ancient-eve-13947
08/16/2021, 5:07 PMRegistry
no longer has .adminUsername
or .adminPassword
properties.
and the other method - which would be preferable, anyway - with creating a service-principal and using that performs the role assignment like this:
const spAuth = new azure.authorization.Assignment("myauth", {
scope: registry.id,
roleDefinitionName: "acrpush",
principalId: sp.id,
});
but Assignment
has changed to RoleAssignment
and the later doesn't get a roleDefinitionName
, but a roleDefinitionId
. Yet there is no API to get a roleDefintionId by name or to list all role definitions so I could filter for the one with the matching name.az role definition list
finding the id of acrpush in the output and storing it in a pulumi config setting, but for obvious reasons this is not a very stable workaround - say we run the same setup against another subscription (which we likely will because we want to put production resources into a separate sub), and one needs to update this.tall-librarian-49374
08/17/2021, 1:44 PMancient-eve-13947
08/17/2021, 3:34 PMtall-librarian-49374
08/17/2021, 3:38 PMsucceeded in pushing an image to an ACR?Why is this example irrelevant? (putting roles aside for a moment)
ancient-eve-13947
08/17/2021, 3:44 PM