tessl/pypi-azure-mgmt-containerregistry
Microsoft Azure Container Registry Client Library for managing container registries, replications, webhooks, and access control through Azure Resource Manager APIs.
—
Pending
Quality
Pending
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
cache-and-credentials.mddocs/
Cache and Credentials
Cache rule management for upstream registry caching and credential set management for secure authentication to external registries. These features enable efficient content distribution through caching and secure access to upstream registries and external artifact sources.
Capabilities
Cache Rule Management
Create and manage cache rules that define how content from upstream registries is cached locally, improving performance and reducing bandwidth usage.
def begin_create(resource_group_name: str, registry_name: str, cache_rule_name: str, cache_rule_create_parameters: CacheRule, **kwargs) -> LROPoller[CacheRule]:
"""
Create a cache rule for a container registry.
Parameters:
- resource_group_name: str - Name of the resource group
- registry_name: str - Name of the registry
- cache_rule_name: str - Name of the cache rule
- cache_rule_create_parameters: CacheRule - Cache rule configuration
Returns:
LROPoller[CacheRule] - Long-running operation poller for the cache rule
"""
def begin_delete(resource_group_name: str, registry_name: str, cache_rule_name: str, **kwargs) -> LROPoller[None]:
"""
Delete a cache rule from a container registry.
Parameters:
- resource_group_name: str - Name of the resource group
- registry_name: str - Name of the registry
- cache_rule_name: str - Name of the cache rule to delete
Returns:
LROPoller[None] - Long-running operation poller
"""
def begin_update(resource_group_name: str, registry_name: str, cache_rule_name: str, cache_rule_update_parameters: CacheRuleUpdateParameters, **kwargs) -> LROPoller[CacheRule]:
"""
Update a cache rule for a container registry.
Parameters:
- resource_group_name: str - Name of the resource group
- registry_name: str - Name of the registry
- cache_rule_name: str - Name of the cache rule to update
- cache_rule_update_parameters: CacheRuleUpdateParameters - Update parameters
Returns:
LROPoller[CacheRule] - Long-running operation poller for the updated cache rule
"""
def get(resource_group_name: str, registry_name: str, cache_rule_name: str, **kwargs) -> CacheRule:
"""
Get properties of a cache rule.
Parameters:
- resource_group_name: str - Name of the resource group
- registry_name: str - Name of the registry
- cache_rule_name: str - Name of the cache rule
Returns:
CacheRule - Cache rule resource with complete configuration
"""
def list(resource_group_name: str, registry_name: str, **kwargs) -> ItemPaged[CacheRule]:
"""
List all cache rules for a container registry.
Parameters:
- resource_group_name: str - Name of the resource group
- registry_name: str - Name of the registry
Returns:
ItemPaged[CacheRule] - Paginated list of all cache rules for the registry
"""Credential Set Management
Create and manage credential sets that provide secure authentication credentials for accessing external registries and upstream sources.
def begin_create(resource_group_name: str, registry_name: str, credential_set_name: str, credential_set_create_parameters: CredentialSet, **kwargs) -> LROPoller[CredentialSet]:
"""
Create a credential set for a container registry.
Parameters:
- resource_group_name: str - Name of the resource group
- registry_name: str - Name of the registry
- credential_set_name: str - Name of the credential set
- credential_set_create_parameters: CredentialSet - Credential set configuration
Returns:
LROPoller[CredentialSet] - Long-running operation poller for the credential set
"""
def begin_delete(resource_group_name: str, registry_name: str, credential_set_name: str, **kwargs) -> LROPoller[None]:
"""
Delete a credential set from a container registry.
Parameters:
- resource_group_name: str - Name of the resource group
- registry_name: str - Name of the registry
- credential_set_name: str - Name of the credential set to delete
Returns:
LROPoller[None] - Long-running operation poller
"""
def begin_update(resource_group_name: str, registry_name: str, credential_set_name: str, credential_set_update_parameters: CredentialSetUpdateParameters, **kwargs) -> LROPoller[CredentialSet]:
"""
Update a credential set for a container registry.
Parameters:
- resource_group_name: str - Name of the resource group
- registry_name: str - Name of the registry
- credential_set_name: str - Name of the credential set to update
- credential_set_update_parameters: CredentialSetUpdateParameters - Update parameters
Returns:
LROPoller[CredentialSet] - Long-running operation poller for the updated credential set
"""
def get(resource_group_name: str, registry_name: str, credential_set_name: str, **kwargs) -> CredentialSet:
"""
Get properties of a credential set.
Parameters:
- resource_group_name: str - Name of the resource group
- registry_name: str - Name of the registry
- credential_set_name: str - Name of the credential set
Returns:
CredentialSet - Credential set resource with complete configuration
"""
def list(resource_group_name: str, registry_name: str, **kwargs) -> ItemPaged[CredentialSet]:
"""
List all credential sets for a container registry.
Parameters:
- resource_group_name: str - Name of the resource group
- registry_name: str - Name of the registry
Returns:
ItemPaged[CredentialSet] - Paginated list of all credential sets for the registry
"""Core Model Types
CacheRule
class CacheRule:
"""
An object that represents a cache rule for a container registry.
Attributes:
- id: str - Resource ID
- name: str - Resource name
- type: str - Resource type
- provisioning_state: ProvisioningState - Current provisioning state
- source_repository: str - Source repository pattern to cache
- target_repository: str - Target repository in the registry
- credential_set_resource_id: str - Credential set for upstream authentication
- creation_date: datetime - Creation timestamp
"""CacheRuleUpdateParameters
class CacheRuleUpdateParameters:
"""
Parameters for updating a cache rule.
Attributes:
- credential_set_resource_id: str - Credential set resource ID for authentication
"""CredentialSet
class CredentialSet:
"""
An object that represents a credential set for a container registry.
Attributes:
- id: str - Resource ID
- name: str - Resource name
- type: str - Resource type
- identity: IdentityProperties - Managed identity configuration
- provisioning_state: ProvisioningState - Current provisioning state
- login_server: str - Login server URL for the credential set
- auth_credentials: List[AuthCredential] - Authentication credentials
- creation_date: datetime - Creation timestamp
"""CredentialSetUpdateParameters
class CredentialSetUpdateParameters:
"""
Parameters for updating a credential set.
Attributes:
- identity: IdentityProperties - Managed identity configuration
- auth_credentials: List[AuthCredential] - Authentication credentials to update
"""AuthCredential
class AuthCredential:
"""
Authentication credential for external registry access.
Attributes:
- name: CredentialName - Credential name identifier
- username_secret_identifier: str - Key vault secret identifier for username
- password_secret_identifier: str - Key vault secret identifier for password
- credential_health: CredentialHealth - Health status of the credential
"""CredentialHealth
class CredentialHealth:
"""
Health status of a credential.
Attributes:
- status: CredentialHealthStatus - Health status (Healthy, Unhealthy)
- error_code: str - Error code if unhealthy
- error_message: str - Detailed error message
"""Enums
CredentialName
class CredentialName(str, Enum):
"""Credential name identifiers."""
CREDENTIAL1 = "Credential1"CredentialHealthStatus
class CredentialHealthStatus(str, Enum):
"""Credential health status options."""
HEALTHY = "Healthy"
UNHEALTHY = "Unhealthy"ProvisioningState
class ProvisioningState(str, Enum):
"""Provisioning state of a resource."""
CREATING = "Creating"
UPDATING = "Updating"
DELETING = "Deleting"
SUCCEEDED = "Succeeded"
FAILED = "Failed"
CANCELED = "Canceled"Usage Examples
Create Cache Rule for Docker Hub
from azure.mgmt.containerregistry import ContainerRegistryManagementClient
from azure.mgmt.containerregistry.models import CacheRule
from azure.identity import DefaultAzureCredential
client = ContainerRegistryManagementClient(
DefaultAzureCredential(),
"subscription-id"
)
# Create cache rule for caching Docker Hub images
dockerhub_cache_rule = CacheRule(
source_repository="docker.io/library/*", # Cache official Docker Hub images
target_repository="dockerhub-cache/*", # Store in dockerhub-cache namespace
credential_set_resource_id="/subscriptions/sub-id/resourceGroups/rg/providers/Microsoft.ContainerRegistry/registries/my-registry/credentialSets/dockerhub-creds"
)
cache_rule = client.cache_rules.begin_create(
"my-resource-group",
"my-registry",
"dockerhub-cache",
dockerhub_cache_rule
).result()
print(f"Created cache rule: {cache_rule.name}")
print(f"Source: {cache_rule.source_repository}")
print(f"Target: {cache_rule.target_repository}")Create Credential Set for Private Registry
from azure.mgmt.containerregistry.models import (
CredentialSet, AuthCredential, CredentialName, IdentityProperties, ResourceIdentityType
)
# Create credential set for accessing private registry
credential_set_params = CredentialSet(
identity=IdentityProperties(
type=ResourceIdentityType.SYSTEM_ASSIGNED
),
login_server="private-registry.company.com",
auth_credentials=[
AuthCredential(
name=CredentialName.CREDENTIAL1,
username_secret_identifier="https://myvault.vault.azure.net/secrets/registry-username",
password_secret_identifier="https://myvault.vault.azure.net/secrets/registry-password"
)
]
)
credential_set = client.credential_sets.begin_create(
"my-resource-group",
"my-registry",
"private-registry-creds",
credential_set_params
).result()
print(f"Created credential set: {credential_set.name}")
print(f"Login server: {credential_set.login_server}")Set Up Comprehensive Caching Strategy
# Create multiple cache rules for different upstream registries
cache_configurations = [
{
"name": "dockerhub-official",
"source": "docker.io/library/*",
"target": "cache/dockerhub/*",
"credential_set": None # Docker Hub public images
},
{
"name": "mcr-dotnet",
"source": "mcr.microsoft.com/dotnet/*",
"target": "cache/mcr-dotnet/*",
"credential_set": None # Microsoft Container Registry public
},
{
"name": "quay-bitnami",
"source": "quay.io/bitnami/*",
"target": "cache/bitnami/*",
"credential_set": "/subscriptions/sub-id/resourceGroups/rg/providers/Microsoft.ContainerRegistry/registries/my-registry/credentialSets/quay-creds"
},
{
"name": "private-company",
"source": "company-registry.local/*",
"target": "cache/company/*",
"credential_set": "/subscriptions/sub-id/resourceGroups/rg/providers/Microsoft.ContainerRegistry/registries/my-registry/credentialSets/company-creds"
}
]
created_cache_rules = []
for config in cache_configurations:
cache_rule_params = CacheRule(
source_repository=config["source"],
target_repository=config["target"],
credential_set_resource_id=config["credential_set"]
)
cache_rule = client.cache_rules.begin_create(
"my-resource-group",
"my-registry",
config["name"],
cache_rule_params
).result()
created_cache_rules.append(cache_rule)
print(f"Created cache rule '{config['name']}': {config['source']} -> {config['target']}")
print(f"\nTotal cache rules created: {len(created_cache_rules)}")Monitor Credential Health
# List all credential sets and check their health
credential_sets = client.credential_sets.list("my-resource-group", "my-registry")
print("Credential Set Health Report:")
print("-" * 50)
for cred_set in credential_sets:
print(f"Credential Set: {cred_set.name}")
print(f" Login Server: {cred_set.login_server}")
print(f" Provisioning State: {cred_set.provisioning_state}")
if cred_set.auth_credentials:
for auth_cred in cred_set.auth_credentials:
print(f" Credential {auth_cred.name}:")
if auth_cred.credential_health:
print(f" Health: {auth_cred.credential_health.status}")
if auth_cred.credential_health.status == CredentialHealthStatus.UNHEALTHY:
print(f" Error: {auth_cred.credential_health.error_message}")
else:
print(f" Health: Not available")
print()Update Credential Set with New Credentials
from azure.mgmt.containerregistry.models import CredentialSetUpdateParameters
# Update credential set with new Key Vault secret identifiers
update_params = CredentialSetUpdateParameters(
auth_credentials=[
AuthCredential(
name=CredentialName.CREDENTIAL1,
username_secret_identifier="https://myvault.vault.azure.net/secrets/new-registry-username",
password_secret_identifier="https://myvault.vault.azure.net/secrets/new-registry-password"
)
]
)
updated_cred_set = client.credential_sets.begin_update(
"my-resource-group",
"my-registry",
"private-registry-creds",
update_params
).result()
print(f"Updated credential set: {updated_cred_set.name}")
print("New credential identifiers configured")Cache Performance Analysis
def analyze_cache_performance(client, resource_group, registry_name):
"""
Analyze cache rule performance and usage.
"""
cache_rules = list(client.cache_rules.list(resource_group, registry_name))
analysis = {
"total_cache_rules": len(cache_rules),
"active_rules": 0,
"failed_rules": 0,
"rules_by_source": {},
"credential_usage": {}
}
for rule in cache_rules:
# Count by provisioning state
if rule.provisioning_state == ProvisioningState.SUCCEEDED:
analysis["active_rules"] += 1
elif rule.provisioning_state == ProvisioningState.FAILED:
analysis["failed_rules"] += 1
# Group by source domain
source_domain = rule.source_repository.split('/')[0]
if source_domain not in analysis["rules_by_source"]:
analysis["rules_by_source"][source_domain] = []
analysis["rules_by_source"][source_domain].append(rule.name)
# Track credential set usage
if rule.credential_set_resource_id:
cred_set_name = rule.credential_set_resource_id.split('/')[-1]
if cred_set_name not in analysis["credential_usage"]:
analysis["credential_usage"][cred_set_name] = []
analysis["credential_usage"][cred_set_name].append(rule.name)
return analysis
# Analyze cache performance
performance = analyze_cache_performance(
client,
"my-resource-group",
"my-registry"
)
print("Cache Performance Analysis:")
print("=" * 40)
print(f"Total Cache Rules: {performance['total_cache_rules']}")
print(f"Active Rules: {performance['active_rules']}")
print(f"Failed Rules: {performance['failed_rules']}")
print("\nRules by Source Registry:")
for source, rules in performance["rules_by_source"].items():
print(f" {source}: {len(rules)} rules")
print("\nCredential Set Usage:")
for cred_set, rules in performance["credential_usage"].items():
print(f" {cred_set}: used by {len(rules)} rules")Automated Cache Rule Management
def setup_cache_infrastructure(client, resource_group, registry_name, cache_config):
"""
Set up comprehensive cache infrastructure with credential sets and cache rules.
"""
created_resources = {
"credential_sets": [],
"cache_rules": []
}
# Create credential sets first
for cred_config in cache_config.get("credential_sets", []):
credential_set_params = CredentialSet(
identity=IdentityProperties(type=ResourceIdentityType.SYSTEM_ASSIGNED),
login_server=cred_config["login_server"],
auth_credentials=[
AuthCredential(
name=CredentialName.CREDENTIAL1,
username_secret_identifier=cred_config["username_secret"],
password_secret_identifier=cred_config["password_secret"]
)
]
)
cred_set = client.credential_sets.begin_create(
resource_group,
registry_name,
cred_config["name"],
credential_set_params
).result()
created_resources["credential_sets"].append(cred_set)
print(f"Created credential set: {cred_set.name}")
# Create cache rules
for cache_config_rule in cache_config.get("cache_rules", []):
# Build credential set resource ID if specified
credential_set_id = None
if cache_config_rule.get("credential_set"):
credential_set_id = f"/subscriptions/{client._config.subscription_id}/resourceGroups/{resource_group}/providers/Microsoft.ContainerRegistry/registries/{registry_name}/credentialSets/{cache_config_rule['credential_set']}"
cache_rule_params = CacheRule(
source_repository=cache_config_rule["source"],
target_repository=cache_config_rule["target"],
credential_set_resource_id=credential_set_id
)
cache_rule = client.cache_rules.begin_create(
resource_group,
registry_name,
cache_config_rule["name"],
cache_rule_params
).result()
created_resources["cache_rules"].append(cache_rule)
print(f"Created cache rule: {cache_rule.name}")
return created_resources
# Example cache infrastructure configuration
cache_infrastructure_config = {
"credential_sets": [
{
"name": "dockerhub-pro-creds",
"login_server": "registry-1.docker.io",
"username_secret": "https://myvault.vault.azure.net/secrets/dockerhub-username",
"password_secret": "https://myvault.vault.azure.net/secrets/dockerhub-password"
},
{
"name": "quay-creds",
"login_server": "quay.io",
"username_secret": "https://myvault.vault.azure.net/secrets/quay-username",
"password_secret": "https://myvault.vault.azure.net/secrets/quay-password"
}
],
"cache_rules": [
{
"name": "dockerhub-official-cache",
"source": "docker.io/library/*",
"target": "cache/dockerhub-official/*",
"credential_set": None
},
{
"name": "dockerhub-pro-cache",
"source": "docker.io/company/*",
"target": "cache/dockerhub-company/*",
"credential_set": "dockerhub-pro-creds"
},
{
"name": "quay-bitnami-cache",
"source": "quay.io/bitnami/*",
"target": "cache/bitnami/*",
"credential_set": "quay-creds"
}
]
}
# Set up the cache infrastructure
infrastructure = setup_cache_infrastructure(
client,
"my-resource-group",
"my-registry",
cache_infrastructure_config
)
print(f"\nCache infrastructure setup completed:")
print(f" Credential sets: {len(infrastructure['credential_sets'])}")
print(f" Cache rules: {len(infrastructure['cache_rules'])}")Clean Up Cache Resources
# Clean up cache rules and credential sets
def cleanup_cache_resources(client, resource_group, registry_name):
"""
Clean up all cache-related resources.
"""
# Delete all cache rules first
cache_rules = list(client.cache_rules.list(resource_group, registry_name))
for rule in cache_rules:
try:
client.cache_rules.begin_delete(
resource_group,
registry_name,
rule.name
).result()
print(f"Deleted cache rule: {rule.name}")
except Exception as e:
print(f"Failed to delete cache rule {rule.name}: {e}")
# Then delete credential sets
credential_sets = list(client.credential_sets.list(resource_group, registry_name))
for cred_set in credential_sets:
try:
client.credential_sets.begin_delete(
resource_group,
registry_name,
cred_set.name
).result()
print(f"Deleted credential set: {cred_set.name}")
except Exception as e:
print(f"Failed to delete credential set {cred_set.name}: {e}")
# Example cleanup
cleanup_cache_resources(client, "my-resource-group", "my-registry")Install with Tessl CLI
npx tessl i tessl/pypi-azure-mgmt-containerregistry