments
--login-server [Required]: The URL of a container registry login server.
--password : The password used to log into the container registry.
--username : The username used to log into the container registry.
--name -n [Required]: Name of container registry.
--password -p : Password used to log into a container registry.
--username -u : Username used to log into a container registry.

Examples
List repositories in a given container registry under the current subscription
az acr repository list --login-server <login-server>
List repositories in a given container registry if admin user is enabled
az acr repository list -n myRegistry
List repositories in a given container registry with credentials
az acr repository list --login-server <login-server> --username <username> --password
<password>
az acr repository list -n myRegistry -u myUsername -p myPassword

Show tags of a given repository in a given container registry
-------------
Expand All @@ -115,14 +169,14 @@ Show tags of a given repository in a given container registry
az acr repository show-tags: Show tags of a given repository in a given container registry.

Arguments
--login-server [Required]: The URL of a container registry login server.
--repository [Required]: The repository to obtain tags from.
--password : The password used to log into the container registry.
--username : The username used to log into the container registry.
--name -n [Required]: Name of container registry.
--repository [Required]: The repository to obtain tags from.
--password -p : Password used to log into a container registry.
--username -u : Username used to log into a container registry.

Examples
Show tags of a given repository in a given container registry under the current subscription
az acr repository show-tags --login-server <login-server> --repository <repository>
Show tags of a given repository in a given container registry if admin user is enabled
az acr repository show-tags -n myRegistry --repository myRepository
Show tags of a given repository in a given container registry with credentials
az acr repository show-tags --login-server <login-server> --repository <repository>
--username <username> --password <password>
az acr repository show-tags -n myRegistry --repository myRepository -u myUsername -p
myPassword
2 changes: 2 additions & 0 deletions src/command_modules/azure-cli-acr/azure/cli/command_modules/acr/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,6 @@
import azure.cli.command_modules.acr._help
import azure.cli.command_modules.acr._params
import azure.cli.command_modules.acr.custom
import azure.cli.command_modules.acr.storage
import azure.cli.command_modules.acr.credential
import azure.cli.command_modules.acr.repository
156 changes: 122 additions & 34 deletions src/command_modules/azure-cli-acr/azure/cli/command_modules/acr/_arm_utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,97 +3,185 @@
# Licensed under the MIT License. See License.txt in the project root for license information.
#---------------------------------------------------------------------------------------------

from azure.cli.command_modules.acr.mgmt_acr.models import RegistryParameters
from azure.cli.core._util import CLIError
from azure.cli.core.commands.parameters import (
get_resources_in_subscription,
get_resources_in_resource_group
)

from azure.cli.command_modules.acr.mgmt_acr.models import Registry

from ._constants import (
RESOURCE_PROVIDER,
RESOURCE_TYPE
)
from ._factory import get_arm_service_client

from azure.cli.command_modules.acr.mgmt_acr import VERSION
from ._factory import (
get_arm_service_client,
get_storage_service_client,
get_acr_api_version
)
from ._utils import get_resource_group_name_by_resource_id

def arm_get_registries_in_subscription():
'''Returns the list of container registries in the current subscription.
'''
client = get_arm_service_client()
filter_str = "resourceType eq '{}'".format(RESOURCE_TYPE)
result = list(client.resources.list(filter=filter_str))

return [RegistryParameters(item.id, item.name, item.location, item.tags) for item in result]
result = get_resources_in_subscription(RESOURCE_TYPE)
return [Registry(item.id, item.name, item.location, item.tags) for item in result]

def arm_get_registries_in_resource_group(resource_group_name):
'''Returns the list of container registries in the resource group.
:param str resource_group_name: The name of resource group
'''
client = get_arm_service_client()
filter_str = "resourceType eq '{}'".format(RESOURCE_TYPE)
result = list(client.resource_groups.list_resources(resource_group_name, filter=filter_str))
result = get_resources_in_resource_group(resource_group_name, RESOURCE_TYPE)
return [Registry(item.id, item.name, item.location, item.tags) for item in result]

return [RegistryParameters(item.id, item.name, item.location, item.tags) for item in result]

def arm_get_registry_by_name(registry_name):
'''Returns the container registry that matches the registry name.
:param str registry_name: The name of container registry
def _arm_get_resource_by_name(resource_name, resource_type):
'''Returns the ARM resource in the current subscription with resource_name.
:param str resource_name: The name of resource
:param str resource_type: The type of resource
'''
registries = arm_get_registries_in_subscription()
elements = [item for item in registries if item.name.lower() == registry_name.lower()]
result = get_resources_in_subscription(resource_type)
elements = [item for item in result if item.name.lower() == resource_name.lower()]

if len(elements) == 0:
return None
elif len(elements) == 1:
return elements[0]
else:
raise ValueError('More than one container registries are found with name: ' + registry_name)
raise CLIError(
'More than one resources with type {} are found with name: {}'.format(
resource_type, resource_name))

def arm_deploy_template(resource_group_name, registry_name, location, storage_account_name):
'''Deploys ARM template to create a container registry.
def arm_get_registry_by_name(registry_name):
'''Returns the named container registry.
:param str registry_name: The name of container registry
'''
return _arm_get_resource_by_name(registry_name, RESOURCE_TYPE)

def arm_get_storage_account_by_name(storage_account_name):
'''Returns the named storage account.
:param str storage_account_name: The name of storage account
'''
return _arm_get_resource_by_name(storage_account_name, 'Microsoft.Storage/storageAccounts')

def arm_deploy_template(resource_group_name,
registry_name,
location,
storage_account_name,
admin_user_enabled):
'''Deploys ARM template to create/update a container registry.
:param str resource_group_name: The name of resource group
:param str registry_name: The name of container registry
:param str location: The name of location
:param str storage_account_name: The name of storage account
:param bool admin_user_enabled: Enable admin user
'''
from azure.mgmt.resource.resources.models import DeploymentProperties
from azure.cli.core._util import get_file_json
import os

file_path = os.path.join(os.path.dirname(__file__), 'template.json')
parameters = _parameters(registry_name, location, storage_account_name, admin_user_enabled)
storage_account_resource_group, _ = _parse_storage_account(storage_account_name)

if storage_account_resource_group:
file_path = os.path.join(os.path.dirname(__file__), 'template.existing.json')
parameters['storageAccountResourceGroup'] = {'value': storage_account_resource_group}
else:
file_path = os.path.join(os.path.dirname(__file__), 'template.new.json')
parameters['storageAccountType'] = {'value': 'Standard_LRS'}

template = get_file_json(file_path)
parameters = _parameters(registry_name, location, storage_account_name)
properties = DeploymentProperties(template=template, parameters=parameters, mode='incremental')

return _arm_deploy_template(resource_group_name, properties)
return _arm_deploy_template(
get_arm_service_client().deployments, resource_group_name, properties)

def _arm_deploy_template(resource_group_name, properties, index=0):
def _arm_deploy_template(deployments_client,
resource_group_name,
properties,
index=0):
'''Deploys ARM template to create a container registry.
:param obj deployments_client: ARM deployments service client
:param str resource_group_name: The name of resource group
:param DeploymentProperties properties: The properties of a deployment
:param int index: The index added to deployment name to avoid conflict
'''
if index == 0:
deployment_name = RESOURCE_PROVIDER
elif index > 9: # Just a number to avoid infinite loops
raise CLIError(
'The resource group {} has too many deployments'.format(resource_group_name))
else:
deployment_name = RESOURCE_PROVIDER + '_' + str(index)

client = get_arm_service_client()

try:
client.deployments.validate(resource_group_name, deployment_name, properties)
return client.deployments.create_or_update(resource_group_name, deployment_name, properties)
deployments_client.validate(
resource_group_name, deployment_name, properties)
return deployments_client.create_or_update(
resource_group_name, deployment_name, properties)
except: #pylint: disable=W0702
return _arm_deploy_template(resource_group_name, properties, index + 1)
return _arm_deploy_template(
deployments_client, resource_group_name, properties, index + 1)

def _parameters(registry_name, location, storage_account_name):
def _parameters(registry_name,
location,
storage_account_name,
admin_user_enabled):
'''Returns a dict of deployment parameters.
:param str registry_name: The name of container registry
:param str location: The name of location
:param str storage_account_name: The name of storage account
:param bool admin_user_enabled: Enable admin user
'''
parameters = {
'registryName': {'value': registry_name},
'registryLocation': {'value': location},
'registryApiVersion': {'value': VERSION},
'registryApiVersion': {'value': get_acr_api_version()},
'storageAccountName': {'value': storage_account_name},
'storageAccountApiVersion': {'value': '2015-05-01-preview'}
'adminUserEnabled': {'value': admin_user_enabled}
}
return parameters

def _parse_storage_account(storage_account_name):
'''Returns resource group and tags in the storage account.
:param str storage_account_name: The name of storage account
'''
storage_account = arm_get_storage_account_by_name(storage_account_name)

if storage_account:
storage_account_resource_group = get_resource_group_name_by_resource_id(storage_account.id)
return storage_account_resource_group, storage_account.tags
else:
return None, None

def add_tag_storage_account(storage_account_name, registry_name):
'''Add a new tag (key, value) to the storage account.
:param str storage_account_name: The name of storage account
:param str registry_name: The name of container registry
'''
from azure.mgmt.storage.models import StorageAccountUpdateParameters
storage_account_resource_group, tags = _parse_storage_account(storage_account_name)

tags[registry_name.lower()] = 'acr'
client = get_storage_service_client().storage_accounts

return client.update(storage_account_resource_group,
storage_account_name,
StorageAccountUpdateParameters(tags=tags))

def delete_tag_storage_account(storage_account_name, registry_name):
'''Delete a tag (key, value) from the storage account, if value matches registry_name.
:param str storage_account_name: The name of storage account
:param str registry_name: The name of container registry
'''
from azure.mgmt.storage.models import StorageAccountUpdateParameters
storage_account_resource_group, tags = _parse_storage_account(storage_account_name)
registry_name = registry_name.lower()

if registry_name in tags and tags[registry_name] == 'acr':
del tags[registry_name]
client = get_storage_service_client().storage_accounts

return client.update(storage_account_resource_group,
storage_account_name,
StorageAccountUpdateParameters(tags=tags))
Loading