I need help to create correctly an Azure Devops Service Connection for an Azure Container Registry (ACR) but I have only username and password to login.
I have created the credential with this script:
#!/bin/bash
ACR_NAME=MYACRNAME
SERVICE_PRINCIPAL_NAME=MYACRNAME_PUSH
ACR_REGISTRY_ID=$(az acr show --name $ACR_NAME --query "id" --output tsv)
PASSWORD=$(az ad sp create-for-rbac --name $SERVICE_PRINCIPAL_NAME --scopes $ACR_REGISTRY_ID --role acrpush --query "password" --output tsv)
USER_NAME=$(az ad sp list --display-name $SERVICE_PRINCIPAL_NAME --query "[].appId" --output tsv)
echo "Service principal ID: $USER_NAME"
echo "Service principal password: $PASSWORD"
So I eneded up to create the service connection like the image below. I'm pretty sure my credential are valid but when I tried to run the Docker@2 task I have always the same error:
unauthorized: {"errors":[{"code":"UNAUTHORIZED","message":"authentication required, visit https://aka.ms/acr/authorization for more information."}]}
The pipeline template that uses Docker@2
task is defined.
It is important to say that the login step is successful but the push step fails
parameters:
- name: docker
type: object
default:
repository: ""
tag: ""
registry: ""
steps:
- task: Docker@2
displayName: Registry Login
continueOnError: false
inputs:
command: login
containerRegistry: ${{ parameters.docker.registry }}
- task: Docker@2
displayName: Push Image
continueOnError: false
inputs:
command: push
repository: ${{ parameters.docker.repository }}
containerRegistry: ${{ parameters.docker.registry }}
tags: ${{ parameters.docker.tag }}
Update:
Based on the comments above, you have input the Service Principal Application ID to the Docker ID field.
And the same service principal can work on your local machine with the command: docker push MYACRREPO.azurecr.io/branking:1.0.1
.
It is important to say that the login step is successful but the push step fails
I can reproduce the same situation.
The cause of the issue can be that you need to use lowercase ACR name in the service connection.
For example:
Pushing Docker images to ACR using service connection in Pipeline is case sensitive.
Even though your ACR name is capitalized, the URL has to be lowercased.
For example:
So we need to use lowercase ACR url in Docker Service Connection.