Merge remote-tracking branch 'azure/dev' into mi

Author: jiasli

src/azure-cli-core/azure/cli/core/_profile.py

@@ -220,19 +220,20 @@ def login(self,
         self._set_subscriptions(consolidated)
         return deepcopy(consolidated)
 
-    def login_with_managed_identity_msrestazure(
-            self, identity_id=None, client_id=None, object_id=None, resource_id=None, allow_no_subscriptions=None):
+    def login_with_managed_identity_msrestazure(self, client_id=None, object_id=None, resource_id=None,
+                                                allow_no_subscriptions=None):
+        # Old way of using msrestazure for managed identity
         import jwt
-        from azure.mgmt.core.tools import is_valid_resource_id
         from azure.cli.core.auth.adal_authentication import MSIAuthenticationWrapper
         resource = self.cli_ctx.cloud.endpoints.active_directory_resource_id
 
-        id_arg_count = len([arg for arg in (client_id, object_id, resource_id, identity_id) if arg])
+        id_arg_count = len([arg for arg in (client_id, object_id, resource_id) if arg])
         if id_arg_count > 1:
-            raise CLIError('Usage error: Provide only one of --client-id, --object-id, --resource-id, or --username.')
+            raise CLIError('Usage error: Provide only one of --client-id, --object-id, --resource-id.')
 
         if id_arg_count == 0:
             identity_type = MsiAccountTypes.system_assigned
+            identity_id = None
             msi_creds = MSIAuthenticationWrapper(resource=resource)
         elif client_id:
             identity_type = MsiAccountTypes.user_assigned_client_id
@@ -246,37 +247,6 @@ def login_with_managed_identity_msrestazure(
             identity_type = MsiAccountTypes.user_assigned_resource_id
             identity_id = resource_id
             msi_creds = MSIAuthenticationWrapper(resource=resource, msi_res_id=resource_id)
-        # The old way of re-using the same --username for 3 types of ID
-        elif identity_id:
-            if is_valid_resource_id(identity_id):
-                msi_creds = MSIAuthenticationWrapper(resource=resource, msi_res_id=identity_id)
-                identity_type = MsiAccountTypes.user_assigned_resource_id
-            else:
-                authenticated = False
-                from azure.cli.core.azclierror import AzureResponseError
-                try:
-                    msi_creds = MSIAuthenticationWrapper(resource=resource, client_id=identity_id)
-                    identity_type = MsiAccountTypes.user_assigned_client_id
-                    authenticated = True
-                except AzureResponseError as ex:
-                    if 'http error: 400, reason: Bad Request' in ex.error_msg:
-                        logger.info('Sniff: not an MSI client id')
-                    else:
-                        raise
-
-                if not authenticated:
-                    try:
-                        identity_type = MsiAccountTypes.user_assigned_object_id
-                        msi_creds = MSIAuthenticationWrapper(resource=resource, object_id=identity_id)
-                        authenticated = True
-                    except AzureResponseError as ex:
-                        if 'http error: 400, reason: Bad Request' in ex.error_msg:
-                            logger.info('Sniff: not an MSI object id')
-                        else:
-                            raise
-
-                if not authenticated:
-                    raise CLIError('Failed to connect to MSI, check your managed service identity id.')
 
         token_entry = msi_creds.token
         token = token_entry['access_token']
@@ -301,7 +271,7 @@ def login_with_managed_identity_msrestazure(
         return deepcopy(consolidated)
 
     def login_with_managed_identity(self, client_id=None, object_id=None, resource_id=None,
-                                         allow_no_subscriptions=None):
+                                    allow_no_subscriptions=None):
         if not _use_msal_managed_identity(self.cli_ctx):
             return self.login_with_managed_identity_msrestazure(
                 client_id=client_id, object_id=object_id, resource_id=resource_id,

src/azure-cli-core/azure/cli/core/tests/test_profile.py

@@ -639,19 +639,6 @@ def test_login_with_mi_user_assigned_client_id(self, create_subscription_client_
         self.assertEqual(s['user']['type'], 'servicePrincipal')
         self.assertEqual(s['user']['assignedIdentityInfo'], 'MSIClient-{}'.format(test_client_id))
 
-        # Old way of using identity_id
-        subscriptions = profile.login_with_managed_identity(identity_id=test_client_id)
-
-        self.assertEqual(len(subscriptions), 1)
-        s = subscriptions[0]
-        self.assertEqual(s['name'], self.display_name1)
-        self.assertEqual(s['id'], self.id1.split('/')[-1])
-        self.assertEqual(s['tenantId'], self.test_mi_tenant)
-
-        self.assertEqual(s['user']['name'], 'userAssignedIdentity')
-        self.assertEqual(s['user']['type'], 'servicePrincipal')
-        self.assertEqual(s['user']['assignedIdentityInfo'], 'MSIClient-{}'.format(test_client_id))
-
     @mock.patch('azure.cli.core.auth.adal_authentication.MSIAuthenticationWrapper', autospec=True)
     @mock.patch('azure.cli.core._profile.SubscriptionFinder._create_subscription_client', autospec=True)
     @mock.patch.dict('os.environ', {'AZURE_CORE_USE_MSAL_MANAGED_IDENTITY': 'false'})
@@ -693,14 +680,6 @@ def set_token(self):
         self.assertEqual(s['user']['type'], 'servicePrincipal')
         self.assertEqual(s['user']['assignedIdentityInfo'], 'MSIObject-{}'.format(test_object_id))
 
-        # Old way of using identity_id
-        subscriptions = profile.login_with_managed_identity(identity_id=test_object_id)
-
-        s = subscriptions[0]
-        self.assertEqual(s['user']['name'], 'userAssignedIdentity')
-        self.assertEqual(s['user']['type'], 'servicePrincipal')
-        self.assertEqual(s['user']['assignedIdentityInfo'], 'MSIObject-{}'.format(test_object_id))
-
     @mock.patch('requests.get', autospec=True)
     @mock.patch('azure.cli.core._profile.SubscriptionFinder._create_subscription_client', autospec=True)
     @mock.patch.dict('os.environ', {'AZURE_CORE_USE_MSAL_MANAGED_IDENTITY': 'false'})
@@ -735,14 +714,6 @@ def test_login_with_mi_user_assigned_resource_id(self, create_subscription_clien
         self.assertEqual(s['user']['type'], 'servicePrincipal')
         self.assertEqual(subscriptions[0]['user']['assignedIdentityInfo'], 'MSIResource-{}'.format(test_res_id))
 
-        # Old way of using identity_id
-        subscriptions = profile.login_with_managed_identity(identity_id=test_res_id)
-
-        s = subscriptions[0]
-        self.assertEqual(s['user']['name'], 'userAssignedIdentity')
-        self.assertEqual(s['user']['type'], 'servicePrincipal')
-        self.assertEqual(subscriptions[0]['user']['assignedIdentityInfo'], 'MSIResource-{}'.format(test_res_id))
-
     @mock.patch('azure.cli.core._profile.SubscriptionFinder._create_subscription_client', autospec=True)
     @mock.patch('azure.cli.core.auth.msal_credentials.ManagedIdentityCredential', ManagedIdentityCredentialStub)
     def test_login_with_mi_system_assigned_msal(self, create_subscription_client_mock):

src/azure-cli/azure/cli/command_modules/acr/_client_factory.py

@@ -82,4 +82,4 @@ def cf_acr_agentpool(cli_ctx, *_):
 
 
 def cf_acr_connected_registries(cli_ctx, *_):
-    return get_acr_service_client(cli_ctx, VERSION_2021_08_01_PREVIEW).connected_registries
+    return get_acr_service_client(cli_ctx, VERSION_2024_11_01_PREVIEW).connected_registries

src/azure-cli/azure/cli/command_modules/acr/_params.py

@@ -551,6 +551,10 @@ def load_arguments(self, _):  # pylint: disable=too-many-statements
         c.argument('sync_schedule', options_list=['--sync-schedule', '-s'], help='Optional parameter to define the sync schedule. Uses cron expression to determine the schedule. If not specified, the instance is considered always online and attempts to sync every minute.', required=False, default="* * * * *")
         c.argument('sync_message_ttl', help='Determine how long the sync messages will be kept in the cloud. Uses ISO 8601 duration format.', required=False, default="P2D")
         c.argument('notifications', options_list=['--notifications'], nargs='+', help='List of artifact pattern for which notifications need to be generated. Use the format "--notifications [PATTERN1 PATTERN2 ...]".')
+        c.argument('garbage_collection_enabled', options_list=['--gc-enabled'],
+                   help='Indicate whether garbage collection is enabled. It is enabled by default.', arg_type=get_three_state_flag(), required=False, default="true")
+        c.argument('garbage_collection_schedule', options_list=['--gc-schedule'],
+                   help='Used to determine garbage collection schedule. Uses cron expression to determine the schedule. If not specified, garbage collection is set to run once a day.', required=False, default="0 0 * * *")
 
     with self.argument_context('acr connected-registry update') as c:
         c.argument('log_level', help='Set the log level for logging on the instance. Accepted log levels are Debug, Information, Warning, Error, and None.')
@@ -565,7 +569,9 @@ def load_arguments(self, _):  # pylint: disable=too-many-statements
                    help='List of artifact pattern to be added to notifications list. Use the format "--add-notifications [PATTERN1 PATTERN2 ...]".')
         c.argument('remove_notifications', options_list=['--remove-notifications'], nargs='*',
                    help='List of artifact pattern to be removed from notifications list. Use the format "--remove-notifications [PATTERN1 PATTERN2 ...]".')
-
+        c.argument('garbage_collection_enabled', options_list=['--gc-enabled'],
+                   help='Indicate whether garbage collection is enabled. It is enabled by default.', arg_type=get_three_state_flag())
+        c.argument('garbage_collection_schedule', options_list=['--gc-schedule'], help='Used to determine garbage collection schedule. Uses cron expression to determine the schedule. If not specified, garbage collection is set to run once a day.')
     with self.argument_context('acr connected-registry permissions') as c:
         c.argument('add_repos', options_list=['--add'], nargs='*',
                    help='repository permissions to be added to the targeted connected registry and it\'s ancestors sync scope maps. Use the format "--add [REPO1 REPO2 ...]" per flag. ' + repo_valid_actions)

src/azure-cli/azure/cli/command_modules/acr/connected_registry.py

@@ -60,6 +60,8 @@ def acr_connected_registry_create(cmd,  # pylint: disable=too-many-locals, too-m
                                   log_level=None,
                                   sync_audit_logs_enabled=False,
                                   notifications=None,
+                                  garbage_collection_enabled=None,
+                                  garbage_collection_schedule=None,
                                   yes=False):
 
     if bool(sync_token_name) == bool(repositories):
@@ -71,7 +73,7 @@ def acr_connected_registry_create(cmd,  # pylint: disable=too-many-locals, too-m
     registry, resource_group_name = get_registry_by_name(cmd.cli_ctx, registry_name, resource_group_name)
 
     if not registry.data_endpoint_enabled:
-        user_confirmation("Dedicated data enpoints must be enabled to use connected-registry. Enabling might " +
+        user_confirmation("Dedicated data endpoints must be enabled to use connected-registry. Enabling might " +
                           "impact your firewall rules. Are you sure you want to enable it for '{}' registry?".format(
                               registry_name), yes)
         acr_update_custom(cmd, registry, resource_group_name, data_endpoint_enabled=True)
@@ -111,8 +113,10 @@ def acr_connected_registry_create(cmd,  # pylint: disable=too-many-locals, too-m
     notifications_set = set(notifications) \
         if notifications else set()
 
-    ConnectedRegistry, LoggingProperties, SyncProperties, ParentProperties = cmd.get_models(
-        'ConnectedRegistry', 'LoggingProperties', 'SyncProperties', 'ParentProperties')
+    ConnectedRegistry, LoggingProperties, SyncProperties, \
+        ParentProperties, GarbageCollectionProperties = cmd.get_models(
+            'ConnectedRegistry', 'LoggingProperties', 'SyncProperties',
+            'ParentProperties', 'GarbageCollectionProperties')
     connected_registry_create_parameters = ConnectedRegistry(
         provisioning_state=None,
         mode=mode,
@@ -130,6 +134,10 @@ def acr_connected_registry_create(cmd,  # pylint: disable=too-many-locals, too-m
             log_level=log_level,
             audit_log_status='Enabled' if sync_audit_logs_enabled else 'Disabled'
         ),
+        garbage_collection=GarbageCollectionProperties(
+            enabled=garbage_collection_enabled,
+            schedule=garbage_collection_schedule
+        ),
         notifications_list=list(notifications_set) if notifications_set else None
     )
 
@@ -155,7 +163,9 @@ def acr_connected_registry_update(cmd,  # pylint: disable=too-many-locals, too-m
                                   sync_message_ttl=None,
                                   sync_audit_logs_enabled=None,
                                   add_notifications=None,
-                                  remove_notifications=None):
+                                  remove_notifications=None,
+                                  garbage_collection_enabled=None,
+                                  garbage_collection_schedule=None):
     _, resource_group_name = validate_managed_registry(
         cmd, registry_name, resource_group_name)
     subscription_id = get_subscription_id(cmd.cli_ctx)
@@ -211,8 +221,10 @@ def acr_connected_registry_update(cmd,  # pylint: disable=too-many-locals, too-m
 
     notifications_list = list(notifications_set) if notifications_set != current_notifications_set else None
 
-    ConnectedRegistryUpdateParameters, SyncUpdateProperties, LoggingProperties = cmd.get_models(
-        'ConnectedRegistryUpdateParameters', 'SyncUpdateProperties', 'LoggingProperties')
+    ConnectedRegistryUpdateParameters, SyncUpdateProperties, \
+        LoggingProperties, GarbageCollectionProperties = cmd.get_models(
+            'ConnectedRegistryUpdateParameters', 'SyncUpdateProperties',
+            'LoggingProperties', 'GarbageCollectionProperties')
     connected_registry_update_parameters = ConnectedRegistryUpdateParameters(
         sync_properties=SyncUpdateProperties(
             schedule=sync_schedule,
@@ -223,6 +235,10 @@ def acr_connected_registry_update(cmd,  # pylint: disable=too-many-locals, too-m
             log_level=log_level,
             audit_log_status=sync_audit_logs_enabled
         ),
+        garbage_collection=GarbageCollectionProperties(
+            enabled=garbage_collection_enabled,
+            schedule=garbage_collection_schedule
+        ),
         client_token_ids=client_token_list,
         notifications_list=notifications_list
     )