Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

fix: pass tenantID correctly to acr generator (#2010)

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>
Moritz Johner 3 years ago
parent
d2e1aa7156
commit
2acc637106
2 changed files with 31 additions and 3 deletions
Split View Show Diff Stats
  1. 28 0
      docs/api/generator/acr.md
  2. 3 3
      pkg/generator/acr/acr.go

+ 28 - 0
docs/api/generator/acr.md
View File 

@@ -47,3 +47,31 @@ repository:my-repository:pull
 
 {% include 'generator-acr.yaml' %}
 
 ```
 
 
+```yaml
 
+apiVersion: external-secrets.io/v1beta1
 
+kind: ExternalSecret
 
+metadata:
 
+  name: azurecr-credentials
 
+spec:
 
+  dataFrom:
 
+    - sourceRef:
 
+        generatorRef:
 
+          apiVersion: generators.external-secrets.io/v1alpha1
 
+          kind: ACRAccessToken
 
+          name: myregistry.azurecr.io
 
+  refreshInterval: 12h
 
+  target:
 
+    name: azurecr-credentials
 
+    template:
 
+      type: kubernetes.io/dockerconfigjson
 
+      data:
 
+        .dockerconfigjson: |
 
+          {
 
+            "auths": {
 
+              "myregistry.azurecr.io": {
 
+                "username": "{{ .username }}",
 
+                "identitytoken": "{{ .password }}",
 
+              }
 
+            }
 
+          }
 
+```

+ 3 - 3
pkg/generator/acr/acr.go
View File 

@@ -80,7 +80,7 @@ func (g *Generator) Generate(ctx context.Context, jsonSpec *apiextensions.JSON,
 
 		return nil, err
 
 	}
 
 	g.clientSecretCreds = func(tenantID, clientID, clientSecret string, options *azidentity.ClientSecretCredentialOptions) (TokenGetter, error) {
 
-		return azidentity.NewClientSecretCredential(clientID, clientID, clientSecret, options)
 
+		return azidentity.NewClientSecretCredential(tenantID, clientID, clientSecret, options)
 
 	}
 
 
 	return g.generate(
 
@@ -175,7 +175,7 @@ func fetchACRAccessToken(acrRefreshToken, tenantID, registryURL, scope string) (
 
 	}
 
 	defer res.Body.Close()
 
 	if res.StatusCode != http.StatusOK {
 
-		return "", fmt.Errorf("unexpected status code: %d", res.StatusCode)
 
+		return "", fmt.Errorf("could not generate access token, unexpected status code: %d", res.StatusCode)
 
 	}
 
 	body, err := io.ReadAll(res.Body)
 
 	if err != nil {
 
@@ -210,7 +210,7 @@ func fetchACRRefreshToken(aadAccessToken, tenantID, registryURL string) (string,
 
 	}
 
 	defer res.Body.Close()
 
 	if res.StatusCode != http.StatusOK {
 
-		return "", fmt.Errorf("unexpected status code %d, expected %d", res.StatusCode, http.StatusOK)
 
+		return "", fmt.Errorf("count not generate refresh token, unexpected status code %d, expected %d", res.StatusCode, http.StatusOK)
 
 	}
 
 	body, err := io.ReadAll(res.Body)
 
 	if err != nil {