Remove hardcoded ACR URLs (#3330)

* remove hardcoded "azurecr.io" domain from scripts and terraform * remove hardcoded ACR domain from resource processor * update resource processor version * update core version * align naming of acr domain suffix * add method to get ACR name
2023-03-12 14:39:25 +02:00 · 2023-03-12 14:39:25 +02:00 · 1ec3fdf3ed
--- a/9
+++ b/9
@ -4,8 +4,9 @@ SHELL:=/bin/bash
 MAKEFILE_FULLPATH := $(abspath $(lastword $(MAKEFILE_LIST)))
 MAKEFILE_DIR := $(dir $(MAKEFILE_FULLPATH))
 IMAGE_NAME_PREFIX?="microsoft/azuretre"
-FULL_CONTAINER_REGISTRY_NAME?="$${ACR_NAME}.azurecr.io"
-FULL_IMAGE_NAME_PREFIX:=`echo "${FULL_CONTAINER_REGISTRY_NAME}/${IMAGE_NAME_PREFIX}" | tr A-Z a-z`
+ACR_DOMAIN_SUFFIX := $(shell az cloud show --query suffixes.acrLoginServerEndpoint --output tsv)
+ACR_FQDN?="$${ACR_NAME}${ACR_DOMAIN_SUFFIX}"
+FULL_IMAGE_NAME_PREFIX:=`echo "${ACR_FQDN}/${IMAGE_NAME_PREFIX}" | tr A-Z a-z`
 LINTER_REGEX_INCLUDE?=all # regular expression used to specify which files to include in local linting (defaults to "all")
 E2E_TESTS_NUMBER_PROCESSES_DEFAULT=4  # can be overridden in e2e_tests/.env

@ -54,7 +55,7 @@ $(call target_title, "Building $(1) Image") \
 && az acr login -n $${ACR_NAME} \
 && if [ -n "$${CI_CACHE_ACR_NAME:-}" ]; then \
 	az acr login -n $${CI_CACHE_ACR_NAME}; \
-	ci_cache="--cache-from $${CI_CACHE_ACR_NAME}.azurecr.io/${IMAGE_NAME_PREFIX}/$(1):$${__version__}"; fi \
+	ci_cache="--cache-from $${CI_CACHE_ACR_NAME}${ACR_DOMAIN_SUFFIX}/${IMAGE_NAME_PREFIX}/$(1):$${__version__}"; fi \
 && docker build -t ${FULL_IMAGE_NAME_PREFIX}/$(1):$${__version__} --build-arg BUILDKIT_INLINE_CACHE=1 \
 	--cache-from ${FULL_IMAGE_NAME_PREFIX}/$(1):$${__version__} $${ci_cache:-} -f $(3) $(4)
 endef
@ -254,7 +255,7 @@ bundle-publish:
 	&& cd ${DIR} \
 	&& FULL_IMAGE_NAME_PREFIX=${FULL_IMAGE_NAME_PREFIX} \
 		${MAKEFILE_DIR}/devops/scripts/bundle_runtime_image_push.sh \
-	&& porter publish --registry "$${ACR_NAME}.azurecr.io" --force
+	&& porter publish --registry "${ACR_FQDN}" --force

 bundle-register:
 	@# NOTE: ACR_NAME below comes from the env files, so needs the double '$$'. Others are set on command execution and don't
--- a/core/terraform/locals.tf
+++ b/core/terraform/locals.tf
@ -11,7 +11,7 @@ locals {
  ]
  servicebus_diagnostic_categories_enabled = ["OperationalLogs", "VNetAndIPFilteringLogs", "RuntimeAuditLogs", "ApplicationMetricsLogs"]

-  docker_registry_server = "${var.acr_name}.azurecr.io"
+  docker_registry_server = data.azurerm_container_registry.mgmt_acr.login_server

  # https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-configure-firewall#allow-requests-from-the-azure-portal
  azure_portal_cosmos_ips = "104.42.195.92,40.76.54.131,52.176.6.30,52.169.50.45,52.187.184.26"
--- a/core/version.txt
+++ b/core/version.txt
@ -1 +1 @@
-__version__ = "0.7.12"
+__version__ = "0.7.13"
--- a/devops/scripts/bundle_runtime_image_build.sh
+++ b/devops/scripts/bundle_runtime_image_build.sh
@ -14,6 +14,7 @@ image_name=$(yq eval ".custom.runtime_image.name" porter.yaml)
 version_file=$(yq eval ".custom.runtime_image.build.version_file" porter.yaml)
 docker_file=$(yq eval ".custom.runtime_image.build.docker_file" porter.yaml)
 docker_context=$(yq eval ".custom.runtime_image.build.docker_context" porter.yaml)
+acr_domain_suffix=$(az cloud show --query suffixes.acrLoginServerEndpoint --output tsv)

 version_line=$(cat "${version_file}")

@ -28,7 +29,7 @@ docker_cache=("--cache-from" "${FULL_IMAGE_NAME_PREFIX}/${image_name}:${version}

 if [ -n "${CI_CACHE_ACR_NAME:-}" ]; then
 	az acr login -n "${CI_CACHE_ACR_NAME}"
-	docker_cache+=("--cache-from" "${CI_CACHE_ACR_NAME}.azurecr.io/${IMAGE_NAME_PREFIX}/${image_name}:${version}")
+	docker_cache+=("--cache-from" "${CI_CACHE_ACR_NAME}${acr_domain_suffix}/${IMAGE_NAME_PREFIX}/${image_name}:${version}")
 fi

 docker build --build-arg BUILDKIT_INLINE_CACHE=1 \
--- a/devops/scripts/register_bundle_with_api.sh
+++ b/devops/scripts/register_bundle_with_api.sh
@ -96,7 +96,8 @@ if [[ -z ${bundle_type:-} ]]; then
    usage
 fi

-explain_json=$(porter explain --reference "${acr_name}".azurecr.io/"$(yq eval '.name' porter.yaml)":v"$(yq eval '.version' porter.yaml)" -o json)
+acr_domain_suffix=$(az cloud show --query suffixes.acrLoginServerEndpoint --output tsv)
+explain_json=$(porter explain --reference "${acr_name}${acr_domain_suffix}"/"$(yq eval '.name' porter.yaml)":v"$(yq eval '.version' porter.yaml)" -o json)

 payload=$(echo "${explain_json}" | jq --argfile json_schema template_schema.json --arg current "${current}" --arg bundle_type "${bundle_type}" '. + {"json_schema": $json_schema, "resourceType": $bundle_type, "current": $current}')

--- a/resource_processor/_version.py
+++ b/resource_processor/_version.py
@ -1 +1 @@
-__version__ = "0.5.6"
+__version__ = "0.5.7"
--- a/resource_processor/resources/commands.py
+++ b/resource_processor/resources/commands.py
@ -5,6 +5,7 @@ import base64

 from resources.helpers import get_installation_id
 from shared.logging import shell_output_logger
+from shared.cloud import get_acr_domain_suffix


 def azure_login_command(config):
@ -19,7 +20,8 @@ def azure_login_command(config):


 def azure_acr_login_command(config):
-    return f"az acr login --name {config['registry_server'].replace('.azurecr.io','')}"
+    acr_name = _get_acr_name(acr_fqdn=config['registry_server'])
+    return f"az acr login --name {acr_name}"


 async def build_porter_command(config, logger, msg_body, custom_action=False):
@ -110,7 +112,7 @@ async def get_porter_parameter_keys(config, logger, msg_body):
 def get_special_porter_param_value(config, parameter_name: str, msg_body):
    # some parameters might not have identical names and this comes to handle that
    if parameter_name == "mgmt_acr_name":
-        return config["registry_server"].replace('.azurecr.io', '')
+        return _get_acr_name(acr_fqdn=config['registry_server'])
    if parameter_name == "mgmt_resource_group_name":
        return config["tfstate_resource_group_name"]
    if parameter_name == "workspace_id":
@ -119,3 +121,7 @@ def get_special_porter_param_value(config, parameter_name: str, msg_body):
        return msg_body.get("parentWorkspaceServiceId")  # not included in all messages
    if (value := config["bundle_params"].get(parameter_name.lower())) is not None:
        return value
+
+
+def _get_acr_name(acr_fqdn: str):
+    return acr_fqdn.replace(get_acr_domain_suffix(), '')
--- a/templates/workspace_services/innereye/install_service_azureml.sh
+++ b/templates/workspace_services/innereye/install_service_azureml.sh
@ -1,7 +1,8 @@
 #!/bin/bash
 set -e

+acr_domain_suffix=$(az cloud show --query suffixes.acrLoginServerEndpoint --output tsv)

-porter install tre-service-azureml --reference "${MGMT_ACR_NAME}.azurecr.io/tre-service-azureml:v0.1.9" \
+porter install tre-service-azureml --reference "${MGMT_ACR_NAME}${acr_domain_suffix}/tre-service-azureml:v0.1.9" \
    --cred ./arm_auth_local_debugging.json \
    --parameter-set ./parameters_service_azureml.json