DockerV2 Docker Registry (ACR) Service Connection Problems #11084
Comments
ghost
added
|
@ksix we are working on the feedback to allow re-use of existing service principal under Docker registry service connection |
Any update on this enhancement to allow reuse of existing SPN for ACR Service Connection? |
|
Hi Team , is there any update on this ??? |
|
For mitigation, you could enter those details in |
|
Hi Deepak,
But in that case I am not making a ACR connection .
…On Wed, 13 Nov 2019 at 7:51 AM, Deepak Sattiraju ***@***.***> wrote:
For mitigation, you could enter those details in Other authentication
type.
Where you set the username as your existing service principal id and
password as the service principal key.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#11084?email_source=notifications&email_token=AGNG24HGCJ5WYKBDGNHUOWDQTOPVZA5CNFSM4IJ5O6VKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOED5CRUY#issuecomment-553265363>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AGNG24A2AG2Q6TGLW6HPRS3QTOPVZANCNFSM4IJ5O6VA>
.
|
|
You would if you set the loginServer url to |
|
no it still doesn't work and gives network connection error ##[error]The process '/bin/docker' failed with exit code 1 |
|
@DS-MS your solution works with public agents but we have above issue with private agent |
|
@shashankbarsin @azooinmyluggage is there any update on this? |
|
Allowing the re-use of existing ARM service connections would greatly simplify managing service connections. Can that be an alternate option? Even if it means manually entering the ACR name? If that is not an option, we'll likely be forced to manually do the things this task is doing because that would be less to manage than having to create multiple new service connections for each project, especially considering an existing one already has access. |
|
This issue is stale because it has been open for 180 days with no activity. Remove the stale label or comment on the issue otherwise this will be closed in 5 days |
|
For my use case, SPN's are automatically generated and assigned to my devops project, I dont have access to the raw credentials. I would love to be able to choose an existing SPN to connect to ACR |
|
Fix (credits)
Docker Registry -> https://YOUR_ACR.azurecr.io
|
Required Information
Entering this information will route you directly to the right team and expedite traction.
Question, Bug, or Feature?
Type: Question
Enter Task Name: DockerV2
https://github.com/microsoft/azure-pipelines-tasks/tree/master/Tasks/DockerV2
Issue Description
The requirement to now use the Container Registry Service Connection for Azure Container Registry connections from the DockerV2 task requires the user creating the connection to have both permissions to create a Service Principal and assign it permissions to the ACR itself.
This causes problems for us as we don't want to randomly create ad-hoc Service Principals / Application IDs whenever we want to connect a new service connection. Also the automation which creates the connection will more than likely not have the permissions to do both.
We are currently using V1 which allows usage of a pre-existing Service Principal registered with the AzureRM Service Connection, although I've seen you are moving away from this (#10811), I think this is a major mistake as the majority of the time all services deployed from a pipeline on Azure will be reusing the existing Azure RM service connection.
This causes major headaches if we were to need to maintain a different service connection type every time we need to connect to a different resource type in Azure, which is the logical conclusion of the decision you've made.
There is another request related to this over in the Azure DevOps CLI project here: Azure/azure-devops-cli-extension#706
Can you please fix this in one of these ways (preferred order)?
Thanks for your help with this.
The text was updated successfully, but these errors were encountered: