[ACR] az acr create/check-name: Add parameter --dnl-scope for domain name label hash (#30638)

* DNL cli implementation

* whitespace

* whitespace

* whitespace

* whitespace

* whitespace

* run tests

* Revert "run tests"

This reverts commit f0901ad.

* DNL cli implementation

* whitespace

* whitespace

* whitespace

* whitespace

* whitespace

* run tests

* Revert "run tests"

This reverts commit f0901ad.

* address comments

* backtick

* ws

* DNL cli implementation

* whitespace

* whitespace

* whitespace

* whitespace

* whitespace

* run tests

* Revert "run tests"

This reverts commit f0901ad.

* address comments

* backtick

* ws

* change to check-name model

* spacing

* fix cache test

* fix cache test

* fix cmk test

* fix cmk test

* Update azure-mgmt-containerservice to version 34.2.0

* Resolve failing test by accounting for previous api versions without access to DNL model

* walrus operator

* Delete src/azure-cli/azure/cli/command_modules/acr/tests/.vscode/settings.json

* Update recordings

* mask secrets

* fix CMK test

* rerun test

* Modify tests and mask secrets, switch to personal sub instead of teamwide sub to prevent long recordings

* allow large responses

* managed registry live only

* removed acr credential test from core_registry_scenario

* fix test

* Update versions on tokens and scopemaps on client factory

* Fix

* Mask passwords in test recordings to 52 char

* mask secret to 52 char

* make containerapp live only

* Add live_only decorator to test method

make repository token live only

* add missing end "

* remove live_only from repository token create

* address comments

* d

* Address code style and make task live_only

* remove secrets

* rerun tests

---------

Co-authored-by: Saravanan Varadharajan <[email protected]>

Author: trisavo-msft

src/azure-cli-core/azure/cli/core/profiles/_shared.py

@@ -195,7 +195,7 @@ def default_api_version(self):
             'role_definitions': '2022-05-01-preview',
             'provider_operations_metadata': '2018-01-01-preview'
         }),
-        ResourceType.MGMT_CONTAINERREGISTRY: SDKProfile('2023-11-01-preview', {
+        ResourceType.MGMT_CONTAINERREGISTRY: SDKProfile('2024-11-01-preview', {
             'agent_pools': '2019-06-01-preview',
             'tasks': '2019-06-01-preview',
             'task_runs': '2019-06-01-preview',
@@ -439,6 +439,7 @@ def default_api_version(self):
         'VERSION_2021_08_01_PREVIEW': "2021-08-01-preview",
         'VERSION_2022_02_01_PREVIEW': "2022-02-01-preview",
         'VERSION_2023_11_01_PREVIEW': "2023-11-01-preview",
+        'VERSION_2024_11_01_PREVIEW': "2024-11-01-preview",
     },
     ResourceType.MGMT_CONTAINERSERVICE: {
         # src/azure-cli/azure/cli/command_modules/acs/tests/latest/test_custom.py:50

src/azure-cli/azure/cli/command_modules/acr/_client_factory.py

@@ -11,6 +11,7 @@
 VERSION_2021_08_01_PREVIEW = "2021-08-01-preview"
 VERSION_2022_02_01_PREVIEW = "2022-02-01-preview"
 VERSION_2023_01_01_PREVIEW = "2023-01-01-preview"
+VERSION_2024_11_01_PREVIEW = "2024-11-01-preview"
 
 
 def get_acr_service_client(cli_ctx, api_version=None):
@@ -65,15 +66,15 @@ def cf_acr_runs(cli_ctx, *_):
 
 
 def cf_acr_scope_maps(cli_ctx, *_):
-    return get_acr_service_client(cli_ctx, VERSION_2020_11_01_PREVIEW).scope_maps
+    return get_acr_service_client(cli_ctx, VERSION_2024_11_01_PREVIEW).scope_maps
 
 
 def cf_acr_tokens(cli_ctx, *_):
-    return get_acr_service_client(cli_ctx, VERSION_2020_11_01_PREVIEW).tokens
+    return get_acr_service_client(cli_ctx, VERSION_2024_11_01_PREVIEW).tokens
 
 
 def cf_acr_token_credentials(cli_ctx, *_):
-    return get_acr_service_client(cli_ctx, VERSION_2020_11_01_PREVIEW).registries
+    return get_acr_service_client(cli_ctx, VERSION_2024_11_01_PREVIEW).registries
 
 
 def cf_acr_agentpool(cli_ctx, *_):

src/azure-cli/azure/cli/command_modules/acr/_params.py

@@ -73,9 +73,9 @@
 
 def load_arguments(self, _):  # pylint: disable=too-many-statements
     PasswordName, DefaultAction, PolicyStatus, WebhookAction, WebhookStatus, \
-        TokenStatus, ZoneRedundancy = self.get_models(
+        TokenStatus, ZoneRedundancy, AutoGeneratedDomainNameLabelScope = self.get_models(
             'PasswordName', 'DefaultAction', 'PolicyStatus', 'WebhookAction', 'WebhookStatus',
-            'TokenStatus', 'ZoneRedundancy')
+            'TokenStatus', 'ZoneRedundancy', 'AutoGeneratedDomainNameLabelScope')
     TaskStatus, BaseImageTriggerType, SourceRegistryLoginMode, UpdateTriggerPayloadType = self.get_models(
         'TaskStatus', 'BaseImageTriggerType', 'SourceRegistryLoginMode', 'UpdateTriggerPayloadType', operation_group='tasks')
     RunStatus = self.get_models('RunStatus', operation_group='runs')
@@ -121,6 +121,9 @@ def load_arguments(self, _):  # pylint: disable=too-many-statements
     with self.argument_context('acr create') as c:
         c.argument('allow_metadata_search', arg_type=get_three_state_flag(), is_preview=True, help="Enable or disable the metadata-search feature for the registry. If not specified, this is set to disabled by default.")
 
+    with self.argument_context('acr create') as c:
+        c.argument('dnl_scope', options_list=['--dnl-scope'], help='Domain name label scope will add a hash to the resource name. The resulting login server name will be in the format `registryname`-`hash`.azurecr-io. Default is Unsecure.', is_preview=True, arg_type=get_enum_type(AutoGeneratedDomainNameLabelScope))
+
     with self.argument_context('acr update', arg_group='Network Rule') as c:
         c.argument('data_endpoint_enabled', get_three_state_flag(), help="Enable dedicated data endpoint for client firewall configuration")
 
@@ -269,6 +272,7 @@ def load_arguments(self, _):  # pylint: disable=too-many-statements
 
     with self.argument_context('acr check-name') as c:
         c.argument('registry_name', completer=None, validator=None)
+        c.argument('dnl_scope', options_list=['--dnl-scope'], help='Domain name label scope will add a hash to the resource name . The resulting login server name will be in the format `registry-name`-`hash`.azurecr-io. Default is Unsecure.', is_preview=True, arg_type=get_enum_type(AutoGeneratedDomainNameLabelScope))
 
     with self.argument_context('acr webhook') as c:
         c.argument('registry_name', options_list=['--registry', '-r'])

src/azure-cli/azure/cli/command_modules/acr/custom.py

@@ -9,7 +9,7 @@
 import re
 from knack.util import CLIError
 from knack.log import get_logger
-from azure.cli.core.azclierror import InvalidArgumentValueError
+from azure.cli.core.azclierror import InvalidArgumentValueError, RequiredArgumentMissingError
 from azure.cli.core.util import user_confirmation
 from ._constants import get_managed_sku, get_premium_sku
 from ._utils import (
@@ -26,14 +26,26 @@
 DEF_DIAG_SETTINGS_NAME_TEMPLATE = '{}-diagnostic-settings'
 SYSTEM_ASSIGNED_IDENTITY_ALIAS = '[system]'
 DENY_ACTION = 'Deny'
-
-
-def acr_check_name(client, registry_name):
-    registry = {
-        'name': registry_name,
-        'type': 'Microsoft.ContainerRegistry/registries'
-    }
-    return client.check_name_availability(registry)
+DOMAIN_NAME_LABEL_SCOPE_UNSECURE = 'Unsecure'
+DOMAIN_NAME_LABEL_SCOPE_RESOURCE_GROUP_REUSE = 'ResourceGroupReuse'
+
+
+def acr_check_name(cmd, client, registry_name, resource_group_name=None, dnl_scope=DOMAIN_NAME_LABEL_SCOPE_UNSECURE):
+    if dnl_scope.lower() == DOMAIN_NAME_LABEL_SCOPE_RESOURCE_GROUP_REUSE.lower() and resource_group_name is None:
+        raise RequiredArgumentMissingError("Resource group name is required for domain name label scope " +
+                                           DOMAIN_NAME_LABEL_SCOPE_RESOURCE_GROUP_REUSE)
+    domain_name_label_scope = _get_domain_name_label_scope(cmd, dnl_scope)
+    if domain_name_label_scope:
+        RegistryNameCheckRequest = cmd.get_models('RegistryNameCheckRequest')
+        registry_check_name_request = RegistryNameCheckRequest(
+            name=registry_name,
+            type='Microsoft.ContainerRegistry/registries',
+            resource_group_name=resource_group_name,
+            auto_generated_domain_name_label_scope=domain_name_label_scope)
+    else:
+        raise RequiredArgumentMissingError("Invalid domain name label scope. The allowed values are 'Unsecure'," +
+                                           " 'TenantReuse', 'SubscriptionReuse', 'ResourceGroupReuse' or 'NoReuse'.")
+    return client.check_name_availability(registry_check_name_request)
 
 
 def acr_list(client, resource_group_name=None):
@@ -58,7 +70,8 @@ def acr_create(cmd,
                allow_trusted_services=None,
                allow_exports=None,
                tags=None,
-               allow_metadata_search=None):
+               allow_metadata_search=None,
+               dnl_scope=None):
 
     if default_action and sku not in get_premium_sku(cmd):
         raise CLIError(NETWORK_RULE_NOT_SUPPORTED)
@@ -87,6 +100,9 @@ def acr_create(cmd,
     if allow_metadata_search is not None:
         _configure_metadata_search(cmd, registry, allow_metadata_search)
 
+    if dnl_scope is not None:
+        _configure_domain_name_label_scope(cmd, registry, dnl_scope)
+
     _handle_network_bypass(cmd, registry, allow_trusted_services)
     _handle_export_policy(cmd, registry, allow_exports)
 
@@ -630,3 +646,13 @@ def list_private_link_resources(cmd, client, registry_name, resource_group_name=
 def _configure_metadata_search(cmd, registry, enabled):
     MetadataSearch = cmd.get_models('MetadataSearch')
     registry.metadata_search = (MetadataSearch.enabled if enabled else MetadataSearch.disabled)
+
+
+def _configure_domain_name_label_scope(cmd, registry, scope):
+    registry.auto_generated_domain_name_label_scope = _get_domain_name_label_scope(cmd, scope)
+
+
+def _get_domain_name_label_scope(cmd, scope):
+    if DomainNameLabelScope := cmd.get_models('AutoGeneratedDomainNameLabelScope'):
+        return DomainNameLabelScope(scope).value
+    return DOMAIN_NAME_LABEL_SCOPE_UNSECURE