Embrace chaos to achieve stability

Some time in the past, I blogged about creating an Azure Container Registry Service Connection in Azure DevOps, utilizing the UI. In brief, while you don’t have direct permission on the Azure subscription, the UI in Azure DevOps blocks you from making a service connection, as a result of there is no such thing as a handbook manner of doing that.

My earlier submit described tips on how to work round that. However, this makes use of the admin consumer of the ACR. That will not be all the time what we wish. Sometime we need to use an current or new ServicePrincipal to offer express rights

Today I ran in to this downside once more, and now I don’t have the admin consumer. Luckily for me, we have now the REST API, however this not very properly documented.

The code snippet beneath, reveals tips on how to create a ServiceConnection to an ACR utilizing a ServicePrincipal utilizing the REST API

Post the next JSON payload to the endpoint, sending a sound Basic Access Token

    "authorization": {
        "scheme": "ServicePrincipal",
        "parameters": {
            "loginServer": "<ACRSERVER>.azurecr.io",
            "servicePrincipalId": "<APPLICATIONid OF SPN>",
            "tenantId": "<TENANTID>",
            "serviceprincipalkey": "<SPN kEY>"
    "description": "",
    "title": "Name of Connection",
    "sort": "dockerregistry",
    "url": "
    "isShared": false,
    "proprietor": "library",
    "knowledge": {
        "registryId": "/subscriptions/<SUBSCRIPTIONID>/resourceGroups/<RESOURCEGROUP>/suppliers/Microsoft.ContainerRegistry/registries/<ACRSERVER>",
        "registrytype": "ACR",
        "spnObjectId": "",
        "subscriptionId": "<SUBSCRIPTIONID>",
        "subscriptionName": "<SUBSCRIPTIONNAME>"

This will in all probability assist. If you need to have extra REST snippets, have a look in my submit right here.

Source link