VikasPullagura-MSFT
commented
1 year ago @jwalters30 Thanks for the feedback! I have assigned the issue to content author to check and update the document as appropriate.
Closed jwalters30 closed 4 months ago
VikasPullagura-MSFT
commented
1 year ago @jwalters30 Thanks for the feedback! I have assigned the issue to content author to check and update the document as appropriate.
VikasPullagura-MSFT
commented
1 year ago @tomvcassidy Can you please check and add your comments on this doc update request as applicable.
akashdubey-ms
commented
6 months ago We sincerely apologize for the delayed response. Unfortunately, we have been unable to review this issue in a timely manner. However, we are making overall enhancements to our content. We are closing this issue for now as there has been no activity for a while. If you feel that the problem persists, please respond to this issue with additional information. ? Please continue to provide feedback about the documentation. We appreciate your contributions to our community.
jwalters30
commented
6 months ago @akashdubey-ms Simply closing the issue because the internal Microsoft resource hasn't responded "in a timely manner" doesn't really address the issue! The workflow for the OIDC push to the ACR still doesn't work! I think the issue should remain open while the content is being revised to ensure that it is addressed in the new material, rather than marking it as "completed" when it hasn't been addressed.
akashdubey-ms
commented
6 months ago 
tomvcassidy
commented
4 months ago Hi @jwalters30. Sorry for the extreme delay in addressing this issue, and unfortunately, the update isn't particularly good. I'm electing to remove the OIDC instructions as of https://github.com/MicrosoftDocs/azure-docs-pr/pull/274559. These changes will be published later today.
I agree with your analysis that one would have to conduct the service principal steps even in the OpenID Connect pathway, because no matter what one ends up pushing the image to the container registry. However, my main issue with the OIDC pathway is that I haven't even be able to arrive at the yaml deployment step as it appears one of the commands is outdated, and I keep getting an error on an invalid scope. I'm not the original author of the document, so my understanding is limited. I've spoken with the original author, but they're no longer familiar with their work from years ago.
Looking at the commit history, I suspect this pathway never worked, as it always had the issue you reported, which is disheartening.
To top it off, as you noted, having to rely on registry credentials in the workflow anyway somewhat defeats the point of using OIDC. The workflow as a whole isn't really made any securer by the introduction of OIDC, and superior security is the entire purpose of OIDC. Because of this, I'm not particularly inclined to add the necessary steps from the service principal pathway--even if I could reproduce the entire OIDC pathway,
All that is to say, thank you for tracking down this discontinuity in the doc and reporting it. If you find anything else, please use the Unified User Feedback form at the bottom of any page of our docs to report it, as GitHub issues for our docs will be retired soon.
In the document, which has two different sets of tabs (one for Service Principal and one for OIDC passwordless auth), there is a section to the instructions where the OIDC instructions require information that is only provided in the Service Principal set of instructions. As a result, the OIDC tab content under "Create workflow file" doesn't have the secrets required for pushing to the ACR. The secrets that are listed here:
are the ones that are only provided by the steps in the Service Principal tabs, and in particular defeat the purpose of doing the passwordless OIDC auth in the first place.
Document Details
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.