From 08761ec6ad07c0acae9537faa9e175f966ea4ffc Mon Sep 17 00:00:00 2001 From: anamnavi Date: Mon, 1 Dec 2025 15:09:33 -0500 Subject: [PATCH 01/11] For Publish operation to ACR, registry should be deemed unauthenticated and non-anonymous access token retrieved --- src/code/ContainerRegistryServerAPICalls.cs | 14 ++++++++------ ...ishPSResourceContainerRegistryServer.Tests.ps1 | 15 +++++++++++++++ 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/src/code/ContainerRegistryServerAPICalls.cs b/src/code/ContainerRegistryServerAPICalls.cs index ff3445ac3..79c5cbd7f 100644 --- a/src/code/ContainerRegistryServerAPICalls.cs +++ b/src/code/ContainerRegistryServerAPICalls.cs @@ -332,7 +332,7 @@ private Stream InstallVersion( return null; } - string containerRegistryAccessToken = GetContainerRegistryAccessToken(needCatalogAccess: false, out errRecord); + string containerRegistryAccessToken = GetContainerRegistryAccessToken(needCatalogAccess: false, isPushOperation: false, out errRecord); if (errRecord != null) { return null; @@ -380,7 +380,7 @@ private Stream InstallVersion( /// If no credential provided at registration then, check if the ACR endpoint can be accessed without a token. If not, try using Azure.Identity to get the az access token, then ACR refresh token and then ACR access token. /// Note: Access token can be empty if the repository is unauthenticated /// - internal string GetContainerRegistryAccessToken(bool needCatalogAccess, out ErrorRecord errRecord) + internal string GetContainerRegistryAccessToken(bool needCatalogAccess, bool isPushOperation, out ErrorRecord errRecord) { _cmdletPassedIn.WriteDebug("In ContainerRegistryServerAPICalls::GetContainerRegistryAccessToken()"); string accessToken = string.Empty; @@ -408,7 +408,9 @@ internal string GetContainerRegistryAccessToken(bool needCatalogAccess, out Erro } else { - bool isRepositoryUnauthenticated = IsContainerRegistryUnauthenticated(Repository.Uri.ToString(), needCatalogAccess, out errRecord, out accessToken); + bool isRepositoryUnauthenticated = isPushOperation ? false : IsContainerRegistryUnauthenticated(Repository.Uri.ToString(), needCatalogAccess, out errRecord, out accessToken); + _cmdletPassedIn.WriteInformation($"Value of isRepositoryUnauthenticated: {isRepositoryUnauthenticated}", new string[] { "PSRGContainerRegistryUnauthenticatedCheck" }); + _cmdletPassedIn.WriteDebug($"Is repository unauthenticated: {isRepositoryUnauthenticated}"); if (errRecord != null) @@ -1330,7 +1332,7 @@ internal bool PushNupkgContainerRegistry( // Get access token (includes refresh tokens) _cmdletPassedIn.WriteVerbose($"Get access token for container registry server."); - var containerRegistryAccessToken = GetContainerRegistryAccessToken(needCatalogAccess: false, out errRecord); + var containerRegistryAccessToken = GetContainerRegistryAccessToken(needCatalogAccess: false, isPushOperation: true, out errRecord); if (errRecord != null) { return false; @@ -1795,7 +1797,7 @@ private Hashtable[] FindPackagesWithVersionHelper(string packageName, VersionTyp string packageNameLowercase = packageName.ToLower(); string packageNameForFind = PrependMARPrefix(packageNameLowercase); - string containerRegistryAccessToken = GetContainerRegistryAccessToken(needCatalogAccess: false, out errRecord); + string containerRegistryAccessToken = GetContainerRegistryAccessToken(needCatalogAccess: false, isPushOperation: false,out errRecord); if (errRecord != null) { return emptyHashResponses; @@ -1907,7 +1909,7 @@ private FindResults FindPackages(string packageName, bool includePrerelease, out { _cmdletPassedIn.WriteDebug("In ContainerRegistryServerAPICalls::FindPackages()"); errRecord = null; - string containerRegistryAccessToken = GetContainerRegistryAccessToken(needCatalogAccess: true, out errRecord); + string containerRegistryAccessToken = GetContainerRegistryAccessToken(needCatalogAccess: true, isPushOperation: false, out errRecord); if (errRecord != null) { return emptyResponseResults; diff --git a/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 b/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 index 9714a627c..4764f68b9 100644 --- a/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 +++ b/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 @@ -568,6 +568,21 @@ Describe "Test Publish-PSResource" -tags 'CI' { $results[0].Name | Should -Be $packageName $results[0].Version | Should -Be $version } + + It "Publish a package should always require authentication" { + $version = "1.0.0" + New-ModuleManifest -Path (Join-Path -Path $script:PublishModuleBase -ChildPath "$script:PublishModuleName.psd1") -ModuleVersion $version -Description "$script:PublishModuleName module" + + Publish-PSResource -Path $script:PublishModuleBase -Repository $ACRRepoName -InformationVariable isRegistryUnauthenticated + + $results = Find-PSResource -Name $script:PublishModuleName -Repository $ACRRepoName + $results | Should -Not -BeNullOrEmpty + $results[0].Name | Should -Be $script:PublishModuleName + $results[0].Version | Should -Be $version + + $isRegistryUnauthenticated | Should -Be "Value of isRepositoryUnauthenticated: False" + $isRegistryUnauthenticated[0].Tags | Should -Be "PSRGContainerRegistryUnauthenticatedCheck" + } } Describe 'Test Publish-PSResource for MAR Repository' -tags 'CI' { From bf3ffea386445d931dca3fb8b42a168a43f4358b Mon Sep 17 00:00:00 2001 From: anamnavi Date: Mon, 1 Dec 2025 20:32:18 -0500 Subject: [PATCH 02/11] fix version in test --- .../PublishPSResourceContainerRegistryServer.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 b/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 index 4764f68b9..e01fc5b08 100644 --- a/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 +++ b/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 @@ -570,7 +570,7 @@ Describe "Test Publish-PSResource" -tags 'CI' { } It "Publish a package should always require authentication" { - $version = "1.0.0" + $version = "15.0.0" New-ModuleManifest -Path (Join-Path -Path $script:PublishModuleBase -ChildPath "$script:PublishModuleName.psd1") -ModuleVersion $version -Description "$script:PublishModuleName module" Publish-PSResource -Path $script:PublishModuleBase -Repository $ACRRepoName -InformationVariable isRegistryUnauthenticated From 3ef3f9186fa87105f2280195953139f84af182ca Mon Sep 17 00:00:00 2001 From: anamnavi Date: Mon, 1 Dec 2025 21:09:58 -0500 Subject: [PATCH 03/11] fix InformationVariable property accessed in test --- .../PublishPSResourceContainerRegistryServer.Tests.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 b/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 index e01fc5b08..282b946d6 100644 --- a/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 +++ b/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 @@ -573,15 +573,15 @@ Describe "Test Publish-PSResource" -tags 'CI' { $version = "15.0.0" New-ModuleManifest -Path (Join-Path -Path $script:PublishModuleBase -ChildPath "$script:PublishModuleName.psd1") -ModuleVersion $version -Description "$script:PublishModuleName module" - Publish-PSResource -Path $script:PublishModuleBase -Repository $ACRRepoName -InformationVariable isRegistryUnauthenticated + Publish-PSResource -Path $script:PublishModuleBase -Repository $ACRRepoName -InformationVariable RegistryAuthenticated $results = Find-PSResource -Name $script:PublishModuleName -Repository $ACRRepoName $results | Should -Not -BeNullOrEmpty $results[0].Name | Should -Be $script:PublishModuleName $results[0].Version | Should -Be $version - $isRegistryUnauthenticated | Should -Be "Value of isRepositoryUnauthenticated: False" - $isRegistryUnauthenticated[0].Tags | Should -Be "PSRGContainerRegistryUnauthenticatedCheck" + $RegistryAuthenticated[0].MessageData | Should -Be "Value of isRepositoryUnauthenticated: False" + $RegistryAuthenticated[0].Tags | Should -Be "PSRGContainerRegistryUnauthenticatedCheck" } } From f92f24585d83531b7ab7642feec8191331794bb0 Mon Sep 17 00:00:00 2001 From: anamnavi Date: Mon, 1 Dec 2025 22:06:54 -0500 Subject: [PATCH 04/11] check tags first --- ...SResourceContainerRegistryServer.Tests.ps1 | 31 ++++++++++--------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 b/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 index 282b946d6..4264f31be 100644 --- a/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 +++ b/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 @@ -346,6 +346,22 @@ Describe "Test Publish-PSResource" -tags 'CI' { $results[0].Version | Should -Be $correctVersion } + It "Publish a package should always require authentication" { + $version = "15.0.0" + New-ModuleManifest -Path (Join-Path -Path $script:PublishModuleBase -ChildPath "$script:PublishModuleName.psd1") -ModuleVersion $version -Description "$script:PublishModuleName module" + + Publish-PSResource -Path $script:PublishModuleBase -Repository $ACRRepoName -InformationVariable RegistryAuthenticated + + $results = Find-PSResource -Name $script:PublishModuleName -Repository $ACRRepoName + $results | Should -Not -BeNullOrEmpty + $results[0].Name | Should -Be $script:PublishModuleName + $results[0].Version | Should -Be $version + + Write-Verbose -Verbose "obj: $RegistryAuthenticated" + $RegistryAuthenticated[0].Tags | Should -Be "PSRGContainerRegistryUnauthenticatedCheck" + $RegistryAuthenticated[0].MessageData | Should -Be "Value of isRepositoryUnauthenticated: False" + } + It "Publish a script"{ $scriptVersion = "1.0.0" $params = @{ @@ -568,21 +584,6 @@ Describe "Test Publish-PSResource" -tags 'CI' { $results[0].Name | Should -Be $packageName $results[0].Version | Should -Be $version } - - It "Publish a package should always require authentication" { - $version = "15.0.0" - New-ModuleManifest -Path (Join-Path -Path $script:PublishModuleBase -ChildPath "$script:PublishModuleName.psd1") -ModuleVersion $version -Description "$script:PublishModuleName module" - - Publish-PSResource -Path $script:PublishModuleBase -Repository $ACRRepoName -InformationVariable RegistryAuthenticated - - $results = Find-PSResource -Name $script:PublishModuleName -Repository $ACRRepoName - $results | Should -Not -BeNullOrEmpty - $results[0].Name | Should -Be $script:PublishModuleName - $results[0].Version | Should -Be $version - - $RegistryAuthenticated[0].MessageData | Should -Be "Value of isRepositoryUnauthenticated: False" - $RegistryAuthenticated[0].Tags | Should -Be "PSRGContainerRegistryUnauthenticatedCheck" - } } Describe 'Test Publish-PSResource for MAR Repository' -tags 'CI' { From a20c753a18efc5a7b8a42b05269fa317aa9202a9 Mon Sep 17 00:00:00 2001 From: anamnavi Date: Tue, 2 Dec 2025 10:19:43 -0500 Subject: [PATCH 05/11] log more info --- .../PublishPSResourceContainerRegistryServer.Tests.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 b/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 index 4264f31be..93f670484 100644 --- a/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 +++ b/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 @@ -352,12 +352,12 @@ Describe "Test Publish-PSResource" -tags 'CI' { Publish-PSResource -Path $script:PublishModuleBase -Repository $ACRRepoName -InformationVariable RegistryAuthenticated - $results = Find-PSResource -Name $script:PublishModuleName -Repository $ACRRepoName + $results = Find-PSResource -Name $script:PublishModuleName -Repository $ACRRepoName -InformationVariable FindRegistryAuthenticated $results | Should -Not -BeNullOrEmpty $results[0].Name | Should -Be $script:PublishModuleName $results[0].Version | Should -Be $version - Write-Verbose -Verbose "obj: $RegistryAuthenticated" + Write-Verbose -Verbose "obj: $RegistryAuthenticated, preference: $InformationPreference, find: $FindRegistryAuthenticated" $RegistryAuthenticated[0].Tags | Should -Be "PSRGContainerRegistryUnauthenticatedCheck" $RegistryAuthenticated[0].MessageData | Should -Be "Value of isRepositoryUnauthenticated: False" } From 2cd64c8d191dd10474fcb570044bd15d4d8e8bb4 Mon Sep 17 00:00:00 2001 From: anamnavi Date: Tue, 2 Dec 2025 14:33:56 -0500 Subject: [PATCH 06/11] capture information record output from appropriate stream --- .../PublishPSResourceContainerRegistryServer.Tests.ps1 | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 b/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 index 93f670484..f43d0ced5 100644 --- a/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 +++ b/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 @@ -350,16 +350,15 @@ Describe "Test Publish-PSResource" -tags 'CI' { $version = "15.0.0" New-ModuleManifest -Path (Join-Path -Path $script:PublishModuleBase -ChildPath "$script:PublishModuleName.psd1") -ModuleVersion $version -Description "$script:PublishModuleName module" - Publish-PSResource -Path $script:PublishModuleBase -Repository $ACRRepoName -InformationVariable RegistryAuthenticated + $infoRecord = & { Publish-PSResource -Path $script:PublishModuleBase -Repository $ACRRepoName 6>&1 } | Where-Object { $_ -is [System.Management.Automation.InformationRecord] } $results = Find-PSResource -Name $script:PublishModuleName -Repository $ACRRepoName -InformationVariable FindRegistryAuthenticated $results | Should -Not -BeNullOrEmpty $results[0].Name | Should -Be $script:PublishModuleName $results[0].Version | Should -Be $version - Write-Verbose -Verbose "obj: $RegistryAuthenticated, preference: $InformationPreference, find: $FindRegistryAuthenticated" - $RegistryAuthenticated[0].Tags | Should -Be "PSRGContainerRegistryUnauthenticatedCheck" - $RegistryAuthenticated[0].MessageData | Should -Be "Value of isRepositoryUnauthenticated: False" + $infoRecord[0].Tags | Should -Be "PSRGContainerRegistryUnauthenticatedCheck" + $infoRecord[0].MessageData | Should -Be "Value of isRepositoryUnauthenticated: False" } It "Publish a script"{ From d53f564abe1e00e10f3644b27d140201e4ce820e Mon Sep 17 00:00:00 2001 From: anamnavi Date: Tue, 2 Dec 2025 15:07:31 -0500 Subject: [PATCH 07/11] add pester test clause for informationRecord not being null --- .../PublishPSResourceContainerRegistryServer.Tests.ps1 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 b/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 index f43d0ced5..1b774b91f 100644 --- a/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 +++ b/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 @@ -351,8 +351,10 @@ Describe "Test Publish-PSResource" -tags 'CI' { New-ModuleManifest -Path (Join-Path -Path $script:PublishModuleBase -ChildPath "$script:PublishModuleName.psd1") -ModuleVersion $version -Description "$script:PublishModuleName module" $infoRecord = & { Publish-PSResource -Path $script:PublishModuleBase -Repository $ACRRepoName 6>&1 } | Where-Object { $_ -is [System.Management.Automation.InformationRecord] } + $infoRecord | Should -Not -BeNullOrEmpty - $results = Find-PSResource -Name $script:PublishModuleName -Repository $ACRRepoName -InformationVariable FindRegistryAuthenticated + + $results = Find-PSResource -Name $script:PublishModuleName -Repository $ACRRepoName $results | Should -Not -BeNullOrEmpty $results[0].Name | Should -Be $script:PublishModuleName $results[0].Version | Should -Be $version From 8d089b2691464293412d70dfb31bdfd826fd9226 Mon Sep 17 00:00:00 2001 From: anamnavi Date: Wed, 3 Dec 2025 18:55:18 -0500 Subject: [PATCH 08/11] set internal hook to check when registry may be unauthenticated and conditionally check for it --- src/code/ContainerRegistryServerAPICalls.cs | 2 ++ src/code/InternalHooks.cs | 14 ++++++++++++++ ...ishPSResourceContainerRegistryServer.Tests.ps1 | 15 +++++++++++---- 3 files changed, 27 insertions(+), 4 deletions(-) diff --git a/src/code/ContainerRegistryServerAPICalls.cs b/src/code/ContainerRegistryServerAPICalls.cs index 79c5cbd7f..3f5826ba0 100644 --- a/src/code/ContainerRegistryServerAPICalls.cs +++ b/src/code/ContainerRegistryServerAPICalls.cs @@ -409,6 +409,8 @@ internal string GetContainerRegistryAccessToken(bool needCatalogAccess, bool isP else { bool isRepositoryUnauthenticated = isPushOperation ? false : IsContainerRegistryUnauthenticated(Repository.Uri.ToString(), needCatalogAccess, out errRecord, out accessToken); + InternalHooks.SetTestHook("IsRegistryUnauthenticatedCheckRequired", true); + InternalHooks.SetTestHook("IsRegistryUnauthenticated", isRepositoryUnauthenticated); _cmdletPassedIn.WriteInformation($"Value of isRepositoryUnauthenticated: {isRepositoryUnauthenticated}", new string[] { "PSRGContainerRegistryUnauthenticatedCheck" }); _cmdletPassedIn.WriteDebug($"Is repository unauthenticated: {isRepositoryUnauthenticated}"); diff --git a/src/code/InternalHooks.cs b/src/code/InternalHooks.cs index 99d6104ce..aaa1e4709 100644 --- a/src/code/InternalHooks.cs +++ b/src/code/InternalHooks.cs @@ -17,6 +17,10 @@ public class InternalHooks internal static string MARPrefix; + internal static bool IsRegistryUnauthenticatedCheckRequired; + + internal static bool IsRegistryUnauthenticated; + public static void SetTestHook(string property, object value) { var fieldInfo = typeof(InternalHooks).GetField(property, BindingFlags.Static | BindingFlags.NonPublic); @@ -27,5 +31,15 @@ public static string GetUserString() { return Microsoft.PowerShell.PSResourceGet.Cmdlets.UserAgentInfo.UserAgentString(); } + + public static bool? GetRegistryAuthenticationStatus() + { + if (IsRegistryUnauthenticatedCheckRequired) + { + return IsRegistryUnauthenticated; + } + + return null; + } } } diff --git a/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 b/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 index 1b774b91f..21301d93e 100644 --- a/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 +++ b/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 @@ -351,16 +351,23 @@ Describe "Test Publish-PSResource" -tags 'CI' { New-ModuleManifest -Path (Join-Path -Path $script:PublishModuleBase -ChildPath "$script:PublishModuleName.psd1") -ModuleVersion $version -Description "$script:PublishModuleName module" $infoRecord = & { Publish-PSResource -Path $script:PublishModuleBase -Repository $ACRRepoName 6>&1 } | Where-Object { $_ -is [System.Management.Automation.InformationRecord] } - $infoRecord | Should -Not -BeNullOrEmpty - $results = Find-PSResource -Name $script:PublishModuleName -Repository $ACRRepoName $results | Should -Not -BeNullOrEmpty $results[0].Name | Should -Be $script:PublishModuleName $results[0].Version | Should -Be $version - $infoRecord[0].Tags | Should -Be "PSRGContainerRegistryUnauthenticatedCheck" - $infoRecord[0].MessageData | Should -Be "Value of isRepositoryUnauthenticated: False" + $isRegistryUnauthenticatedCheckRequired = [Microsoft.PowerShell.PSResourceGet.UtilClasses.InternalHooks]::GetRegistryAuthenticationStatus() + if ($isRegistryUnauthenticatedCheckRequired -ne $null) + { + $infoRecord | Should -Not -BeNullOrEmpty + $infoRecord[0].Tags | Should -Be "PSRGContainerRegistryUnauthenticatedCheck" + $infoRecord[0].MessageData | Should -Be "Value of isRepositoryUnauthenticated: $isRegistryUnauthenticatedCheckRequired" + + # Reset the test hook after use + [Microsoft.PowerShell.PSResourceGet.UtilClasses.InternalHooks]::SetTestHook("IsRegistryUnauthenticatedCheckRequired", $false) + [Microsoft.PowerShell.PSResourceGet.UtilClasses.InternalHooks]::SetTestHook("IsRegistryUnauthenticated", $false) + } } It "Publish a script"{ From 90d3d4deb0556764ec643fecdd550bc7e2aec6d3 Mon Sep 17 00:00:00 2001 From: anamnavi Date: Thu, 4 Dec 2025 09:43:27 -0500 Subject: [PATCH 09/11] simply use azAuth indicator bool to check infoRecord --- src/code/ContainerRegistryServerAPICalls.cs | 2 -- src/code/InternalHooks.cs | 14 -------------- ...lishPSResourceContainerRegistryServer.Tests.ps1 | 7 +------ 3 files changed, 1 insertion(+), 22 deletions(-) diff --git a/src/code/ContainerRegistryServerAPICalls.cs b/src/code/ContainerRegistryServerAPICalls.cs index 3f5826ba0..79c5cbd7f 100644 --- a/src/code/ContainerRegistryServerAPICalls.cs +++ b/src/code/ContainerRegistryServerAPICalls.cs @@ -409,8 +409,6 @@ internal string GetContainerRegistryAccessToken(bool needCatalogAccess, bool isP else { bool isRepositoryUnauthenticated = isPushOperation ? false : IsContainerRegistryUnauthenticated(Repository.Uri.ToString(), needCatalogAccess, out errRecord, out accessToken); - InternalHooks.SetTestHook("IsRegistryUnauthenticatedCheckRequired", true); - InternalHooks.SetTestHook("IsRegistryUnauthenticated", isRepositoryUnauthenticated); _cmdletPassedIn.WriteInformation($"Value of isRepositoryUnauthenticated: {isRepositoryUnauthenticated}", new string[] { "PSRGContainerRegistryUnauthenticatedCheck" }); _cmdletPassedIn.WriteDebug($"Is repository unauthenticated: {isRepositoryUnauthenticated}"); diff --git a/src/code/InternalHooks.cs b/src/code/InternalHooks.cs index aaa1e4709..99d6104ce 100644 --- a/src/code/InternalHooks.cs +++ b/src/code/InternalHooks.cs @@ -17,10 +17,6 @@ public class InternalHooks internal static string MARPrefix; - internal static bool IsRegistryUnauthenticatedCheckRequired; - - internal static bool IsRegistryUnauthenticated; - public static void SetTestHook(string property, object value) { var fieldInfo = typeof(InternalHooks).GetField(property, BindingFlags.Static | BindingFlags.NonPublic); @@ -31,15 +27,5 @@ public static string GetUserString() { return Microsoft.PowerShell.PSResourceGet.Cmdlets.UserAgentInfo.UserAgentString(); } - - public static bool? GetRegistryAuthenticationStatus() - { - if (IsRegistryUnauthenticatedCheckRequired) - { - return IsRegistryUnauthenticated; - } - - return null; - } } } diff --git a/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 b/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 index 21301d93e..6843768d9 100644 --- a/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 +++ b/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 @@ -357,16 +357,11 @@ Describe "Test Publish-PSResource" -tags 'CI' { $results[0].Name | Should -Be $script:PublishModuleName $results[0].Version | Should -Be $version - $isRegistryUnauthenticatedCheckRequired = [Microsoft.PowerShell.PSResourceGet.UtilClasses.InternalHooks]::GetRegistryAuthenticationStatus() - if ($isRegistryUnauthenticatedCheckRequired -ne $null) + if ($usingAzAuth) { $infoRecord | Should -Not -BeNullOrEmpty $infoRecord[0].Tags | Should -Be "PSRGContainerRegistryUnauthenticatedCheck" $infoRecord[0].MessageData | Should -Be "Value of isRepositoryUnauthenticated: $isRegistryUnauthenticatedCheckRequired" - - # Reset the test hook after use - [Microsoft.PowerShell.PSResourceGet.UtilClasses.InternalHooks]::SetTestHook("IsRegistryUnauthenticatedCheckRequired", $false) - [Microsoft.PowerShell.PSResourceGet.UtilClasses.InternalHooks]::SetTestHook("IsRegistryUnauthenticated", $false) } } From b1c100594aa111fad15fbbaf6d546855e9928c47 Mon Sep 17 00:00:00 2001 From: anamnavi Date: Thu, 4 Dec 2025 11:02:11 -0500 Subject: [PATCH 10/11] fix test expected result --- .../PublishPSResourceContainerRegistryServer.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 b/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 index 6843768d9..d720b84c6 100644 --- a/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 +++ b/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 @@ -361,7 +361,7 @@ Describe "Test Publish-PSResource" -tags 'CI' { { $infoRecord | Should -Not -BeNullOrEmpty $infoRecord[0].Tags | Should -Be "PSRGContainerRegistryUnauthenticatedCheck" - $infoRecord[0].MessageData | Should -Be "Value of isRepositoryUnauthenticated: $isRegistryUnauthenticatedCheckRequired" + $infoRecord[0].MessageData | Should -Be "Value of isRepositoryUnauthenticated: False" } } From 10bb9a82d484e94afc1dfe7a3959b092a36bd923 Mon Sep 17 00:00:00 2001 From: anamnavi Date: Thu, 4 Dec 2025 13:29:08 -0500 Subject: [PATCH 11/11] address feedback - add comment and use InformationVariable in test --- src/code/ContainerRegistryServerAPICalls.cs | 1 + .../PublishPSResourceContainerRegistryServer.Tests.ps1 | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/code/ContainerRegistryServerAPICalls.cs b/src/code/ContainerRegistryServerAPICalls.cs index 79c5cbd7f..9c17c0db0 100644 --- a/src/code/ContainerRegistryServerAPICalls.cs +++ b/src/code/ContainerRegistryServerAPICalls.cs @@ -408,6 +408,7 @@ internal string GetContainerRegistryAccessToken(bool needCatalogAccess, bool isP } else { + // A container registry repository is determined to be unauthenticated if it allows anonymous pull access. However, push operations always require authentication. bool isRepositoryUnauthenticated = isPushOperation ? false : IsContainerRegistryUnauthenticated(Repository.Uri.ToString(), needCatalogAccess, out errRecord, out accessToken); _cmdletPassedIn.WriteInformation($"Value of isRepositoryUnauthenticated: {isRepositoryUnauthenticated}", new string[] { "PSRGContainerRegistryUnauthenticatedCheck" }); diff --git a/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 b/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 index d720b84c6..bd59d69d0 100644 --- a/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 +++ b/test/PublishPSResourceTests/PublishPSResourceContainerRegistryServer.Tests.ps1 @@ -350,7 +350,7 @@ Describe "Test Publish-PSResource" -tags 'CI' { $version = "15.0.0" New-ModuleManifest -Path (Join-Path -Path $script:PublishModuleBase -ChildPath "$script:PublishModuleName.psd1") -ModuleVersion $version -Description "$script:PublishModuleName module" - $infoRecord = & { Publish-PSResource -Path $script:PublishModuleBase -Repository $ACRRepoName 6>&1 } | Where-Object { $_ -is [System.Management.Automation.InformationRecord] } + Publish-PSResource -Path $script:PublishModuleBase -Repository $ACRRepoName -InformationVariable RegistryUnauthenticated $results = Find-PSResource -Name $script:PublishModuleName -Repository $ACRRepoName $results | Should -Not -BeNullOrEmpty @@ -359,9 +359,9 @@ Describe "Test Publish-PSResource" -tags 'CI' { if ($usingAzAuth) { - $infoRecord | Should -Not -BeNullOrEmpty - $infoRecord[0].Tags | Should -Be "PSRGContainerRegistryUnauthenticatedCheck" - $infoRecord[0].MessageData | Should -Be "Value of isRepositoryUnauthenticated: False" + $RegistryUnauthenticated | Should -Not -BeNullOrEmpty + $RegistryUnauthenticated[0].Tags | Should -Be "PSRGContainerRegistryUnauthenticatedCheck" + $RegistryUnauthenticated[0].MessageData | Should -Be "Value of isRepositoryUnauthenticated: False" } }