This message was deleted.
# general
s
This message was deleted.
a
I tried that too and the API was not available in my region (Canada), so what I did (in the CI) is that I run `docker login <name of my registry>.azurecr.io -u <service principal id that has push write on the registry> -p <service principal password>`then I don't have to get the credentials from the registry and the push can be pushed because docker daemon is logged in to ACR. Locally, I only do
az acr login -n <name of my registry>
and then run pulumi up and because I have push writes to the registry, the image is pushed to the registry
🙏 1
d
I'll give that a shot - I thought that is what the DockerBuild object was trying to do (as I changed over to service principals), but that fails as well. How did you get the SP password out of pulumi, its marked as a secret so unless I make an output and then use pulumi output "myspnpass" --show-secrets not sure how i would get that.
a
It is a service principal that I created with
az ad sp
which is used in my CI pipeline.
but if you create a SP with pulumi you can manage the password and the role assignment:
Copy code
// Create an AD service principal
        var adApp = new Application("aks", new ApplicationArgs
        {
           DisplayName = "aks"
        });
        this.AdApplication = adApp.ApplicationId;

        var adSp = new ServicePrincipal("aksSp", new ServicePrincipalArgs
        {
            ApplicationId = adApp.ApplicationId
        });

        // Create the Service Principal Password
        var adSpPassword = new ServicePrincipalPassword("aksSpPassword", new ServicePrincipalPasswordArgs
        {
            ServicePrincipalId = adSp.Id
        });
        this.AdPassword = adSpPassword.Value;

        _ = new AzureNative.Authorization.RoleAssignment("roleAssignment", new AzureNative.Authorization.RoleAssignmentArgs
        {
            PrincipalId = adSp.Id,
            PrincipalType = "ServicePrincipal",
            RoleDefinitionId = "/providers/Microsoft.Authorization/roleDefinitions/8311e382-0749-4cb8-b61a-304f252e45ec",
            Scope = "/subscriptions/<subscription id>/resourceGroups/<rg of the acr>/providers/Microsoft.ContainerRegistry/registries/<acr name>",
        });
👍 1