https://pulumi.com logo
Title
c

clever-byte-21551

03/20/2021, 8:08 PM
I’m trying to create ACR tokens (preview feature) and generate them passwords I’m getting this error:
pulumi:pulumi:Stack wiz-diskanalyzer-dev_aws_7b976757-b010-44f5-be1b-aa4153b86dbe_global_bootstrap running
 ~  pulumi:providers:azure-native wiz-azure updating [diff: ~clientSecret]
 ~  pulumi:providers:azure-native wiz-azure updated
 +  azure-native:containerregistry/v20201101preview:Token acr-token creating
 +  azure-native:containerregistry/v20201101preview:Token acr-token creating error: Code="PasswordCannotBeAdded" Message="New passwords can be added only through 'generateCredentials'. For more information on repository permissions, please visit <https://aka.ms/acr/repo-permissions>."
 +  azure-native:containerregistry/v20201101preview:Token acr-token **creating failed** error: Code="PasswordCannotBeAdded" Message="New passwords can be added only through 'generateCredentials'. For more information on repository permissions, please visit <https://aka.ms/acr/repo-permissions>."
    pulumi:pulumi:Stack wiz-diskanalyzer-dev_aws_7b976757-b010-44f5-be1b-aa4153b86dbe_global_bootstrap running error: update failed
    pulumi:pulumi:Stack wiz-diskanalyzer-dev_aws_7b976757-b010-44f5-be1b-aa4153b86dbe_global_bootstrap **failed** 1 error

Diagnostics:
  pulumi:pulumi:Stack (wiz-diskanalyzer-dev_aws_7b976757-b010-44f5-be1b-aa4153b86dbe_global_bootstrap):
    error: update failed

  azure-native:containerregistry/v20201101preview:Token (acr-token):
    error: Code="PasswordCannotBeAdded" Message="New passwords can be added only through 'generateCredentials'. For more information on repository permissions, please visit <https://aka.ms/acr/repo-permissions>."
My creation code looks like this:
token, err := acr.NewToken(ctx, "acr-token", &acr.TokenArgs{
		Credentials: &acr.TokenCredentialsPropertiesArgs{
			Passwords: acr.TokenPasswordArray{
				acr.TokenPasswordArgs{
					Name: pulumi.String("password1"),
				},
				acr.TokenPasswordArgs{
					Name: pulumi.String("password2"),
				},
			}},
		RegistryName:      pulumi.String(parsedID.ResourceName),
		ResourceGroupName: pulumi.String(parsedID.ResourceGroup),
		ScopeMapId: pulumi.String(
			fmt.Sprintf(
				"/subscriptions/%s/resourceGroups/%s/providers/Microsoft.ContainerRegistry/registries/%s/scopeMaps/_repositories_push",
				parsedID.SubscriptionID,
				parsedID.ResourceGroup,
				parsedID.ResourceName,
			)),
		TokenName: pulumi.String(fmt.Sprintf("wiz-%s", s.Outpost.GetId())), // must start with a letter
	}, pulumi.Provider(azureProvider))
I’m also not sure how pulumi will manage the passwords - they are returned only once when generated
@tall-librarian-49374 maybe you’ll have an idea, maybe something in the api translation is wrong
t

tall-librarian-49374

03/20/2021, 8:14 PM
I have no idea but the error suggests you shouldn’t specify passwords and they will be auto-generated?
c

clever-byte-21551

03/20/2021, 8:15 PM
they are not generated, even if I generate them externally they are deleted if I run the stack again
the az cli generates them properly when a new token is created
Even if it did work, how pulumi will preserve the initial password value, will it be saved in the stack permanently?
t

tall-librarian-49374

03/20/2021, 9:41 PM
If it’s returned, it will be saved in the resource outputs
Do you know what exactly the CLI does?
c

clever-byte-21551

03/21/2021, 6:34 AM
The CLI is doing two requests, one to create the token object and another one to generate the credentials
t

tall-librarian-49374

03/21/2021, 8:54 AM
So, you likely need to do the same (one resource and one extra request)
c

clever-byte-21551

03/21/2021, 9:52 AM
The thing is the go SDK doesn’t have an api for that (probably because it’s in preview), I can do the HTTP request myself but I was hoping pulumi would be able to simplify things for me
t

tall-librarian-49374

03/21/2021, 10:28 AM
It’s not about preview… generateCredentials is a POST request, we don’t map POSTs to resources (because there’s no get/update/delete for them): https://github.com/Azure/azure-rest-api-specs/blob/master/specification/containerr[…]ainerRegistry/preview/2020-11-01-preview/containerregistry.json