Hi, I'm trying to get pulumi to build a docker image and then publish it to my newly created (in the same stack) ACR instance. The ACR has AdminUserEnable = true, and I figured I might be able to use the code in the pulumi docs (https://www.pulumi.com/blog/build-publish-containers-iac/) to get the credentials, then tag/publish the image. However, when I deploy I get this Diagnostics: pulumipulumiStack (traffic-app-basic): error: Running program 'G:\src\aks-pulumi\infrastructure\bin\Debug\netcoreapp3.1\infrastructure.dll' failed with an unhandled exception: Grpc.Core.RpcException: Status(StatusCode="Unknown", Detail="invocation of azure-nativecontainerregistrygetRegistryCredentials returned an error: request failed /subscriptions/50d3206e-7317-4bce-b8ac-34ac81 4fd0f5/resourceGroups/aksrg-basic9f0f894e/providers/Microsoft.ContainerRegistry/registries/registrybasic303721fe/getCredentials: autorest/azure: Service returned an error. Status=400 Code="NoRegisteredProviderFou nd" Message="No registered resource provider found for location 'switzerlandnorth' and API version '2016-06-27-preview' for type 'registries/GetCredentials'. The supported api-versions are '2016-06-27-preview'. T he supported locations are 'westus, eastus, southcentralus, westeurope'."") at async Task<InvokeResponse> Pulumi.GrpcMonitor.InvokeAsync(InvokeRequest request) at async Task<SerializationResult> Pulumi.Deployment.InvokeRawAsync(string token, SerializationResult argsSerializationResult, InvokeOptions options) at async Task<OutputData<T>> Pulumi.Deployment.RawInvoke<T>(string token, InvokeArgs args, InvokeOptions options) at async Task<OutputData<U>> Pulumi.Output<T>.ApplyHelperAsync<U>(Task<OutputData<T>> dataTask, Func<T, Output<U>> func)

I tried that too and the API was not available in my region (Canada), so what I did (in the CI) is that I run `docker login <name of my registry>.azurecr.io -u <service principal id that has push write on the registry> -p <service principal password>`then I don't have to get the credentials from the registry and the push can be pushed because docker daemon is logged in to ACR. Locally, I only do

az acr login -n <name of my registry>

and then run pulumi up and because I have push writes to the registry, the image is pushed to the registry

I'll give that a shot - I thought that is what the DockerBuild object was trying to do (as I changed over to service principals), but that fails as well. How did you get the SP password out of pulumi, its marked as a secret so unless I make an output and then use pulumi output "myspnpass" --show-secrets not sure how i would get that.

It is a service principal that I created with

az ad sp

which is used in my CI pipeline.