Fix all Azure CLI commands used in Tanzu deployer #5585
Conversation
This makes the necessary changes to use use the Docker based CLI also from the Tanzu deployer which was missed in the original change that introduced the Docker based Azure CLI tooling.
pebrc
added
:ci
| "ContainerRegistry": t.acrName, | ||
| }).Run() | ||
| // the Azure CLI image we use does not have a Docker client installed thus we extract a token here ... | ||
| jsonResp, err := azure.Cmd("acr", "login", "--name", t.acrName, "--expose-token"). |
There was a problem hiding this comment.
nit: I wonder if it is possible to avoid --expose-token. I would expect $HOME/.docker/config.json to be updated by az acr login --name REDACTED as it would be by docker login -u .... -p token?
There was a problem hiding this comment.
It does indeed update the docker config but the issue is that inside the Azure CLI container we don't have the Docker tooling so this update fails. We could now of course build our own image for the Azure tools that includes Dockers CLI. Or we could integrate the Azure tools into the Tanzu image we already maintain.
I decided to use the method proposed in this PR because it avoids the additional maintenance burden of another Docker image and the (perceived) security disadvantage seemed acceptable.
There was a problem hiding this comment.
Makes sense, I was wrongly assuming that az could update the credentials without docker.
LGTM overall, I'm giving it a try in Jenkins 🤞
This makes the necessary changes to use use the Docker based CLI also from the Tanzu deployer which was missed in the original change that introduced the Docker based Azure CLI tooling.
This makes the necessary changes to use use the Docker based CLI also from the Tanzu deployer which was missed in the
original change that introduced the Docker based Azure CLI tooling.