@@ -112,7 +112,7 @@ docker push $ACR_REGISTRY/$ACR_NAMESPACE/$ACR_IMAGE_NAME:$ACR_IMAGE_TAG
112112- Review file: shell-script/generate-service-principal.sh
113113- Update ACR_NAME with your container registry name
114114- Update SERVICE_PRINCIPAL_NAME as desired
115- ### NEW SCRIPT - UPDATED ON 20-OCT-2021
115+ ### NEW SCRIPT - UPDATED ON 22-MAY-2024 - Updated SP_PASSWD with SUBSCRIPTION_ID
116116``` sh
117117#! /bin/bash
118118# This script requires Azure CLI version 2.25.0 or later. Check version with `az --version`.
@@ -132,7 +132,40 @@ ACR_REGISTRY_ID=$(az acr show --name $ACR_NAME --query id --output tsv)
132132# acrpull: pull only
133133# acrpush: push and pull
134134# owner: push, pull, and assign roles
135+ # # IMPORTANT NOTE: REPLACE SUBSCRIPTION_ID with your subscription ID
136+ SP_PASSWD=$( az ad sp create-for-rbac --name $SERVICE_PRINCIPAL_NAME --scopes $ACR_REGISTRY_ID --scope subscriptions/<< SUBSCRIPTION_ID>> --role acrpull --query "password" --output tsv)
137+
138+ SP_APP_ID=$( az ad sp list --display-name $SERVICE_PRINCIPAL_NAME --query [].appId --output tsv)
139+
140+ # Output the service principal's credentials; use these in your services and
141+ # applications to authenticate to the container registry.
142+ echo "Service principal ID: $SP_APP_ID "
143+ echo "Service principal password: $SP_PASSWD "
144+ ` ` `
145+
146+ # ## OLD SCRIPT V2 (BEFORE MAY2024) - NOT VALID - JUST FOR REFERENCE
147+ ` ` `
148+ #!/bin/bash
149+ # This script requires Azure CLI version 2.25.0 or later. Check version with ` az --version`
150+
151+ # Modify for your environment.
152+ # ACR_NAME: The name of your Azure Container Registry
153+ # SERVICE_PRINCIPAL_NAME: Must be unique within your AD tenant
154+ ACR_NAME=acrdemo2ss
155+ SERVICE_PRINCIPAL_NAME=acr-sp-demo
156+
157+ # Obtain the full registry ID for subsequent command args
158+ ACR_REGISTRY_ID=$( az acr show --name $ACR_NAME --query id --output tsv)
159+
160+ # Create the service principal with rights scoped to the registry.
161+ # Default permissions are for docker pull access. Modify the '--role'
162+ # argument value as desired:
163+ # acrpull: pull only
164+ # acrpush: push and pull
165+ # owner: push, pull, and assign roles
166+ ## IMPORTANT NOTE: REPLACE SUBSCRIPTION_ID with your subscription ID
135167SP_PASSWD=$( az ad sp create-for-rbac --name $SERVICE_PRINCIPAL_NAME --scopes $ACR_REGISTRY_ID --role acrpull --query password --output tsv)
168+
136169SP_APP_ID=$( az ad sp list --display-name $SERVICE_PRINCIPAL_NAME --query [].appId --output tsv)
137170
138171# Output the service principal's credentials; use these in your services and
@@ -141,7 +174,7 @@ echo "Service principal ID: $SP_APP_ID"
141174echo "Service principal password: $SP_PASSWD "
142175` ` `
143176
144- ### OLD SCRIPT - NOT VALID - JUST FOR REFERENCE
177+ # ## OLD SCRIPT V1 - NOT VALID - JUST FOR REFERENCE
145178` ` `
146179#!/bin/bash
147180
0 commit comments