bicep icon indicating copy to clipboard operation
bicep copied to clipboard
verified publisher icon Azure

Support token auth in ACR premium

Open majastrz opened this issue 4 years ago • 11 comments

ACR premium supports authenticating via tokens: https://docs.microsoft.com/en-us/azure/container-registry/container-registry-repository-scoped-permissions. We should support that for ACR requests.

majastrz avatar Oct 21 '21 20:10 majastrz

Related to #4884.

majastrz avatar Oct 21 '21 20:10 majastrz

Will this also allow for querying a single ACR instance across tenants? So I create ACR in tenant A, but want to reference in a deployment to tenant B.

alex-frankel avatar Oct 28 '21 15:10 alex-frankel

Yes, that should work. These tokens are really using Basic Authentication, so they wouldn't be tied to any AAD tenant.

majastrz avatar Oct 28 '21 17:10 majastrz

Are there any plan to support generating the actual token credential from bicep too (password1 and password2)? Looks like currently the only available solution is through the CLI.

In my case, I would like to then inject it as a keyvault secret or reuse it to configure other resources.

ggirard07 avatar Nov 16 '21 03:11 ggirard07

hey @alex-frankel any update one this?

PixelRobots avatar May 11 '23 07:05 PixelRobots

@alex-frankel I'm also looking forward to this feature, to use scope maps. Since template spec doesn't work between different tenants...

cedricbraekevelt avatar Sep 25 '23 11:09 cedricbraekevelt

+1. Bicep module restore not working for ACR in another tenant is a major hurdle if you have a dev and prod tenant (private registries for bicep are kinda useless without this IMHO)

quality-leftovers avatar Nov 03 '23 15:11 quality-leftovers

Hey @alex-frankel any update on token support?

PixelRobots avatar Mar 13 '24 10:03 PixelRobots

No major updates, but @sydkar / @majastrz are working out a plan to update the ORAS .NET client such that we can take a dependency on it instead of relying on the ACR SDK which binds us to ACR. We might know more in about a month.

alex-frankel avatar Mar 14 '24 18:03 alex-frankel

Hey, Just wondering if there is any update on this?

PixelRobots avatar Jul 12 '24 09:07 PixelRobots

Any update?

quality-leftovers avatar Aug 13 '24 06:08 quality-leftovers

hey @alex-frankel any update on this at all?

PixelRobots avatar Jan 21 '25 16:01 PixelRobots

No major updates, but @sydkar / @majastrz are working out a plan to update the ORAS .NET client such that we can take a dependency on it instead of relying on the ACR SDK which binds us to ACR. We might know more in about a month.

Hi @alex-frankel I see that the ORAS .Net sdk now supports token based auth https://github.com/oras-project/oras-dotnet/pull/200.

Do we have a rough estimate as when Bicep will support it?

Thanks

PixelRobots avatar Sep 01 '25 07:09 PixelRobots