A while earlier, I blogged about developing an Azure Container Windows Registry Service Connection in Azure DevOps, utilizing the UI. In other words, when you do not have direct approval on the Azure membership, the UI in Azure DevOps obstructs you from developing a service connection, due to the fact that there is no manual method of doing that.
My previous post explained how to work around that. Nevertheless, this utilizes the admin user of the ACR. That is not constantly what we desire. At some point we wish to utilize an existing or brand-new ServicePrincipal to offer specific rights
Today I ran in to this issue once again, and now I do not have the admin user. Fortunately for me, we have the REST API, however this not effectively recorded.
The code bit listed below, demonstrates how to develop a ServiceConnection to an ACR utilizing a ServicePrincipal utilizing the REST API
Post the following JSON payload to the endpoint, sending out a legitimate Fundamental Gain access to Token
{
" permission": {
" plan": "ServicePrincipal",.
" criteria": {
" loginServer": "<< ACRSERVER>>. azurecr.io",.
" servicePrincipalId": "<< APPLICATIONid OF SPN>>",.
" tenantId": "<< TENANTID>>",.
" serviceprincipalkey": "<< SPN secret>>".
}
},.
" description": "",.
" name": "Call of Connection",.
" type": "dockerregistry",.
" url": ".
" isShared": incorrect,.
" owner": "library",.
" information": {
" registryId": "/ memberships/<< SUBSCRIPTIONID>>/ resourceGroups/<< RESOURCEGROUP>>/ providers/Microsoft. ContainerRegistry/registries/<< ACRSERVER>>",.
" registrytype": "ACR",.
" spnObjectId": "",.
" subscriptionId": "<< SUBSCRIPTIONID>>",.
" subscriptionName": "<< SUBSCRIPTIONNAME>>".
}
}
This will most likely assist. If you wish to have more REST bits, have a look in my post here.
Source link