Azure · fengzhou-msft · May 15, 2020 · May 12, 2020 · May 12, 2020 · yungezz
@@ -35,7 +35,8 @@
     validate_set,
     validate_set_secret,
     validate_retention_days,
-    validate_registry_name
+    validate_registry_name,
+    validate_expiration_time
 )
 from .scope_map import ScopeMapActions
 
@@ -332,6 +333,11 @@ def load_arguments(self, _):  # pylint: disable=too-many-statements
         c.argument('expiration_in_days', options_list=['--expiration-in-days', c.deprecate(target='--days', redirect='--expiration-in-days', hide=True)],
                    help='Number of days for which the credentials will be valid. If not specified, the expiration will default to the max value "9999-12-31T23:59:59.999999+00:00"', type=int, required=False)
 
+    for scope in ['acr token create', 'acr token credential generate']:
+        with self.argument_context(scope) as c:
+            c.argument('expiration', validator=validate_expiration_time,
+                       help='UTC time for which the credentials will be valid. In the format of %Y-%m-%dT%H:%M:%SZ, e.g. 2025-12-31T12:59:59Z')
+
     with self.argument_context('acr token credential delete') as c:
         c.argument('password1', options_list=['--password1'], help='Flag indicating if first password should be deleted', action='store_true', required=False)
         c.argument('password2', options_list=['--password2'], help='Flag indicating if second password should be deleted.', action='store_true', required=False)

@@ -101,3 +101,14 @@ def validate_registry_name(cmd, namespace):
         if pos > 0:
             logger.warning("The login server endpoint suffix '%s' is automatically omitted.", acr_suffix)
             namespace.registry_name = registry[:pos]
+
+
+def validate_expiration_time(namespace):
+    import datetime
+    DATE_TIME_FORMAT = '%Y-%m-%dT%H:%M:%SZ'
+    if namespace.expiration:
+        try:
+            namespace.expiration = datetime.datetime.strptime(namespace.expiration, DATE_TIME_FORMAT)
+        except ValueError:
+            raise CLIError("Input '{}' is not valid datetime. Valid example: 2025-12-31T12:59:59Z".format(
+                namespace.expiration))
@@ -167,7 +167,7 @@ def load_command_table(self, _):  # pylint: disable=too-many-statements
         g.command('delete', 'acr_delete')
         g.show_command('show', 'acr_show')
         g.command('show-usage', 'acr_show_usage', table_transformer=usage_output_format)
-        g.command('show-endpoints', 'acr_show_endpoints', table_transformer=endpoints_output_format, is_preview=True)
+        g.command('show-endpoints', 'acr_show_endpoints', table_transformer=endpoints_output_format)
         g.generic_update_command('update',
                                  getter_name='acr_update_get',
                                  setter_name='acr_update_set',

@@ -173,6 +173,9 @@ def acr_show_endpoints(cmd,
                 'endpoint': host,
             })
     else:
+        logger.warning('To configure client firewall w/o using wildcard storage blob urls, '
+                       'use "az acr update --name %s --data-endpoint-enabled" to enable dedicated '
+                       'data endpoints.', registry_name)
         from ._client_factory import cf_acr_replications
         replicate_client = cf_acr_replications(cmd.cli_ctx)
         replicates = list(replicate_client.list(resource_group_name, registry_name))

@@ -19,7 +19,8 @@ def test_repository_token_create(self):
             'scope_map': 'scope-map',
             'token': 'acr-token',
             'token2': 'token-2',
-            'token_short_lived': 'token-3'
+            'token_short_lived': 'token-3',
+            'token_long_lived': 'token-4'
         })
         self.cmd('acr create -g {rg} -n {registry} --sku premium')
 
@@ -53,3 +54,6 @@ def test_repository_token_create(self):
         output = self.cmd('acr token create -r {registry} -n {token_short_lived} --repository foo content/read --expiration-in-days 1').get_output_in_json()
         tomorrow = datetime.datetime.strptime(output['credentials']['passwords'][0]['expiry'].split('T')[0], "%Y-%m-%d")
         self.assertEqual(tomorrow - today, datetime.timedelta(1))
+
+        self.cmd('acr token create -r {registry} -n {token_long_lived} --repository foo content/read --expiration 2100-12-31T12:59:59Z',
+                 checks=self.check('credentials.passwords[0].expiry', '2100-12-31T12:59:59+00:00'))
@@ -22,14 +22,17 @@ def acr_token_create(cmd,
                      status=None,
                      resource_group_name=None,
                      no_passwords=None,
+                     expiration=None,
                      expiration_in_days=None):
     from knack.log import get_logger
     from ._utils import get_resource_id_by_registry_name
 
     if bool(repository_actions_list) == bool(scope_map_name):
         raise CLIError("usage error: --repository | --scope-map-name")
-    if no_passwords and expiration_in_days is not None:
-        raise CLIError("usage error: --no-passwords and --expiration-in-days are mutually exclusive.")
+    if no_passwords and (expiration_in_days is not None or expiration is not None):
+        raise CLIError("usage error: --no-passwords and expiration arguments are mutually exclusive.")
+    if expiration_in_days is not None and expiration is not None:
+        raise CLIError("usage error: --expiration and --expiration-in-days are mutually exclusive.")
 
     resource_group_name = get_resource_group_name_by_registry_name(cmd.cli_ctx, registry_name, resource_group_name)
 
@@ -57,7 +60,8 @@ def acr_token_create(cmd,
         return poller
 
     token = LongRunningOperation(cmd.cli_ctx)(poller)
-    _create_default_passwords(cmd, resource_group_name, registry_name, token, logger, expiration_in_days)
+    _create_default_passwords(cmd, resource_group_name, registry_name, token, logger,
+                              expiration_in_days, expiration)
     return token
 
 
@@ -83,12 +87,13 @@ def _create_default_scope_map(cmd, resource_group_name, registry_name, token_nam
     return scope_map.id
 
 
-def _create_default_passwords(cmd, resource_group_name, registry_name, token, logger, expiration_in_days):
+def _create_default_passwords(cmd, resource_group_name, registry_name, token, logger,
+                              expiration_in_days, expiration):
     from ._client_factory import cf_acr_token_credentials, cf_acr_registries
     cred_client = cf_acr_token_credentials(cmd.cli_ctx)
     poller = acr_token_credential_generate(cmd, cred_client, registry_name, token.name,
-                                           password1=True, password2=True, expiration_in_days=expiration_in_days,
-                                           resource_group_name=resource_group_name)
+                                           password1=True, password2=True, resource_group_name=resource_group_name,
+                                           expiration_in_days=expiration_in_days, expiration=expiration)
     credentials = LongRunningOperation(cmd.cli_ctx)(poller)
     setattr(token.credentials, 'username', credentials.username)
     setattr(token.credentials, 'passwords', credentials.passwords)
@@ -184,6 +189,7 @@ def acr_token_credential_generate(cmd,
                                   password1=False,
                                   password2=False,
                                   expiration_in_days=None,
+                                  expiration=None,
                                   resource_group_name=None):
 
     from ._utils import get_resource_id_by_registry_name
@@ -198,6 +204,8 @@ def acr_token_credential_generate(cmd,
     if expiration_in_days:
         from ._utils import add_days_to_now
         expiry = add_days_to_now(expiration_in_days)
+    elif expiration:
+        expiry = expiration
 
     GenerateCredentialsParameters = cmd.get_models('GenerateCredentialsParameters')