-
Notifications
You must be signed in to change notification settings - Fork 696
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix all Azure CLI commands used in Tanzu deployer #5585
Conversation
This makes the necessary changes to use use the Docker based CLI also from the Tanzu deployer which was missed in the original change that introduced the Docker based Azure CLI tooling.
"ContainerRegistry": t.acrName, | ||
}).Run() | ||
// the Azure CLI image we use does not have a Docker client installed thus we extract a token here ... | ||
jsonResp, err := azure.Cmd("acr", "login", "--name", t.acrName, "--expose-token"). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: I wonder if it is possible to avoid --expose-token
. I would expect $HOME/.docker/config.json
to be updated by az acr login --name REDACTED
as it would be by docker login -u .... -p token
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It does indeed update the docker config but the issue is that inside the Azure CLI container we don't have the Docker tooling so this update fails. We could now of course build our own image for the Azure tools that includes Dockers CLI. Or we could integrate the Azure tools into the Tanzu image we already maintain.
I decided to use the method proposed in this PR because it avoids the additional maintenance burden of another Docker image and the (perceived) security disadvantage seemed acceptable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes sense, I was wrongly assuming that az
could update the credentials without docker.
LGTM overall, I'm giving it a try in Jenkins 🤞
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍
This makes the necessary changes to use use the Docker based CLI also from the Tanzu deployer which was missed in the original change that introduced the Docker based Azure CLI tooling.
This makes the necessary changes to use use the Docker based CLI also from the Tanzu deployer which was missed in the
original change that introduced the Docker based Azure CLI tooling.