Question

如果Az powershell没有它，那么使用REST Api的工作代码示例将很有帮助。

这是我要走的路，但是如果有人有有效的样本，请分享。

Answer 1

不可能通过Azure PowerShell将图像导入ACR，但是存在REST API。看看Import Image REST API。

Answer 2

因此，我设法使用REST API触发了导入。这是我的代码（使用服务主体登录）：

function Get-AcrId($SubId, $RGName, $AcrName)
{
    "/subscriptions/$SubId/resourceGroups/$RGName/providers/Microsoft.ContainerRegistry/registries/$ACRName"
}

function Get-AzureAuthenticationToken(
    [Parameter(Mandatory)][String]$TenantID,
    [Parameter(Mandatory)][String]$ClientID,
    [Parameter(Mandatory)][String]$ClientSecret,
    [Parameter(Mandatory)][String]$ResourceAppIDUri)
{
    $tokenResponse = Invoke-RestMethod -Method Post -UseBasicParsing `
        -Uri "https://login.windows.net/$TenantID/oauth2/token" `
        -Body @{
        resource      = $ResourceAppIDUri
        client_id     = $ClientID
        grant_type    = 'client_credentials'
        client_secret = $ClientSecret
    } -ContentType 'application/x-www-form-urlencoded'

    Write-Verbose "Access token type is $($tokenResponse.token_type), expires $($tokenResponse.expires_on)"
    $tokenResponse.access_token
}

function Import-DockerImage(
    [Parameter(Mandatory)]$SourceSubId,
    [Parameter(Mandatory)]$SourceRGName,
    [Parameter(Mandatory)]$SourceACRName,
    [Parameter(Mandatory)]$TargetSubId,
    [Parameter(Mandatory)]$TargetRGName,
    [Parameter(Mandatory)]$TargetACRName,
    [Parameter(Mandatory)]$ImageName,
    [Parameter(Mandatory)]$ImageTag
)
{
    $AzContext = Get-AzContext
    if (!$AzContext)
    {
        throw "No Az context is found."
    }
    $TenantId = $AzContext.Tenant.Id
    $ClientId = $AzContext.Account.Id
    $ClientSecret = $AzContext.Account.ExtendedProperties.ServicePrincipalSecret
    $token = Get-AzureAuthenticationToken -TenantID $TenantId -ClientID $ClientId -ClientSecret $ClientSecret -ResourceAppIDUri "https://management.core.windows.net/"

    $url = "https://management.azure.com$(Get-AcrId $TargetSubId $TargetRGName $TargetACRName)/importImage?api-version=2019-05-01"
    $body = @{
        source     = @{
            resourceId  = Get-AcrId $SourceSubId $SourceRGName $SourceACRName
            sourceImage = "${ImageName}:$ImageTag"
        }
        targetTags = @(
            "${ImageName}:$ImageTag"
        )
        mode       = "NoForce"
    } | ConvertTo-Json -Depth 99
    $headers = @{
        "Authorization" = "Bearer $token"
        "Content-Type"  = "application/json" 
    }
    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
    $r = Invoke-WebRequest $url -Method Post -Headers $headers -Body $body

    $headers.Remove('Content-Type')
    while ($r.StatusCode -eq 202)
    {
        $RetryAfter = $r.Headers.'Retry-After'
        $Location = $r.Headers.Location
        Start-Sleep -Seconds $RetryAfter
        $r = Invoke-WebRequest $Location -Headers $headers
    }

如何使用Az powershell导入az acr？

2 个答案: