docker-tools icon indicating copy to clipboard operation
docker-tools copied to clipboard
verified publisher icon dotnet

Authenticate to test ACR for ImageBuilder pulls

Open lbussell opened this issue 10 months ago • 1 comments

At times we want to run experiments with new ImageBuilder features. We can publish to our test ACR, but anonymous pull access is required in order to pull from it during builds. Authenticating to the test ACR during ImageBuilder pulls would eliminate the need for anonymous pull access on the test ACR.

This would require the following:

  • [ ] Create a new Managed Identity with pull access to the test ACR
  • [ ] Create a new service connection for the new MSI
  • [ ] Modify the following call sites to authenticate with the MSI before pulling:

https://github.com/dotnet/docker-tools/blob/6ff28583c6e3ac35f9323325767db15202532be4/eng/common/templates/steps/init-docker-linux.yml#L27-L29

https://github.com/dotnet/docker-tools/blob/6ff28583c6e3ac35f9323325767db15202532be4/eng/common/templates/steps/init-docker-windows.yml#L24-L26

lbussell avatar Mar 10 '25 17:03 lbussell

[Triage] Putting this on the backlog until there's another scenario where we need this.

lbussell avatar Mar 10 '25 18:03 lbussell