Skip to content

[ACR] az acr login: Add refreshToken and username fields to the output after using --expose-token parameter #31091

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
zhoxing-ms merged 17 commits into from
May 19, 2025
+38 −7
Merged

[ACR] az acr login: Add refreshToken and username fields to the output after using --expose-token parameter #31091

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
067a198
add field
Mar 20, 2025
fbc84e9
added test
Mar 24, 2025
4972235
fix failed test
Mar 25, 2025
578da2a
resolve comments
Mar 27, 2025
d75a1ba
resolve comments
Mar 27, 2025
60561ed
update
Mar 27, 2025
2659ac7
fix CI
Apr 8, 2025
57e1a07
fix CI
Apr 8, 2025
2a41b79
Merge branch 'dev' into add-refresh-token-field
Apr 8, 2025
2a7a93a
removed recording
Apr 8, 2025
76c1f08
change test to live only
May 14, 2025
05d7528
Merge branch 'dev' into add-refresh-token-field
May 14, 2025
e32a9f6
resolved conflict
May 14, 2025
6ba5784
doc fix
May 14, 2025
6a34b12
fix azdev-style
May 14, 2025
a3ef0a6
fix azdev style check
May 14, 2025
438c148
fix failed style check
May 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 7 additions & 3 deletions src/azure-cli/azure/cli/command_modules/acr/custom.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -276,12 +276,16 @@ def acr_login(cmd,
password=password,
resource_group_name=resource_group_name)

logger.warning("You can perform manual login using the provided access token below, "
"for example: 'docker login loginServer -u %s -p accessToken'", EMPTY_GUID)
logger.warning("Note: The token in both the accessToken and refreshToken fields is an ACR Refresh Token, not an ACR Access Token. This ACR Refresh Token cannot be used directly to authenticate with registry APIs such as pushing/pulling images and listing repositories/tags. This ACR Refresh Token must be subsequently exchanged for an ACR Access. Please see https://aka.ms/acr/auth/oauth")

logger.warning("You can perform manual login using the provided refresh token below, "
Comment thread
wangxiaoxuan273 marked this conversation as resolved.
"for example: 'docker login loginServer -u %s -p refreshToken'", EMPTY_GUID)

token_info = {
"loginServer": login_server,
"accessToken": password
"username": EMPTY_GUID,
"accessToken": password,
"refreshToken": password
}

return token_info
Expand Down
25 changes: 23 additions & 2 deletions src/azure-cli/azure/cli/command_modules/acr/tests/latest/test_acr_commands.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,7 @@

from azure.cli.testsdk.scenario_tests import AllowLargeResponse
from azure.cli.testsdk import ScenarioTest, ResourceGroupPreparer, KeyVaultPreparer, record_only, live_only
from azure.cli.command_modules.acr.custom import DEF_DIAG_SETTINGS_NAME_TEMPLATE

from azure.cli.command_modules.acr.custom import DEF_DIAG_SETTINGS_NAME_TEMPLATE, EMPTY_GUID

class AcrCommandsTests(ScenarioTest):

Expand Down Expand Up @@ -103,6 +102,28 @@ def test_check_name_availability(self):
self.check('nameAvailable', True)
])

@ResourceGroupPreparer()
def test_acr_login_expose_token(self, resource_group):
registry_name = self.create_random_name('clireg', 20)

self.kwargs.update({
'registry_name': registry_name,
'rg': resource_group,
'sku': 'Premium'
})

self.cmd('acr create -n {registry_name} -g {rg} --sku {sku}',
checks=[self.check('name', '{registry_name}'),
self.check('provisioningState', 'Succeeded')])

tokens = self.cmd('acr login -n {} --expose-token'.format(registry_name), checks=[
self.exists('accessToken'),
self.exists('refreshToken'),
self.exists('loginServer'),
self.check('username', EMPTY_GUID)]).get_output_in_json()

self.assertEqual(tokens['accessToken'], tokens['refreshToken'])

@ResourceGroupPreparer()
def test_acr_create_with_managed_registry(self, resource_group, resource_group_location):
registry_name = self.create_random_name('clireg', 20)
Expand Down