No access to 'Shared-Prod ECR-Push' Service connection

[KPLauritzen]

I don't think 'Shared-Prod ECR-Push' is a service connection available to everyone. But maybe 'ECR Push' is. It looks like that is widely used in the "Smart Data" ADO project, at least.

https://github.com/dfds/ado-deployment-templates/blob/e9b6b1c1374cfa650b673d694d629122861d497e/ASP.NET%20Core%20sample/azure-pipelines/azure-pipelines.yaml#L55

[avnes]

Hi @KPLauritzen

This is sort of "working as designed". Let me explain what I mean. And I will also how we can solve it.

1. Service connections are owned by the ADO project that created them.
2. The service connection 'ECR Push' was created in the Smart Data project. Hence that service connection can by default only be used in Smart Data.
3. The service connection 'Shared-Prod ECR-Push' was created in the CloudEngineering project. Hence that service connection can by default only be used in CloudEngineering.
4. Both 'ECR Push' and 'Shared-Prod ECR-Push' are using the same credentials.
5. I suspect that 'ECR Push' was created due to lack of understanding that service connections can be shared with other projects. I just requires some tweaking to the service connection as documented here: https://docs.microsoft.com/en-us/azure/devops/pipelines/library/service-endpoints?view=azure-devops&tabs=yaml#secure-a-service-connection
6. That means that each ADO project that want to use the 'Shared-Prod ECR-Push' service connection from CloudEngineering must first request access to use it.
7. I have now shared the service connection 'Shared-Prod ECR-Push' with the Smart Data project.

Please let me know if this is sufficient, or if I should share the connection with another project too?

[avnes]

Closing due to no reponse after explaination and workaround provided.