Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add auth for ACR to aks_applications #351

Merged
merged 1 commit into from
Apr 21, 2022

Conversation

brk3
Copy link
Contributor

@brk3 brk3 commented Apr 6, 2022

This patch allows the use of ACR as a repository for helm charts.

Example usage:

helm_charts = {
  mychart = {
    name       = "mychart"
    chart      = "mychart"
    namespace  = "default"
    version    = "0.0.1"

    azure_container_registry = {
      lz_key   = "devops"
      key      = "devops_acr"
      username = "00000000-0000-0000-0000-000000000000"
    }
  }
}

Note, the version bump of the helm provider is for the recently added
oci support: hashicorp/terraform-provider-helm#666

PR Checklist


  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • My code follows the code style of this project.
  • I ran lint checks locally prior to submission.
  • Have you checked to ensure there aren't other open Pull Requests for the same update/change?

Description

Does this introduce a breaking change

  • YES
  • NO

Testing

This patch allows the use of ACR as a repository for helm charts.

Example usage:

helm_charts = {
  mychart = {
    name       = "mychart"
    chart      = "mychart"
    namespace  = "default"
    version    = "0.0.1"

    azure_container_registry = {
      lz_key   = "devops"
      key      = "devops_acr"
      username = "00000000-0000-0000-0000-000000000000"
    }
  }
}

Note, the version bump of the helm provider is for the recently added
oci support: hashicorp/terraform-provider-helm#666
Copy link
Contributor

@hieumoscow hieumoscow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What a great add @brk3, I have a slight concern that the ACR access token might be persisted in tfstate. And wonder if we can make this agnostic to OCI registries.
But LGTM for this add, thank you a lot for your contribution

@brk3
Copy link
Contributor Author

brk3 commented Apr 13, 2022

Thanks for reviewing @hieumoscow.

I guess the token will end up in the state, though this is the same as many other resources in CAF? My understanding is it's assumed the state file must be secured for this reason. Unless there's another pattern for supplying the token that you could point me to?

In the mean time I'll work on making it more provider agnostic 👍

@arnaudlh arnaudlh added the enhancement New feature or request label Apr 20, 2022
@arnaudlh arnaudlh added this to the 2204 milestone Apr 21, 2022
@arnaudlh arnaudlh merged commit 2058888 into Azure:main Apr 21, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants