Last active
June 19, 2023 01:11
-
-
Save toddysm/4b34220dfaffa8ab4c3288e02e5ceb16 to your computer and use it in GitHub Desktop.
Authenticating with Azure Container Registry (ACR)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# As per the instructions at https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md | |
# Prep: Set env variables | |
registry="<USE_YOUR_REGISTRY_HERE>" | |
tenant="<USE_YOUR_TENANT_HERE>" | |
subscription="<USE_YOUR_SUBSCRIPTION_HERE>" | |
scope="registry:catalog:*" | |
# Step 1: Get AAD access token | |
aad_access_token=`az account get-access-token --subscription $subscription --query "accessToken" --output tsv` | |
echo $aad_access_token | |
# Step 2: Get a refresh token for ACR | |
acr_refresh_token=`curl -v -X POST -H "Content-Type: application/x-www-form-urlencoded" -d \ | |
"grant_type=access_token&service=$registry&tenant=$tenant&access_token=$aad_access_token" \ | |
https://$registry/oauth2/exchange | jq .refresh_token | tr -d '"'` | |
echo $acr_refresh_token | |
# Step 3: Exchange the refresh token for ACR access token | |
acr_access_token=`curl -v -X POST -H "Content-Type: application/x-www-form-urlencoded" -d \ | |
"grant_type=refresh_token&service=$registry&scope=$scope&refresh_token=$acr_refresh_token" \ | |
https://$registry/oauth2/token | jq .access_token | tr -d '"'` | |
echo $acr_access_token | |
# Step 4: Get the catalog for the registry | |
curl -v -H "Authorization: Bearer $acr_access_token" https://$registry/v2/_catalog |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment