Merge pull request #190535 from tejaswikolli-web/main

service-principal-renewal

Author: laurabren

articles/container-registry/container-registry-auth-service-principal.md

@@ -105,6 +105,10 @@ To create a service principal that can authenticate with a container registry in
 
 For example steps, see [Pull images from a container registry to an AKS cluster in a different AD tenant](authenticate-aks-cross-tenant.md).
 
+## Service principal renewal
+
+The service principal is created with one-year validity. You have options to extend the validity further than one year, or can provide expiry date of your choice using the [`az ad sp credential reset`](/cli/azure/ad/sp/credential#az-ad-sp-credential-reset) command. 
+
 ## Next steps
 
 * See the [authentication overview](container-registry-authentication.md) for other scenarios to authenticate with an Azure container registry.

articles/container-registry/container-registry-authentication.md

@@ -134,7 +134,7 @@ The admin account is currently required for some scenarios to deploy an image fr
 > The admin account is designed for a single user to access the registry, mainly for testing purposes. We do not recommend sharing the admin account credentials among multiple users. All users authenticating with the admin account appear as a single user with push and pull access to the registry. Changing or disabling this account disables registry access for all users who use its credentials. Individual identity is recommended for users and service principals for headless scenarios.
 >
 
-The admin account is provided with two passwords, both of which can be regenerated. Two passwords allow you to maintain connection to the registry by using one password while you regenerate the other. If the admin account is enabled, you can pass the username and either password to the `docker login` command when prompted for basic authentication to the registry. For example:
+The admin account is provided with two passwords, both of which can be regenerated. New passwords created for admin accounts are available immediately. Regenerating passwords for admin accounts will take 60 seconds to replicate and be available. Two passwords allow you to maintain connection to the registry by using one password while you regenerate the other. If the admin account is enabled, you can pass the username and either password to the `docker login` command when prompted for basic authentication to the registry. For example:
 
 ```
 docker login myregistry.azurecr.io

articles/container-registry/container-registry-repository-scoped-permissions.md

@@ -31,7 +31,7 @@ This feature is available in the **Premium** container registry service tier. Fo
 
 To configure repository-scoped permissions, you create a *token* with an associated *scope map*. 
 
-* A **token** along with a generated password lets the user authenticate with the registry. You can set an expiration date for a token password, or disable a token at any time.  
+* A **token** along with a generated password lets the user authenticate with the registry. You can set an expiration date for a token password, or disable a token at any time.
 
   After authenticating with a token, the user or service can perform one or more *actions* scoped to one or more repositories.
 
@@ -166,7 +166,7 @@ After the token is validated and created, token details appear in the **Tokens**
 
 ### Add token password
 
-To use a token created in the portal, you must generate a password. You can generate one or two passwords, and set an expiration date for each one. 
+To use a token created in the portal, you must generate a password. You can generate one or two passwords, and set an expiration date for each one. New passwords created for tokens are available immediately. Regenerating new passwords for tokens will take 60 seconds to replicate and be available. 
 
 1. In the portal, navigate to your container registry.
 1. Under **Repository permissions**, select **Tokens (Preview)**, and select a token.
@@ -374,7 +374,7 @@ az acr token list --registry myregistry --output table
 
 ### Regenerate token passwords
 
-If you didn't generate a token password, or you want to generate new passwords, run the [az acr token credential generate][az-acr-token-credential-generate] command. 
+If you didn't generate a token password, or you want to generate new passwords, run the [az acr token credential generate][az-acr-token-credential-generate] command.Regenerating new passwords for tokens will take 60 seconds to replicate and be available. 
 
 The following example generates a new value for password1 for the *MyToken* token, with an expiration period of 30 days. It stores the password in the environment variable `TOKEN_PWD`. This example is formatted for the bash shell.
 
@@ -448,4 +448,4 @@ In the portal, select the token in the **Tokens (Preview)** screen, and select *
 [az-acr-token-delete]: /cli/azure/acr/token/#az_acr_token_delete
 [az-acr-token-create]: /cli/azure/acr/token/#az_acr_token_create
 [az-acr-token-update]: /cli/azure/acr/token/#az_acr_token_update
-[az-acr-token-credential-generate]: /cli/azure/acr/token/credential/#az_acr_token_credential_generate
+[az-acr-token-credential-generate]: /cli/azure/acr/token/credential/#az_acr_token_credential_generate

docfx.json

@@ -648,7 +648,7 @@
         "articles/cognitive-services/Translator/**/*.md": "lajanuar",
         "articles/connectors/*.md": "estfan",
         "articles/container-instances/**/*.md": "macolso",
-        "articles/container-registry/**/*.md": "danlep",
+        "articles/container-registry/**/*.md": "tejaswikolli",
         "articles/data-lake-analytics/*.md": "xujiang1",
         "articles/defender-for-cloud/*.md": "elkrieger",
         "articles/defender-for-iot/organizations/*.md": "shhazam",
@@ -1226,4 +1226,4 @@
     }
 
   }
-}
+}