Remove hardcoded ACR URLs (#3330)

* remove hardcoded "azurecr.io" domain from scripts and terraform * remove hardcoded ACR domain from resource processor * update resource processor version * update core version * align naming of acr domain suffix * add method to get ACR name
microsoft · Apr 3, 2023 · 1ec3fdf · 1ec3fdf
1 parent d129b01
commit 1ec3fdf
Show file tree

Hide file tree

Showing 8 changed files with 22 additions and 12 deletions.
diff --git a/Makefile b/Makefile
@@ -4,8 +4,9 @@ SHELL:=/bin/bash
 MAKEFILE_FULLPATH := $(abspath $(lastword $(MAKEFILE_LIST)))
 MAKEFILE_DIR := $(dir $(MAKEFILE_FULLPATH))
 IMAGE_NAME_PREFIX?="microsoft/azuretre"
-FULL_CONTAINER_REGISTRY_NAME?="$${ACR_NAME}.azurecr.io"
-FULL_IMAGE_NAME_PREFIX:=`echo "${FULL_CONTAINER_REGISTRY_NAME}/${IMAGE_NAME_PREFIX}" | tr A-Z a-z`
+ACR_DOMAIN_SUFFIX := $(shell az cloud show --query suffixes.acrLoginServerEndpoint --output tsv)
+ACR_FQDN?="$${ACR_NAME}${ACR_DOMAIN_SUFFIX}"
+FULL_IMAGE_NAME_PREFIX:=`echo "${ACR_FQDN}/${IMAGE_NAME_PREFIX}" | tr A-Z a-z`
 LINTER_REGEX_INCLUDE?=all # regular expression used to specify which files to include in local linting (defaults to "all")
 E2E_TESTS_NUMBER_PROCESSES_DEFAULT=4  # can be overridden in e2e_tests/.env
 
@@ -54,7 +55,7 @@ $(call target_title, "Building $(1) Image") \
 && az acr login -n $${ACR_NAME} \
 && if [ -n "$${CI_CACHE_ACR_NAME:-}" ]; then \
 	az acr login -n $${CI_CACHE_ACR_NAME}; \
-	ci_cache="--cache-from $${CI_CACHE_ACR_NAME}.azurecr.io/${IMAGE_NAME_PREFIX}/$(1):$${__version__}"; fi \
+	ci_cache="--cache-from $${CI_CACHE_ACR_NAME}${ACR_DOMAIN_SUFFIX}/${IMAGE_NAME_PREFIX}/$(1):$${__version__}"; fi \
 && docker build -t ${FULL_IMAGE_NAME_PREFIX}/$(1):$${__version__} --build-arg BUILDKIT_INLINE_CACHE=1 \
 	--cache-from ${FULL_IMAGE_NAME_PREFIX}/$(1):$${__version__} $${ci_cache:-} -f $(3) $(4)
 endef
@@ -254,7 +255,7 @@ bundle-publish:
 	&& cd ${DIR} \
 	&& FULL_IMAGE_NAME_PREFIX=${FULL_IMAGE_NAME_PREFIX} \
 		${MAKEFILE_DIR}/devops/scripts/bundle_runtime_image_push.sh \
-	&& porter publish --registry "$${ACR_NAME}.azurecr.io" --force
+	&& porter publish --registry "${ACR_FQDN}" --force
 
 bundle-register:
 	@# NOTE: ACR_NAME below comes from the env files, so needs the double '$$'. Others are set on command execution and don't

diff --git a/core/terraform/locals.tf b/core/terraform/locals.tf
@@ -11,7 +11,7 @@ locals {
   ]
   servicebus_diagnostic_categories_enabled = ["OperationalLogs", "VNetAndIPFilteringLogs", "RuntimeAuditLogs", "ApplicationMetricsLogs"]
 
-  docker_registry_server = "${var.acr_name}.azurecr.io"
+  docker_registry_server = data.azurerm_container_registry.mgmt_acr.login_server
 
   # https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-configure-firewall#allow-requests-from-the-azure-portal
   azure_portal_cosmos_ips = "104.42.195.92,40.76.54.131,52.176.6.30,52.169.50.45,52.187.184.26"

diff --git a/core/version.txt b/core/version.txt
@@ -1 +1 @@
-__version__ = "0.7.12"
+__version__ = "0.7.13"
diff --git a/devops/scripts/bundle_runtime_image_build.sh b/devops/scripts/bundle_runtime_image_build.sh
@@ -14,6 +14,7 @@ image_name=$(yq eval ".custom.runtime_image.name" porter.yaml)
 version_file=$(yq eval ".custom.runtime_image.build.version_file" porter.yaml)
 docker_file=$(yq eval ".custom.runtime_image.build.docker_file" porter.yaml)
 docker_context=$(yq eval ".custom.runtime_image.build.docker_context" porter.yaml)
+acr_domain_suffix=$(az cloud show --query suffixes.acrLoginServerEndpoint --output tsv)
 
 version_line=$(cat "${version_file}")
 
@@ -28,7 +29,7 @@ docker_cache=("--cache-from" "${FULL_IMAGE_NAME_PREFIX}/${image_name}:${version}
 
 if [ -n "${CI_CACHE_ACR_NAME:-}" ]; then
 	az acr login -n "${CI_CACHE_ACR_NAME}"
-	docker_cache+=("--cache-from" "${CI_CACHE_ACR_NAME}.azurecr.io/${IMAGE_NAME_PREFIX}/${image_name}:${version}")
+	docker_cache+=("--cache-from" "${CI_CACHE_ACR_NAME}${acr_domain_suffix}/${IMAGE_NAME_PREFIX}/${image_name}:${version}")
 fi
 
 docker build --build-arg BUILDKIT_INLINE_CACHE=1 \

diff --git a/devops/scripts/register_bundle_with_api.sh b/devops/scripts/register_bundle_with_api.sh
@@ -96,7 +96,8 @@ if [[ -z ${bundle_type:-} ]]; then
     usage
 fi
 
-explain_json=$(porter explain --reference "${acr_name}".azurecr.io/"$(yq eval '.name' porter.yaml)":v"$(yq eval '.version' porter.yaml)" -o json)
+acr_domain_suffix=$(az cloud show --query suffixes.acrLoginServerEndpoint --output tsv)
+explain_json=$(porter explain --reference "${acr_name}${acr_domain_suffix}"/"$(yq eval '.name' porter.yaml)":v"$(yq eval '.version' porter.yaml)" -o json)
 
 payload=$(echo "${explain_json}" | jq --argfile json_schema template_schema.json --arg current "${current}" --arg bundle_type "${bundle_type}" '. + {"json_schema": $json_schema, "resourceType": $bundle_type, "current": $current}')
 

diff --git a/resource_processor/_version.py b/resource_processor/_version.py
@@ -1 +1 @@
-__version__ = "0.5.6"
+__version__ = "0.5.7"
diff --git a/resource_processor/resources/commands.py b/resource_processor/resources/commands.py
@@ -5,6 +5,7 @@
 
 from resources.helpers import get_installation_id
 from shared.logging import shell_output_logger
+from shared.cloud import get_acr_domain_suffix
 
 
 def azure_login_command(config):
@@ -19,7 +20,8 @@ def azure_login_command(config):
 
 
 def azure_acr_login_command(config):
-    return f"az acr login --name {config['registry_server'].replace('.azurecr.io','')}"
+    acr_name = _get_acr_name(acr_fqdn=config['registry_server'])
+    return f"az acr login --name {acr_name}"
 
 
 async def build_porter_command(config, logger, msg_body, custom_action=False):
@@ -110,7 +112,7 @@ async def get_porter_parameter_keys(config, logger, msg_body):
 def get_special_porter_param_value(config, parameter_name: str, msg_body):
     # some parameters might not have identical names and this comes to handle that
     if parameter_name == "mgmt_acr_name":
-        return config["registry_server"].replace('.azurecr.io', '')
+        return _get_acr_name(acr_fqdn=config['registry_server'])
     if parameter_name == "mgmt_resource_group_name":
         return config["tfstate_resource_group_name"]
     if parameter_name == "workspace_id":
@@ -119,3 +121,7 @@ def get_special_porter_param_value(config, parameter_name: str, msg_body):
         return msg_body.get("parentWorkspaceServiceId")  # not included in all messages
     if (value := config["bundle_params"].get(parameter_name.lower())) is not None:
         return value
+
+
+def _get_acr_name(acr_fqdn: str):
+    return acr_fqdn.replace(get_acr_domain_suffix(), '')
diff --git a/templates/workspace_services/innereye/install_service_azureml.sh b/templates/workspace_services/innereye/install_service_azureml.sh
@@ -1,7 +1,8 @@
 #!/bin/bash
 set -e
 
+acr_domain_suffix=$(az cloud show --query suffixes.acrLoginServerEndpoint --output tsv)
 
-porter install tre-service-azureml --reference "${MGMT_ACR_NAME}.azurecr.io/tre-service-azureml:v0.1.9" \
+porter install tre-service-azureml --reference "${MGMT_ACR_NAME}${acr_domain_suffix}/tre-service-azureml:v0.1.9" \
     --cred ./arm_auth_local_debugging.json \
     --parameter-set ./parameters_service_azureml.json