diff --git a/src/connectedk8s/HISTORY.rst b/src/connectedk8s/HISTORY.rst index 29729594ce8..465bc004fa7 100644 --- a/src/connectedk8s/HISTORY.rst +++ b/src/connectedk8s/HISTORY.rst @@ -2,6 +2,11 @@ Release History =============== +1.10.11 ++++++++ +* Removed hardcoded public ARM endpoint URL for Government clouds. +* Fixed incorrect MCR endpoint URLs for Government cloud environments. + 1.10.10 +++++ * Deprecated '--app-id' and '--app-secret' RBAC parameters from the extension by adding them to _breaking_change.py. diff --git a/src/connectedk8s/azext_connectedk8s/_client_factory.py b/src/connectedk8s/azext_connectedk8s/_client_factory.py index bc1b613fd9f..0a795ec9c92 100644 --- a/src/connectedk8s/azext_connectedk8s/_client_factory.py +++ b/src/connectedk8s/azext_connectedk8s/_client_factory.py @@ -83,7 +83,6 @@ def cf_connectedk8s_prev_2025_08_01( KubernetesClient, subscription_id=os.getenv("AZURE_SUBSCRIPTION_ID"), credential=credential, - base_url="https://management.azure.com", per_call_policies=[headers_policy], ) return client @@ -91,7 +90,6 @@ def cf_connectedk8s_prev_2025_08_01( client = get_mgmt_service_client( cli_ctx, KubernetesClient, - base_url="https://management.azure.com", per_call_policies=[headers_policy], ) return client diff --git a/src/connectedk8s/azext_connectedk8s/_precheckutils.py b/src/connectedk8s/azext_connectedk8s/_precheckutils.py index b10c9a22241..231f2b4c659 100644 --- a/src/connectedk8s/azext_connectedk8s/_precheckutils.py +++ b/src/connectedk8s/azext_connectedk8s/_precheckutils.py @@ -212,7 +212,7 @@ def executing_cluster_diagnostic_checks_job( ) return None - mcr_url = azext_utils.get_mcr_path(cmd) + mcr_url = azext_utils.get_mcr_path(cmd.cli_ctx.cloud.endpoints.active_directory) chart_path = azext_utils.get_chart_path( f"{mcr_url}/{consts.Cluster_Diagnostic_Checks_Job_Registry_Path}", diff --git a/src/connectedk8s/azext_connectedk8s/_utils.py b/src/connectedk8s/azext_connectedk8s/_utils.py index 6717ed907c1..e3268806f7b 100644 --- a/src/connectedk8s/azext_connectedk8s/_utils.py +++ b/src/connectedk8s/azext_connectedk8s/_utils.py @@ -58,11 +58,15 @@ # pylint: disable=bare-except -def get_mcr_path(cmd: CLICommand) -> str: - active_directory_array = cmd.cli_ctx.cloud.endpoints.active_directory.split(".") +def get_mcr_path(active_directory_endpoint: str) -> str: + active_directory_array = active_directory_endpoint.split(".") - # default for public, mc, ff clouds - mcr_postfix = active_directory_array[2] + # For US Government and China clouds, use public mcr + if active_directory_endpoint.endswith((".us", ".cn")): + return "mcr.microsoft.com" + + # Default MCR postfix + mcr_postfix = "com" # special cases for USSec, exclude part of suffix if len(active_directory_array) == 4 and active_directory_array[2] == "microsoft": mcr_postfix = active_directory_array[3] diff --git a/src/connectedk8s/azext_connectedk8s/clientproxyhelper/_binaryutils.py b/src/connectedk8s/azext_connectedk8s/clientproxyhelper/_binaryutils.py index c655b4269de..5097fb952cc 100644 --- a/src/connectedk8s/azext_connectedk8s/clientproxyhelper/_binaryutils.py +++ b/src/connectedk8s/azext_connectedk8s/clientproxyhelper/_binaryutils.py @@ -76,7 +76,7 @@ def _download_proxy_from_MCR( operating_system: str, architecture: str, ) -> None: - mcr_url = utils.get_mcr_path(cmd) + mcr_url = utils.get_mcr_path(cmd.cli_ctx.cloud.endpoints.active_directory) mar_target = f"{mcr_url}/{consts.CLIENT_PROXY_MCR_TARGET}/{operating_system.lower()}/{architecture}/arc-proxy" logger.debug( diff --git a/src/connectedk8s/azext_connectedk8s/custom.py b/src/connectedk8s/azext_connectedk8s/custom.py index c5ed8ed8ec9..d90c0c760c0 100644 --- a/src/connectedk8s/azext_connectedk8s/custom.py +++ b/src/connectedk8s/azext_connectedk8s/custom.py @@ -1318,7 +1318,7 @@ def install_helm_client(cmd: CLICommand) -> str: "Downloading helm client for first time. This can take few minutes..." ) - mcr_url = utils.get_mcr_path(cmd) + mcr_url = utils.get_mcr_path(cmd.cli_ctx.cloud.endpoints.active_directory) client = oras.client.OrasClient(hostname=mcr_url) retry_count = 3 diff --git a/src/connectedk8s/azext_connectedk8s/tests/unittests/test_utils_.py b/src/connectedk8s/azext_connectedk8s/tests/unittests/test_utils_.py index 768290b902a..32d1da1e3b4 100644 --- a/src/connectedk8s/azext_connectedk8s/tests/unittests/test_utils_.py +++ b/src/connectedk8s/azext_connectedk8s/tests/unittests/test_utils_.py @@ -9,6 +9,7 @@ sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), "../../.."))) from azext_connectedk8s._utils import ( + get_mcr_path, process_helm_error_detail, redact_sensitive_fields_from_string, remove_rsa_private_key, @@ -76,5 +77,27 @@ def test_redact_sensitive_fields_from_string(): ) +def test_get_mcr_path(): + input_active_directory = "login.microsoftonline.com" + expected_output = "mcr.microsoft.com" + assert get_mcr_path(input_active_directory) == expected_output + + input_active_directory = "login.microsoftonline.us" + expected_output = "mcr.microsoft.com" + assert get_mcr_path(input_active_directory) == expected_output + + input_active_directory = "login.chinacloudapi.cn" + expected_output = "mcr.microsoft.com" + assert get_mcr_path(input_active_directory) == expected_output + + input_active_directory = "https://login.microsoftonline.microsoft.foo" + expected_output = "mcr.microsoft.foo" + assert get_mcr_path(input_active_directory) == expected_output + + input_active_directory = "https://login.microsoftonline.some.cloud.bar" + expected_output = "mcr.microsoft.some.cloud.bar" + assert get_mcr_path(input_active_directory) == expected_output + + if __name__ == "__main__": pytest.main() diff --git a/src/connectedk8s/setup.py b/src/connectedk8s/setup.py index d911326cd31..2738252ec48 100644 --- a/src/connectedk8s/setup.py +++ b/src/connectedk8s/setup.py @@ -13,7 +13,7 @@ # TODO: Confirm this is the right version number you want and it matches your # HISTORY.rst entry. -VERSION = "1.10.10" +VERSION = "1.10.11" # The full list of classifiers is available at # https://pypi.python.org/pypi?%3Aaction=list_classifiers