Migrate to latest Azure container registry SDK

[akashsinghal]

What would you like to be added?

Ratify’s Azure auth providers rely on a deprecated 2019 preview go sdk to authenticate with the ACR. We should refactor code and migrate to latest SDK.

Anything else you would like to add?

No response

Are you willing to submit PRs to contribute to this feature?

• [X] Yes, I am willing to implement it.

[akashsinghal]

@yizha1 we are blocked by this. Azure sdk for go has limitation on the Refresh Token Client not being exposed on latest sdk. We cannot upgrade to latest stable sdk until this is resolved. We will need to postpone this post GA

[yizha1]

@akashsinghal Thanks for sharing this information. This means we need to keep using the current preview SDK, and figure out the upgrade path or other alternatives to solve this issue. We can discuss it further in the community meeting on 8/16/2023.

[susanshi]

Move to 1.1

[susanshi]

Hi @akashsinghal , for new contributor to ramp up on this. Would you be able to include doc and src code links for the impact code path/user scenario. thanks!

[susanshi]

I believe the impacted code path are in azidentity and azureworkloadidentity. @akashsinghal to confirm if this currently cli or only the k8s scenario

[akashsinghal]

@susanshi this issue is tracking specifically the ACR SDK which is used only by oras workload identity auth provider. This issue is blocked. New versions of SDK do not expose only receiving refresh token for AAD token which is what ORAS requires as input for credential. Until a new version exposes a refresh client, we cannot proceed from Ratify side

https://github.com/oras-project/oras-go/discussions/476