https://pulumi.com logo
Title
a

ancient-eve-13947

08/16/2021, 5:07 PM
has anyone with the current version succeeded in pushing an image to an ACR? the current example at https://www.pulumi.com/docs/reference/pkg/docker/image/ is out-of-date as is the one at https://www.pulumi.com/blog/build-publish-containers-iac/.
Registry
no longer has
.adminUsername
or
.adminPassword
properties. and the other method - which would be preferable, anyway - with creating a service-principal and using that performs the role assignment like this:
const spAuth = new azure.authorization.Assignment("myauth", {
    scope: registry.id,
    roleDefinitionName: "acrpush",
    principalId: sp.id,
});
but
Assignment
has changed to
RoleAssignment
and the later doesn't get a
roleDefinitionName
, but a
roleDefinitionId
. Yet there is no API to get a roleDefintionId by name or to list all role definitions so I could filter for the one with the matching name.
I can help myself meanwhile by executing
az role definition list
finding the id of acrpush in the output and storing it in a pulumi config setting, but for obvious reasons this is not a very stable workaround - say we run the same setup against another subscription (which we likely will because we want to put production resources into a separate sub), and one needs to update this.
anyone any better ideas?
t

tall-librarian-49374

08/17/2021, 1:44 PM
a

ancient-eve-13947

08/17/2021, 3:34 PM
I know that example, but it doesn't apply to my question. meanwhile, though, I'd be more interested in making this work with managed identities as described here because that doesn't require the app reg under which pulumi runs to be allowed to assign roles (effectively being a subscription owner). do you by any chance have a Pulumi example that mirrors what MS describes in that link? (doesn't matter which language, as long as it's Pulumi) - that would be very helpful - thanks!
t

tall-librarian-49374

08/17/2021, 3:38 PM
succeeded in pushing an image to an ACR?
Why is this example irrelevant? (putting roles aside for a moment)
a

ancient-eve-13947

08/17/2021, 3:44 PM
maybe my wording in the original question was not precise enough, sorry for that. my problem was solely with authorization alternatives to isAdminEnabled, not with the actual pushing