Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Fix ACR External Secret example (#3626)

* Fix ACR External Secret example

Signed-off-by: Nathan Ellenfield <nathan.ellenfield@allscripts.com>

* Fix typos in acr generator docs

Signed-off-by: Nathan Ellenfield <nathan.ellenfield@allscripts.com>

---------

Signed-off-by: Nathan Ellenfield <nathan.ellenfield@allscripts.com>
Nathan Ellenfield 1 year ago
parent
22c1af40e0
commit
907e8ebc82
2 changed files with 5 additions and 5 deletions
Split View Show Diff Stats
  1. 4 4
      docs/api/generator/acr.md
  2. 1 1
      docs/snippets/generator-acr-example.yaml

+ 4 - 4
docs/api/generator/acr.md
View File 

@@ -18,8 +18,8 @@ You must choose one out of three authentication mechanisms:
 
 - managed identity
 
 - workload identity
 
 
-The generated token will inherit the permissions from the assigned policy. I.e. when you assign a read-only policy all generated tokens will be read-only. 
-You **must** [assign a Azure RBAC role](https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-steps), such as `AcrPush` or `AcrPull` to the service principal in order to be able to authenticate with the Azure container registry API. 
+The generated token will inherit the permissions from the assigned policy. I.e. when you assign a read-only policy all generated tokens will be read-only.
 
+You **must** [assign a Azure RBAC role](https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-steps), such as `AcrPush` or `AcrPull` to the service principal or managed identity in order to be able to authenticate with the Azure container registry API.
 
 
 You can scope tokens to a particular repository using `spec.scope`.
 
 
@@ -33,7 +33,7 @@ If `spec.scope` if it is defined it obtains an ACR access token. If  `spec.scope
 
 - refresh tokens can are scoped to whatever policy is attached to the identity that creates the acr refresh token
 
 
 The Scope grammar is defined in the [Docker Registry spec](https://docs.docker.com/registry/spec/auth/scope/).
 
-Note: You **can not** use a wildcards in the scope parameter, you can match exactly one repository and defined multiple actions like `pull` or `push`.
 
+Note: You **can not** use wildcards in the scope parameter -- you can match exactly one repository and can define multiple actions like `pull` or `push`.
 
 
 Example scopes:
 
 
@@ -51,4 +51,4 @@ repository:my-repository:pull
 
 Example `ExternalSecret` that references the ACR generator:
 
 ```yaml
 
 {% include 'generator-acr-example.yaml' %}
 
-```
 
+```

+ 1 - 1
docs/snippets/generator-acr-example.yaml
View File 

@@ -22,7 +22,7 @@ spec:
 
             "auths": {
 
               "myregistry.azurecr.io": {
 
                 "username": "{{ .username }}",
 
-                "identitytoken": "{{ .password }}"
 
+                "password": "{{ .password }}"
 
               }
 
             }
 
           }