[ACR] Fix: az acr task logs: Enable TLS certificate validation when streaming task and run logs#33486
Open
yuehaoliang wants to merge 1 commit into
Open
[ACR] Fix: az acr task logs: Enable TLS certificate validation when streaming task and run logs#33486yuehaoliang wants to merge 1 commit into
yuehaoliang wants to merge 1 commit into
Conversation
yuehaoliang
requested review from
NoriZC,
teresaritorto and
yanzhudd
as code owners
️✔️AzureCLI-FullTest
|
️✔️AzureCLI-BreakingChangeTest
|
Contributor
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Removes insecure TLS configuration from ACR log streaming requests to ensure HTTPS certificate verification is performed.
Changes:
- Dropped
verify=Falsefrom therequests.get(...)call used to stream artifact logs.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
microsoft-github-policy-service
Bot
requested review from
northtyphoon and
terencet-dev
Collaborator
|
acr |
yuehaoliang
changed the title
yuehaoliang
changed the title
Contributor
Author
|
Hi @yanzhudd |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Related command
az acr task logs, az acr run, az acr build, az acr pack build
Description
Aligns ACR log streaming with the rest of azure-cli by relying on the default TLS behavior
of
requestsin_stream_artifact_logs()(
src/azure-cli/azure/cli/command_modules/acr/_stream_utils.py).No impact on normal users. Users behind a TLS-intercepting corporate proxy can use the
standard
REQUESTS_CA_BUNDLE/CURL_CA_BUNDLEenv vars or install the proxy CA into thesystem trust store — the same configuration already required by other
azcommands.Testing Guide
Activate the dev virtualenv and confirm the editable build is in use:
.\env\Scripts\Activate.ps1
az version
Expected output includes "azure-cli": "2.86.0".
Run the ACR unit tests:
python -m pytest src\azure-cli\azure\cli\command_modules\acr\tests\latest -k "stream or task_logs or run" -q
Expected: all selected tests pass.
End-to-end smoke test against a real registry:
az login
az acr task logs -r --run-id
Expected: logs stream successfully.
History Notes
[ACR]
az acr task logs/az acr run/az acr build: Align log streaming with the default TLS behavior used by the rest of azure-cli.This checklist is used to make sure that common guidelines for a pull request are followed.
The PR title and description has followed the guideline in Submitting Pull Requests.
I adhere to the Command Guidelines.
I adhere to the Error Handling Guidelines.