Introduce support for shelling out to Azure binaries in authentication

Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
2026-02-13 13:06:56 +00:00 · 2025-06-05 19:07:12 +01:00
parent 4c3aed9faf
commit ec3804cc6f
4 changed files with 21 additions and 6 deletions
--- a/cmd/flux/oci.go
+++ b/cmd/flux/oci.go
@@ -23,12 +23,18 @@ import (

 	"github.com/google/go-containerregistry/pkg/crane"

+	"github.com/fluxcd/pkg/auth"
+	"github.com/fluxcd/pkg/auth/azure"
 	authutils "github.com/fluxcd/pkg/auth/utils"
 )

 // loginWithProvider gets a crane authentication option for the given provider and URL.
 func loginWithProvider(ctx context.Context, url, provider string) (crane.Option, error) {
-	authenticator, err := authutils.GetArtifactRegistryCredentials(ctx, provider, url)
+	var opts []auth.Option
+	if provider == azure.ProviderName {
+		opts = append(opts, auth.WithAllowShellOut())
+	}
+	authenticator, err := authutils.GetArtifactRegistryCredentials(ctx, provider, url, opts...)
 	if err != nil {
 		return nil, fmt.Errorf("could not login to provider %s with url %s: %w", provider, url, err)
 	}