add exposeToken parameter for Connect-AzContainerRegistry to get the actual token (#24368)

Nickcandy · web-flow · commit dcc0d9f005c6 · 2024-03-26T10:50:57.000+08:00
* add exposeToken parameter for Connect-AzContainerRegistry to get the actual token

* fix connect-AzcontainerRegistry with token
diff --git a/src/ContainerRegistry/ContainerRegistry/ChangeLog.md b/src/ContainerRegistry/ContainerRegistry/ChangeLog.md
@@ -20,6 +20,7 @@
 ## Upcoming Release
 * Upgraded Azure.Core to 1.37.0.
 * Fixed vulnerability https://github.com/advisories/GHSA-8g9c-28fc-mcx2
+* Added exposeToken parameter for Connect-AzContainerRegistry to get token
 
 ## Version 4.1.3
 * Fixed bug in `Get-AzContainerRegistryManifest` returns only 100 results [#22922]
diff --git a/src/ContainerRegistry/ContainerRegistry/Commands/ConnectAzureContainerRegistry.cs b/src/ContainerRegistry/ContainerRegistry/Commands/ConnectAzureContainerRegistry.cs
@@ -13,6 +13,7 @@
 // ----------------------------------------------------------------------------------
 
 using Microsoft.WindowsAzure.Commands.Utilities.Common;
+using Newtonsoft.Json;
 using System;
 using System.Management.Automation;
 using System.Text.RegularExpressions;
@@ -40,6 +41,9 @@ public class ConnectAzureContainerRegistry : ContainerRegistryCmdletBase
         [ValidateNotNullOrEmpty]
         public string Password { get; set; }
 
+        [Parameter(Mandatory = false, ParameterSetName = WithoutNameAndPasswordParameterSet)]
+        [Parameter(Mandatory = false, ParameterSetName = WithNameAndPasswordParameterSet)]
+        public SwitchParameter ExposeToken { get; set; }
         protected override void InitDebuggingFilter()
         {
             AddDebuggingFilter(new Regex("(\\s*access_token\\s*=\\s*)[^\"]+"));
@@ -59,7 +63,19 @@ public override void ExecuteCmdlet() {
             }
 
             string LoginScript = string.Format("'{2}' | docker login {0} -u {1} --password-stdin", this.RegistryDataPlaneClient.GetEndPoint(), this.UserName, this.Password);
-            WriteObject(this.ExecuteScript<object>(LoginScript));
+            if (ExposeToken) {
+                WriteWarning("You can perform manual login using the provided access token, for example: 'docker login <loginServer> -u 00000000-0000-0000-0000-000000000000 -p <accessToken>'");
+                var cred = new
+                {
+                    status = this.ExecuteScript<object>(LoginScript),
+                    loginServer = Name + ".azurecr.io",
+                    accessToken = this.RegistryDataPlaneClient.Authenticate()
+                };
+                WriteObject(cred);
+            } else
+            {
+                WriteObject(this.ExecuteScript<object>(LoginScript));
+            }
         }
     }
 }
