Microsoft.ContainerRegistry/registries/tokens incremental resource deployment is wiping token passwords

Question

Microsoft.ContainerRegistry/registries/tokens incremental resource deployment is wiping token passwords

Closed this issue 2 years ago · 2 comments

Bicep version
Bicep CLI version 0.13.1 (e3ac80d678)

Describe the bug
The following bicep code incremental deployment is wiping passwords for the tokens.

targetScope = 'resourceGroup'

param acrTokenName string
param acrScopeMapName string
param acrName string


resource acr 'Microsoft.ContainerRegistry/registries@2021-09-01' existing = {
  name: acrName
}

resource adminScopeMap 'Microsoft.ContainerRegistry/registries/scopeMaps@2022-02-01-preview' existing = {
  name: acrScopeMapName
  parent: acr
}

resource acrAdminUserToken 'Microsoft.ContainerRegistry/registries/tokens@2022-02-01-preview' = {
  name: acrTokenName
  parent: acr
  properties: {
    scopeMapId: adminScopeMap.id
  }
}

module acrUserTokenAdmin '../modules/acr-token.bicep' = {
  scope: resourceGroup(acrRgName)
  name: 'acrUserTokenAdmin-${dateTimeToEpoch(dateTimeNow)}'
  params: {
    acrName: acrName
    acrScopeMapName: '_repositories_admin'
    acrTokenName: '${acrName}-user-admin'
  }
  dependsOn: [
    acr
  ]  
}

To Reproduce

Create the token with the code provided above. Any api version. az deployment sub create
Open the portal and create password for the token:
Run the same bicep code again az deployment sub create
See that password disappeared.

Additional context
I would expect, that incremental deployments never wipe generated passwords.

Answer 1 · 2023-03-09T16:18:36.000Z

Hi @oleksandr9379992,

Please open a support ticket with our team to investigate as this board is primarily used to provide roadmap updates. If you don’t have any additional questions here, this issue will close in 7 days. Thanks!

Answer 2 · 2023-03-21T15:50:30.000Z

Closing as this issue is now inactive for over 7 days. Thanks!