From f5cef3e7659dd65d755864233a3312520e30a7a2 Mon Sep 17 00:00:00 2001 From: Sidney Andrews Date: Mon, 11 Nov 2024 16:17:24 -0500 Subject: [PATCH 01/14] Make `credentialSetResourceId` optional --- avm/res/container-registry/registry/cache-rule/main.bicep | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/avm/res/container-registry/registry/cache-rule/main.bicep b/avm/res/container-registry/registry/cache-rule/main.bicep index 3a58558bc3..758cc21e29 100644 --- a/avm/res/container-registry/registry/cache-rule/main.bicep +++ b/avm/res/container-registry/registry/cache-rule/main.bicep @@ -14,8 +14,8 @@ param sourceRepository string @description('Optional. Target repository specified in docker pull command. E.g.: docker pull myregistry.azurecr.io/{targetRepository}:{tag}.') param targetRepository string = sourceRepository -@description('Required. The resource ID of the credential store which is associated with the cache rule.') -param credentialSetResourceId string +@description('Optional. The resource ID of the credential store which is associated with the cache rule.') +param credentialSetResourceId string = '' resource registry 'Microsoft.ContainerRegistry/registries@2023-06-01-preview' existing = { name: registryName @@ -27,7 +27,7 @@ resource cacheRule 'Microsoft.ContainerRegistry/registries/cacheRules@2023-06-01 properties: { sourceRepository: sourceRepository targetRepository: targetRepository - credentialSetResourceId: credentialSetResourceId + credentialSetResourceId: !empty(credentialSetResourceId) ? credentialSetResourceId : null } } From 7ffc7ba81308b842615d864354f201511d2a910e Mon Sep 17 00:00:00 2001 From: Sidney Andrews Date: Mon, 11 Nov 2024 16:17:49 -0500 Subject: [PATCH 02/14] Fix `name` parameter to replace wildcard (asterisk) symbol --- avm/res/container-registry/registry/cache-rule/main.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/avm/res/container-registry/registry/cache-rule/main.bicep b/avm/res/container-registry/registry/cache-rule/main.bicep index 758cc21e29..7fac36fccc 100644 --- a/avm/res/container-registry/registry/cache-rule/main.bicep +++ b/avm/res/container-registry/registry/cache-rule/main.bicep @@ -6,7 +6,7 @@ metadata owner = 'Azure/module-maintainers' param registryName string @description('Optional. The name of the cache rule. Will be derived from the source repository name if not defined.') -param name string = replace(replace(sourceRepository, '/', '-'), '.', '-') +param name string = replace(replace(replace(sourceRepository, '/', '-'), '.', '-'), '*', '') @description('Required. Source repository pulled from upstream.') param sourceRepository string From b05f2771f99c91a04e49bcef57584b6250edc691 Mon Sep 17 00:00:00 2001 From: Sidney Andrews Date: Mon, 11 Nov 2024 16:31:34 -0500 Subject: [PATCH 03/14] Make `credentialSetResourceId` nullable --- avm/res/container-registry/registry/cache-rule/main.bicep | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/avm/res/container-registry/registry/cache-rule/main.bicep b/avm/res/container-registry/registry/cache-rule/main.bicep index 7fac36fccc..8b0e49aa77 100644 --- a/avm/res/container-registry/registry/cache-rule/main.bicep +++ b/avm/res/container-registry/registry/cache-rule/main.bicep @@ -15,7 +15,7 @@ param sourceRepository string param targetRepository string = sourceRepository @description('Optional. The resource ID of the credential store which is associated with the cache rule.') -param credentialSetResourceId string = '' +param credentialSetResourceId string? resource registry 'Microsoft.ContainerRegistry/registries@2023-06-01-preview' existing = { name: registryName @@ -27,7 +27,7 @@ resource cacheRule 'Microsoft.ContainerRegistry/registries/cacheRules@2023-06-01 properties: { sourceRepository: sourceRepository targetRepository: targetRepository - credentialSetResourceId: !empty(credentialSetResourceId) ? credentialSetResourceId : null + credentialSetResourceId: credentialSetResourceId } } From 1a8dbef2a6ad2a462fe1ff666cfe116347c81091 Mon Sep 17 00:00:00 2001 From: Sidney Andrews Date: Mon, 11 Nov 2024 16:31:40 -0500 Subject: [PATCH 04/14] Add unit tests --- .../registry/tests/e2e/cache/main.test.bicep | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/avm/res/container-registry/registry/tests/e2e/cache/main.test.bicep b/avm/res/container-registry/registry/tests/e2e/cache/main.test.bicep index c19abf87f1..26618d2bb6 100644 --- a/avm/res/container-registry/registry/tests/e2e/cache/main.test.bicep +++ b/avm/res/container-registry/registry/tests/e2e/cache/main.test.bicep @@ -79,6 +79,10 @@ module testDeployment '../../../main.bicep' = [ targetRepository: 'cached-docker-hub/hello-world' credentialSetResourceId: nestedDependencies.outputs.acrCredentialSetResourceId } + { + sourceRepository: 'mcr.microsoft.com/*' + targetRepository: 'cached-mcr/*' + } ] } } From 89d0db239f14f94d03f152f230413a70eaa8d5d1 Mon Sep 17 00:00:00 2001 From: Sidney Andrews Date: Mon, 11 Nov 2024 16:34:47 -0500 Subject: [PATCH 05/14] Run generation of readme and JSON files --- avm/res/container-registry/registry/README.md | 12 ++++ .../registry/cache-rule/README.md | 18 ++--- .../registry/cache-rule/main.json | 22 ++++-- avm/res/container-registry/registry/main.json | 68 ++++++++----------- 4 files changed, 66 insertions(+), 54 deletions(-) diff --git a/avm/res/container-registry/registry/README.md b/avm/res/container-registry/registry/README.md index 4c2f170db8..ef1ce3cf66 100644 --- a/avm/res/container-registry/registry/README.md +++ b/avm/res/container-registry/registry/README.md @@ -67,6 +67,10 @@ module registry 'br/public:avm/res/container-registry/registry:' = { sourceRepository: 'docker.io/library/hello-world' targetRepository: 'cached-docker-hub/hello-world' } + { + sourceRepository: 'mcr.microsoft.com/*' + targetRepository: 'cached-mcr/*' + } ] credentialSets: [ { @@ -119,6 +123,10 @@ module registry 'br/public:avm/res/container-registry/registry:' = { "name": "customRule", "sourceRepository": "docker.io/library/hello-world", "targetRepository": "cached-docker-hub/hello-world" + }, + { + "sourceRepository": "mcr.microsoft.com/*", + "targetRepository": "cached-mcr/*" } ] }, @@ -169,6 +177,10 @@ param cacheRules = [ sourceRepository: 'docker.io/library/hello-world' targetRepository: 'cached-docker-hub/hello-world' } + { + sourceRepository: 'mcr.microsoft.com/*' + targetRepository: 'cached-mcr/*' + } ] param credentialSets = [ { diff --git a/avm/res/container-registry/registry/cache-rule/README.md b/avm/res/container-registry/registry/cache-rule/README.md index 064d6dc202..2a87fed0cf 100644 --- a/avm/res/container-registry/registry/cache-rule/README.md +++ b/avm/res/container-registry/registry/cache-rule/README.md @@ -20,7 +20,6 @@ Cache for Azure Container Registry (Preview) feature allows users to cache conta | Parameter | Type | Description | | :-- | :-- | :-- | -| [`credentialSetResourceId`](#parameter-credentialsetresourceid) | string | The resource ID of the credential store which is associated with the cache rule. | | [`registryName`](#parameter-registryname) | string | The name of the parent registry. Required if the template is used in a standalone deployment. | | [`sourceRepository`](#parameter-sourcerepository) | string | Source repository pulled from upstream. | @@ -28,16 +27,10 @@ Cache for Azure Container Registry (Preview) feature allows users to cache conta | Parameter | Type | Description | | :-- | :-- | :-- | +| [`credentialSetResourceId`](#parameter-credentialsetresourceid) | string | The resource ID of the credential store which is associated with the cache rule. | | [`name`](#parameter-name) | string | The name of the cache rule. Will be derived from the source repository name if not defined. | | [`targetRepository`](#parameter-targetrepository) | string | Target repository specified in docker pull command. E.g.: docker pull myregistry.azurecr.io/{targetRepository}:{tag}. | -### Parameter: `credentialSetResourceId` - -The resource ID of the credential store which is associated with the cache rule. - -- Required: Yes -- Type: string - ### Parameter: `registryName` The name of the parent registry. Required if the template is used in a standalone deployment. @@ -52,13 +45,20 @@ Source repository pulled from upstream. - Required: Yes - Type: string +### Parameter: `credentialSetResourceId` + +The resource ID of the credential store which is associated with the cache rule. + +- Required: No +- Type: string + ### Parameter: `name` The name of the cache rule. Will be derived from the source repository name if not defined. - Required: No - Type: string -- Default: `[replace(replace(parameters('sourceRepository'), '/', '-'), '.', '-')]` +- Default: `[replace(replace(replace(parameters('sourceRepository'), '/', '-'), '.', '-'), '*', '')]` ### Parameter: `targetRepository` diff --git a/avm/res/container-registry/registry/cache-rule/main.json b/avm/res/container-registry/registry/cache-rule/main.json index 4635d8cb66..f5d637739e 100644 --- a/avm/res/container-registry/registry/cache-rule/main.json +++ b/avm/res/container-registry/registry/cache-rule/main.json @@ -1,11 +1,12 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", - "version": "0.30.3.12046", - "templateHash": "17205938486061573561" + "version": "0.31.34.60546", + "templateHash": "11043524287254213245" }, "name": "Container Registries Cache", "description": "Cache for Azure Container Registry (Preview) feature allows users to cache container images in a private container registry. Cache for ACR, is a preview feature available in Basic, Standard, and Premium service tiers ([ref](https://learn.microsoft.com/en-us/azure/container-registry/tutorial-registry-cache)).", @@ -20,7 +21,7 @@ }, "name": { "type": "string", - "defaultValue": "[replace(replace(parameters('sourceRepository'), '/', '-'), '.', '-')]", + "defaultValue": "[replace(replace(replace(parameters('sourceRepository'), '/', '-'), '.', '-'), '*', '')]", "metadata": { "description": "Optional. The name of the cache rule. Will be derived from the source repository name if not defined." } @@ -40,13 +41,20 @@ }, "credentialSetResourceId": { "type": "string", + "nullable": true, "metadata": { - "description": "Required. The resource ID of the credential store which is associated with the cache rule." + "description": "Optional. The resource ID of the credential store which is associated with the cache rule." } } }, - "resources": [ - { + "resources": { + "registry": { + "existing": true, + "type": "Microsoft.ContainerRegistry/registries", + "apiVersion": "2023-06-01-preview", + "name": "[parameters('registryName')]" + }, + "cacheRule": { "type": "Microsoft.ContainerRegistry/registries/cacheRules", "apiVersion": "2023-06-01-preview", "name": "[format('{0}/{1}', parameters('registryName'), parameters('name'))]", @@ -56,7 +64,7 @@ "credentialSetResourceId": "[parameters('credentialSetResourceId')]" } } - ], + }, "outputs": { "name": { "type": "string", diff --git a/avm/res/container-registry/registry/main.json b/avm/res/container-registry/registry/main.json index 5e42d035ac..dddea995b8 100644 --- a/avm/res/container-registry/registry/main.json +++ b/avm/res/container-registry/registry/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "2277340268999354626" + "version": "0.31.34.60546", + "templateHash": "10053213956889086375" }, "name": "Azure Container Registries (ACR)", "description": "This module deploys an Azure Container Registry (ACR).", @@ -836,10 +836,7 @@ "apiVersion": "2023-02-01", "subscriptionId": "[split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), '//'), '/')[2]]", "resourceGroup": "[split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), '////'), '/')[4]]", - "name": "[format('{0}/{1}', last(split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), 'dummyVault'), '/')), coalesce(tryGet(parameters('customerManagedKey'), 'keyName'), 'dummyKey'))]", - "dependsOn": [ - "cMKKeyVault" - ] + "name": "[format('{0}/{1}', last(split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), 'dummyVault'), '/')), coalesce(tryGet(parameters('customerManagedKey'), 'keyName'), 'dummyKey'))]" }, "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", @@ -913,7 +910,6 @@ "zoneRedundancy": "[if(equals(parameters('acrSku'), 'Premium'), parameters('zoneRedundancy'), null())]" }, "dependsOn": [ - "cMKKeyVault", "cMKUserAssignedIdentity" ] }, @@ -1028,8 +1024,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "17963190751439748514" + "version": "0.31.34.60546", + "templateHash": "15839262747902849468" }, "name": "Container Registries scopeMaps", "description": "This module deploys an Azure Container Registry (ACR) scopeMap.", @@ -1080,10 +1076,7 @@ "properties": { "actions": "[parameters('actions')]", "description": "[parameters('description')]" - }, - "dependsOn": [ - "registry" - ] + } } }, "outputs": { @@ -1155,8 +1148,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "4997004041066797666" + "version": "0.31.34.60546", + "templateHash": "15461001069282237891" }, "name": "Azure Container Registry (ACR) Replications", "description": "This module deploys an Azure Container Registry (ACR) Replication.", @@ -1224,10 +1217,7 @@ "properties": { "regionEndpointEnabled": "[parameters('regionEndpointEnabled')]", "zoneRedundancy": "[parameters('zoneRedundancy')]" - }, - "dependsOn": [ - "registry" - ] + } } }, "outputs": { @@ -1303,8 +1293,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "7759513970094711275" + "version": "0.31.34.60546", + "templateHash": "3498867894583412014" }, "name": "Container Registries Credential Sets", "description": "This module deploys an ACR Credential Set.", @@ -1400,10 +1390,7 @@ "properties": { "authCredentials": "[parameters('authCredentials')]", "loginServer": "[parameters('loginServer')]" - }, - "dependsOn": [ - "registry" - ] + } } }, "outputs": { @@ -1474,12 +1461,13 @@ }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "1396902957012921251" + "version": "0.31.34.60546", + "templateHash": "11043524287254213245" }, "name": "Container Registries Cache", "description": "Cache for Azure Container Registry (Preview) feature allows users to cache container images in a private container registry. Cache for ACR, is a preview feature available in Basic, Standard, and Premium service tiers ([ref](https://learn.microsoft.com/en-us/azure/container-registry/tutorial-registry-cache)).", @@ -1494,7 +1482,7 @@ }, "name": { "type": "string", - "defaultValue": "[replace(replace(parameters('sourceRepository'), '/', '-'), '.', '-')]", + "defaultValue": "[replace(replace(replace(parameters('sourceRepository'), '/', '-'), '.', '-'), '*', '')]", "metadata": { "description": "Optional. The name of the cache rule. Will be derived from the source repository name if not defined." } @@ -1514,13 +1502,20 @@ }, "credentialSetResourceId": { "type": "string", + "nullable": true, "metadata": { - "description": "Required. The resource ID of the credential store which is associated with the cache rule." + "description": "Optional. The resource ID of the credential store which is associated with the cache rule." } } }, - "resources": [ - { + "resources": { + "registry": { + "existing": true, + "type": "Microsoft.ContainerRegistry/registries", + "apiVersion": "2023-06-01-preview", + "name": "[parameters('registryName')]" + }, + "cacheRule": { "type": "Microsoft.ContainerRegistry/registries/cacheRules", "apiVersion": "2023-06-01-preview", "name": "[format('{0}/{1}', parameters('registryName'), parameters('name'))]", @@ -1530,7 +1525,7 @@ "credentialSetResourceId": "[parameters('credentialSetResourceId')]" } } - ], + }, "outputs": { "name": { "type": "string", @@ -1610,8 +1605,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "10216591470402784498" + "version": "0.31.34.60546", + "templateHash": "16676482092818033709" }, "name": "Azure Container Registry (ACR) Webhooks", "description": "This module deploys an Azure Container Registry (ACR) Webhook.", @@ -1711,10 +1706,7 @@ "scope": "[parameters('scope')]", "serviceUri": "[parameters('serviceUri')]", "status": "[parameters('status')]" - }, - "dependsOn": [ - "registry" - ] + } } }, "outputs": { From cc0a93b837b51f068851405d9bc8a591de295946 Mon Sep 17 00:00:00 2001 From: Sidney Andrews Date: Mon, 11 Nov 2024 16:42:23 -0500 Subject: [PATCH 06/14] Run `Set-AVMModule` on all sub-modules --- .../container-registry/registry/credential-set/main.json | 9 +++------ .../container-registry/registry/replication/main.json | 9 +++------ avm/res/container-registry/registry/scope-map/main.json | 9 +++------ avm/res/container-registry/registry/webhook/main.json | 9 +++------ 4 files changed, 12 insertions(+), 24 deletions(-) diff --git a/avm/res/container-registry/registry/credential-set/main.json b/avm/res/container-registry/registry/credential-set/main.json index 1b1f243390..968cb4b771 100644 --- a/avm/res/container-registry/registry/credential-set/main.json +++ b/avm/res/container-registry/registry/credential-set/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.3.12046", - "templateHash": "13281764602355848660" + "version": "0.31.34.60546", + "templateHash": "3498867894583412014" }, "name": "Container Registries Credential Sets", "description": "This module deploys an ACR Credential Set.", @@ -102,10 +102,7 @@ "properties": { "authCredentials": "[parameters('authCredentials')]", "loginServer": "[parameters('loginServer')]" - }, - "dependsOn": [ - "registry" - ] + } } }, "outputs": { diff --git a/avm/res/container-registry/registry/replication/main.json b/avm/res/container-registry/registry/replication/main.json index beca1e3cec..7b7f36cd0d 100644 --- a/avm/res/container-registry/registry/replication/main.json +++ b/avm/res/container-registry/registry/replication/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.3.12046", - "templateHash": "11507205381257602922" + "version": "0.31.34.60546", + "templateHash": "15461001069282237891" }, "name": "Azure Container Registry (ACR) Replications", "description": "This module deploys an Azure Container Registry (ACR) Replication.", @@ -74,10 +74,7 @@ "properties": { "regionEndpointEnabled": "[parameters('regionEndpointEnabled')]", "zoneRedundancy": "[parameters('zoneRedundancy')]" - }, - "dependsOn": [ - "registry" - ] + } } }, "outputs": { diff --git a/avm/res/container-registry/registry/scope-map/main.json b/avm/res/container-registry/registry/scope-map/main.json index c19212c9a3..ce23f17cfc 100644 --- a/avm/res/container-registry/registry/scope-map/main.json +++ b/avm/res/container-registry/registry/scope-map/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.3.12046", - "templateHash": "17045733538280748766" + "version": "0.31.34.60546", + "templateHash": "15839262747902849468" }, "name": "Container Registries scopeMaps", "description": "This module deploys an Azure Container Registry (ACR) scopeMap.", @@ -57,10 +57,7 @@ "properties": { "actions": "[parameters('actions')]", "description": "[parameters('description')]" - }, - "dependsOn": [ - "registry" - ] + } } }, "outputs": { diff --git a/avm/res/container-registry/registry/webhook/main.json b/avm/res/container-registry/registry/webhook/main.json index d5805e9f69..27c0e314c8 100644 --- a/avm/res/container-registry/registry/webhook/main.json +++ b/avm/res/container-registry/registry/webhook/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.3.12046", - "templateHash": "3542060088842117365" + "version": "0.31.34.60546", + "templateHash": "16676482092818033709" }, "name": "Azure Container Registry (ACR) Webhooks", "description": "This module deploys an Azure Container Registry (ACR) Webhook.", @@ -106,10 +106,7 @@ "scope": "[parameters('scope')]", "serviceUri": "[parameters('serviceUri')]", "status": "[parameters('status')]" - }, - "dependsOn": [ - "registry" - ] + } } }, "outputs": { From 6574d662277ed49efb136674d9928a8f88e67bc8 Mon Sep 17 00:00:00 2001 From: Sidney Andrews Date: Mon, 11 Nov 2024 18:21:05 -0500 Subject: [PATCH 07/14] Use a unique string for the cache-rule name instead of fragile `replace` logic --- avm/res/container-registry/registry/cache-rule/README.md | 6 +++--- avm/res/container-registry/registry/cache-rule/main.bicep | 4 ++-- avm/res/container-registry/registry/cache-rule/main.json | 6 +++--- avm/res/container-registry/registry/main.json | 8 ++++---- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/avm/res/container-registry/registry/cache-rule/README.md b/avm/res/container-registry/registry/cache-rule/README.md index 2a87fed0cf..474ebb7cf8 100644 --- a/avm/res/container-registry/registry/cache-rule/README.md +++ b/avm/res/container-registry/registry/cache-rule/README.md @@ -28,7 +28,7 @@ Cache for Azure Container Registry (Preview) feature allows users to cache conta | Parameter | Type | Description | | :-- | :-- | :-- | | [`credentialSetResourceId`](#parameter-credentialsetresourceid) | string | The resource ID of the credential store which is associated with the cache rule. | -| [`name`](#parameter-name) | string | The name of the cache rule. Will be derived from the source repository name if not defined. | +| [`name`](#parameter-name) | string | The name of the cache rule. Will be automatically generated if not defined. | | [`targetRepository`](#parameter-targetrepository) | string | Target repository specified in docker pull command. E.g.: docker pull myregistry.azurecr.io/{targetRepository}:{tag}. | ### Parameter: `registryName` @@ -54,11 +54,11 @@ The resource ID of the credential store which is associated with the cache rule. ### Parameter: `name` -The name of the cache rule. Will be derived from the source repository name if not defined. +The name of the cache rule. Will be automatically generated if not defined. - Required: No - Type: string -- Default: `[replace(replace(replace(parameters('sourceRepository'), '/', '-'), '.', '-'), '*', '')]` +- Default: `[uniqueString(parameters('sourceRepository'), parameters('targetRepository'))]` ### Parameter: `targetRepository` diff --git a/avm/res/container-registry/registry/cache-rule/main.bicep b/avm/res/container-registry/registry/cache-rule/main.bicep index 8b0e49aa77..760d08f35b 100644 --- a/avm/res/container-registry/registry/cache-rule/main.bicep +++ b/avm/res/container-registry/registry/cache-rule/main.bicep @@ -5,8 +5,8 @@ metadata owner = 'Azure/module-maintainers' @description('Required. The name of the parent registry. Required if the template is used in a standalone deployment.') param registryName string -@description('Optional. The name of the cache rule. Will be derived from the source repository name if not defined.') -param name string = replace(replace(replace(sourceRepository, '/', '-'), '.', '-'), '*', '') +@description('Optional. The name of the cache rule. Will be automatically generated if not defined.') +param name string = uniqueString(sourceRepository, targetRepository) @description('Required. Source repository pulled from upstream.') param sourceRepository string diff --git a/avm/res/container-registry/registry/cache-rule/main.json b/avm/res/container-registry/registry/cache-rule/main.json index f5d637739e..b1efa74161 100644 --- a/avm/res/container-registry/registry/cache-rule/main.json +++ b/avm/res/container-registry/registry/cache-rule/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.31.34.60546", - "templateHash": "11043524287254213245" + "templateHash": "8246864064800210517" }, "name": "Container Registries Cache", "description": "Cache for Azure Container Registry (Preview) feature allows users to cache container images in a private container registry. Cache for ACR, is a preview feature available in Basic, Standard, and Premium service tiers ([ref](https://learn.microsoft.com/en-us/azure/container-registry/tutorial-registry-cache)).", @@ -21,9 +21,9 @@ }, "name": { "type": "string", - "defaultValue": "[replace(replace(replace(parameters('sourceRepository'), '/', '-'), '.', '-'), '*', '')]", + "defaultValue": "[uniqueString(parameters('sourceRepository'), parameters('targetRepository'))]", "metadata": { - "description": "Optional. The name of the cache rule. Will be derived from the source repository name if not defined." + "description": "Optional. The name of the cache rule. Will be automatically generated if not defined." } }, "sourceRepository": { diff --git a/avm/res/container-registry/registry/main.json b/avm/res/container-registry/registry/main.json index dddea995b8..19da19c0d6 100644 --- a/avm/res/container-registry/registry/main.json +++ b/avm/res/container-registry/registry/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.31.34.60546", - "templateHash": "10053213956889086375" + "templateHash": "1250778163459538921" }, "name": "Azure Container Registries (ACR)", "description": "This module deploys an Azure Container Registry (ACR).", @@ -1467,7 +1467,7 @@ "_generator": { "name": "bicep", "version": "0.31.34.60546", - "templateHash": "11043524287254213245" + "templateHash": "8246864064800210517" }, "name": "Container Registries Cache", "description": "Cache for Azure Container Registry (Preview) feature allows users to cache container images in a private container registry. Cache for ACR, is a preview feature available in Basic, Standard, and Premium service tiers ([ref](https://learn.microsoft.com/en-us/azure/container-registry/tutorial-registry-cache)).", @@ -1482,9 +1482,9 @@ }, "name": { "type": "string", - "defaultValue": "[replace(replace(replace(parameters('sourceRepository'), '/', '-'), '.', '-'), '*', '')]", + "defaultValue": "[uniqueString(parameters('sourceRepository'), parameters('targetRepository'))]", "metadata": { - "description": "Optional. The name of the cache rule. Will be derived from the source repository name if not defined." + "description": "Optional. The name of the cache rule. Will be automatically generated if not defined." } }, "sourceRepository": { From 23abacabbf355e0c9d04df9f250704ca127105e8 Mon Sep 17 00:00:00 2001 From: Sidney Andrews Date: Mon, 11 Nov 2024 20:20:48 -0500 Subject: [PATCH 08/14] Fixed `replace` logic --- .../container-registry/registry/cache-rule/README.md | 6 +++--- .../container-registry/registry/cache-rule/main.bicep | 4 ++-- .../container-registry/registry/cache-rule/main.json | 6 +++--- avm/res/container-registry/registry/main.bicep | 2 +- avm/res/container-registry/registry/main.json | 10 +++++----- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/avm/res/container-registry/registry/cache-rule/README.md b/avm/res/container-registry/registry/cache-rule/README.md index 474ebb7cf8..2a87fed0cf 100644 --- a/avm/res/container-registry/registry/cache-rule/README.md +++ b/avm/res/container-registry/registry/cache-rule/README.md @@ -28,7 +28,7 @@ Cache for Azure Container Registry (Preview) feature allows users to cache conta | Parameter | Type | Description | | :-- | :-- | :-- | | [`credentialSetResourceId`](#parameter-credentialsetresourceid) | string | The resource ID of the credential store which is associated with the cache rule. | -| [`name`](#parameter-name) | string | The name of the cache rule. Will be automatically generated if not defined. | +| [`name`](#parameter-name) | string | The name of the cache rule. Will be derived from the source repository name if not defined. | | [`targetRepository`](#parameter-targetrepository) | string | Target repository specified in docker pull command. E.g.: docker pull myregistry.azurecr.io/{targetRepository}:{tag}. | ### Parameter: `registryName` @@ -54,11 +54,11 @@ The resource ID of the credential store which is associated with the cache rule. ### Parameter: `name` -The name of the cache rule. Will be automatically generated if not defined. +The name of the cache rule. Will be derived from the source repository name if not defined. - Required: No - Type: string -- Default: `[uniqueString(parameters('sourceRepository'), parameters('targetRepository'))]` +- Default: `[replace(replace(replace(parameters('sourceRepository'), '/', '-'), '.', '-'), '*', '')]` ### Parameter: `targetRepository` diff --git a/avm/res/container-registry/registry/cache-rule/main.bicep b/avm/res/container-registry/registry/cache-rule/main.bicep index 760d08f35b..8b0e49aa77 100644 --- a/avm/res/container-registry/registry/cache-rule/main.bicep +++ b/avm/res/container-registry/registry/cache-rule/main.bicep @@ -5,8 +5,8 @@ metadata owner = 'Azure/module-maintainers' @description('Required. The name of the parent registry. Required if the template is used in a standalone deployment.') param registryName string -@description('Optional. The name of the cache rule. Will be automatically generated if not defined.') -param name string = uniqueString(sourceRepository, targetRepository) +@description('Optional. The name of the cache rule. Will be derived from the source repository name if not defined.') +param name string = replace(replace(replace(sourceRepository, '/', '-'), '.', '-'), '*', '') @description('Required. Source repository pulled from upstream.') param sourceRepository string diff --git a/avm/res/container-registry/registry/cache-rule/main.json b/avm/res/container-registry/registry/cache-rule/main.json index b1efa74161..f5d637739e 100644 --- a/avm/res/container-registry/registry/cache-rule/main.json +++ b/avm/res/container-registry/registry/cache-rule/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.31.34.60546", - "templateHash": "8246864064800210517" + "templateHash": "11043524287254213245" }, "name": "Container Registries Cache", "description": "Cache for Azure Container Registry (Preview) feature allows users to cache container images in a private container registry. Cache for ACR, is a preview feature available in Basic, Standard, and Premium service tiers ([ref](https://learn.microsoft.com/en-us/azure/container-registry/tutorial-registry-cache)).", @@ -21,9 +21,9 @@ }, "name": { "type": "string", - "defaultValue": "[uniqueString(parameters('sourceRepository'), parameters('targetRepository'))]", + "defaultValue": "[replace(replace(replace(parameters('sourceRepository'), '/', '-'), '.', '-'), '*', '')]", "metadata": { - "description": "Optional. The name of the cache rule. Will be automatically generated if not defined." + "description": "Optional. The name of the cache rule. Will be derived from the source repository name if not defined." } }, "sourceRepository": { diff --git a/avm/res/container-registry/registry/main.bicep b/avm/res/container-registry/registry/main.bicep index 9319bf65da..c797eb5a5c 100644 --- a/avm/res/container-registry/registry/main.bicep +++ b/avm/res/container-registry/registry/main.bicep @@ -354,7 +354,7 @@ module registry_cacheRules 'cache-rule/main.bicep' = [ params: { registryName: registry.name sourceRepository: cacheRule.sourceRepository - name: cacheRule.?name ?? replace(replace(cacheRule.sourceRepository, '/', '-'), '.', '-') + name: cacheRule.?name ?? replace(replace(replace(cacheRule.sourceRepository, '/', '-'), '.', '-'), '*', '') targetRepository: cacheRule.?targetRepository ?? cacheRule.sourceRepository credentialSetResourceId: cacheRule.?credentialSetResourceId } diff --git a/avm/res/container-registry/registry/main.json b/avm/res/container-registry/registry/main.json index 19da19c0d6..9e95e0826b 100644 --- a/avm/res/container-registry/registry/main.json +++ b/avm/res/container-registry/registry/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.31.34.60546", - "templateHash": "1250778163459538921" + "templateHash": "6082909570095213134" }, "name": "Azure Container Registries (ACR)", "description": "This module deploys an Azure Container Registry (ACR).", @@ -1450,7 +1450,7 @@ "value": "[coalesce(parameters('cacheRules'), createArray())[copyIndex()].sourceRepository]" }, "name": { - "value": "[coalesce(tryGet(coalesce(parameters('cacheRules'), createArray())[copyIndex()], 'name'), replace(replace(coalesce(parameters('cacheRules'), createArray())[copyIndex()].sourceRepository, '/', '-'), '.', '-'))]" + "value": "[coalesce(tryGet(coalesce(parameters('cacheRules'), createArray())[copyIndex()], 'name'), replace(replace(replace(coalesce(parameters('cacheRules'), createArray())[copyIndex()].sourceRepository, '/', '-'), '.', '-'), '*', ''))]" }, "targetRepository": { "value": "[coalesce(tryGet(coalesce(parameters('cacheRules'), createArray())[copyIndex()], 'targetRepository'), coalesce(parameters('cacheRules'), createArray())[copyIndex()].sourceRepository)]" @@ -1467,7 +1467,7 @@ "_generator": { "name": "bicep", "version": "0.31.34.60546", - "templateHash": "8246864064800210517" + "templateHash": "11043524287254213245" }, "name": "Container Registries Cache", "description": "Cache for Azure Container Registry (Preview) feature allows users to cache container images in a private container registry. Cache for ACR, is a preview feature available in Basic, Standard, and Premium service tiers ([ref](https://learn.microsoft.com/en-us/azure/container-registry/tutorial-registry-cache)).", @@ -1482,9 +1482,9 @@ }, "name": { "type": "string", - "defaultValue": "[uniqueString(parameters('sourceRepository'), parameters('targetRepository'))]", + "defaultValue": "[replace(replace(replace(parameters('sourceRepository'), '/', '-'), '.', '-'), '*', '')]", "metadata": { - "description": "Optional. The name of the cache rule. Will be automatically generated if not defined." + "description": "Optional. The name of the cache rule. Will be derived from the source repository name if not defined." } }, "sourceRepository": { From 9646b1bfdc8a834c6f429d1a3929f6d5d11daa1f Mon Sep 17 00:00:00 2001 From: Sidney Andrews Date: Mon, 11 Nov 2024 21:30:14 -0500 Subject: [PATCH 09/14] Try not setting `credentialSetResourceId` --- avm/res/container-registry/registry/main.bicep | 2 +- avm/res/container-registry/registry/main.json | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/avm/res/container-registry/registry/main.bicep b/avm/res/container-registry/registry/main.bicep index c797eb5a5c..0baa86b246 100644 --- a/avm/res/container-registry/registry/main.bicep +++ b/avm/res/container-registry/registry/main.bicep @@ -356,7 +356,7 @@ module registry_cacheRules 'cache-rule/main.bicep' = [ sourceRepository: cacheRule.sourceRepository name: cacheRule.?name ?? replace(replace(replace(cacheRule.sourceRepository, '/', '-'), '.', '-'), '*', '') targetRepository: cacheRule.?targetRepository ?? cacheRule.sourceRepository - credentialSetResourceId: cacheRule.?credentialSetResourceId + credentialSetResourceId: !empty(cacheRule.?credentialSetResourceId) ? cacheRule.?credentialSetResourceId : null // Must only be set if condition is set } dependsOn: [ registry_credentialSets diff --git a/avm/res/container-registry/registry/main.json b/avm/res/container-registry/registry/main.json index 9e95e0826b..84c2641777 100644 --- a/avm/res/container-registry/registry/main.json +++ b/avm/res/container-registry/registry/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.31.34.60546", - "templateHash": "6082909570095213134" + "templateHash": "2193958105263938034" }, "name": "Azure Container Registries (ACR)", "description": "This module deploys an Azure Container Registry (ACR).", @@ -1455,9 +1455,7 @@ "targetRepository": { "value": "[coalesce(tryGet(coalesce(parameters('cacheRules'), createArray())[copyIndex()], 'targetRepository'), coalesce(parameters('cacheRules'), createArray())[copyIndex()].sourceRepository)]" }, - "credentialSetResourceId": { - "value": "[tryGet(coalesce(parameters('cacheRules'), createArray())[copyIndex()], 'credentialSetResourceId')]" - } + "credentialSetResourceId": "[if(not(empty(tryGet(coalesce(parameters('cacheRules'), createArray())[copyIndex()], 'credentialSetResourceId'))), createObject('value', tryGet(coalesce(parameters('cacheRules'), createArray())[copyIndex()], 'credentialSetResourceId')), createObject('value', null()))]" }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", From 5d36196cfe0df4efa0a1ecddaa8c38b35191933b Mon Sep 17 00:00:00 2001 From: Sidney Andrews Date: Sun, 17 Nov 2024 20:48:45 -0500 Subject: [PATCH 10/14] Push to Bicep `0.31.92.45157` --- .../registry/cache-rule/main.json | 9 ++- .../registry/credential-set/main.json | 9 ++- avm/res/container-registry/registry/main.json | 55 +++++++++++++------ .../registry/replication/main.json | 9 ++- .../registry/scope-map/main.json | 9 ++- .../registry/webhook/main.json | 9 ++- 6 files changed, 67 insertions(+), 33 deletions(-) diff --git a/avm/res/container-registry/registry/cache-rule/main.json b/avm/res/container-registry/registry/cache-rule/main.json index f5d637739e..cd3820fda6 100644 --- a/avm/res/container-registry/registry/cache-rule/main.json +++ b/avm/res/container-registry/registry/cache-rule/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.34.60546", - "templateHash": "11043524287254213245" + "version": "0.31.92.45157", + "templateHash": "17904436773568970815" }, "name": "Container Registries Cache", "description": "Cache for Azure Container Registry (Preview) feature allows users to cache container images in a private container registry. Cache for ACR, is a preview feature available in Basic, Standard, and Premium service tiers ([ref](https://learn.microsoft.com/en-us/azure/container-registry/tutorial-registry-cache)).", @@ -62,7 +62,10 @@ "sourceRepository": "[parameters('sourceRepository')]", "targetRepository": "[parameters('targetRepository')]", "credentialSetResourceId": "[parameters('credentialSetResourceId')]" - } + }, + "dependsOn": [ + "registry" + ] } }, "outputs": { diff --git a/avm/res/container-registry/registry/credential-set/main.json b/avm/res/container-registry/registry/credential-set/main.json index 968cb4b771..2d4627959a 100644 --- a/avm/res/container-registry/registry/credential-set/main.json +++ b/avm/res/container-registry/registry/credential-set/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.34.60546", - "templateHash": "3498867894583412014" + "version": "0.31.92.45157", + "templateHash": "6279725946439884689" }, "name": "Container Registries Credential Sets", "description": "This module deploys an ACR Credential Set.", @@ -102,7 +102,10 @@ "properties": { "authCredentials": "[parameters('authCredentials')]", "loginServer": "[parameters('loginServer')]" - } + }, + "dependsOn": [ + "registry" + ] } }, "outputs": { diff --git a/avm/res/container-registry/registry/main.json b/avm/res/container-registry/registry/main.json index 84c2641777..4ef566cbc9 100644 --- a/avm/res/container-registry/registry/main.json +++ b/avm/res/container-registry/registry/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.34.60546", - "templateHash": "2193958105263938034" + "version": "0.31.92.45157", + "templateHash": "10825632871667902997" }, "name": "Azure Container Registries (ACR)", "description": "This module deploys an Azure Container Registry (ACR).", @@ -836,7 +836,10 @@ "apiVersion": "2023-02-01", "subscriptionId": "[split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), '//'), '/')[2]]", "resourceGroup": "[split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), '////'), '/')[4]]", - "name": "[format('{0}/{1}', last(split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), 'dummyVault'), '/')), coalesce(tryGet(parameters('customerManagedKey'), 'keyName'), 'dummyKey'))]" + "name": "[format('{0}/{1}', last(split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), 'dummyVault'), '/')), coalesce(tryGet(parameters('customerManagedKey'), 'keyName'), 'dummyKey'))]", + "dependsOn": [ + "cMKKeyVault" + ] }, "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", @@ -910,6 +913,7 @@ "zoneRedundancy": "[if(equals(parameters('acrSku'), 'Premium'), parameters('zoneRedundancy'), null())]" }, "dependsOn": [ + "cMKKeyVault", "cMKUserAssignedIdentity" ] }, @@ -1024,8 +1028,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.34.60546", - "templateHash": "15839262747902849468" + "version": "0.31.92.45157", + "templateHash": "2013383059353814727" }, "name": "Container Registries scopeMaps", "description": "This module deploys an Azure Container Registry (ACR) scopeMap.", @@ -1076,7 +1080,10 @@ "properties": { "actions": "[parameters('actions')]", "description": "[parameters('description')]" - } + }, + "dependsOn": [ + "registry" + ] } }, "outputs": { @@ -1148,8 +1155,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.34.60546", - "templateHash": "15461001069282237891" + "version": "0.31.92.45157", + "templateHash": "15634919072704510138" }, "name": "Azure Container Registry (ACR) Replications", "description": "This module deploys an Azure Container Registry (ACR) Replication.", @@ -1217,7 +1224,10 @@ "properties": { "regionEndpointEnabled": "[parameters('regionEndpointEnabled')]", "zoneRedundancy": "[parameters('zoneRedundancy')]" - } + }, + "dependsOn": [ + "registry" + ] } }, "outputs": { @@ -1293,8 +1303,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.34.60546", - "templateHash": "3498867894583412014" + "version": "0.31.92.45157", + "templateHash": "6279725946439884689" }, "name": "Container Registries Credential Sets", "description": "This module deploys an ACR Credential Set.", @@ -1390,7 +1400,10 @@ "properties": { "authCredentials": "[parameters('authCredentials')]", "loginServer": "[parameters('loginServer')]" - } + }, + "dependsOn": [ + "registry" + ] } }, "outputs": { @@ -1464,8 +1477,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.34.60546", - "templateHash": "11043524287254213245" + "version": "0.31.92.45157", + "templateHash": "17904436773568970815" }, "name": "Container Registries Cache", "description": "Cache for Azure Container Registry (Preview) feature allows users to cache container images in a private container registry. Cache for ACR, is a preview feature available in Basic, Standard, and Premium service tiers ([ref](https://learn.microsoft.com/en-us/azure/container-registry/tutorial-registry-cache)).", @@ -1521,7 +1534,10 @@ "sourceRepository": "[parameters('sourceRepository')]", "targetRepository": "[parameters('targetRepository')]", "credentialSetResourceId": "[parameters('credentialSetResourceId')]" - } + }, + "dependsOn": [ + "registry" + ] } }, "outputs": { @@ -1603,8 +1619,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.34.60546", - "templateHash": "16676482092818033709" + "version": "0.31.92.45157", + "templateHash": "14778812339643154349" }, "name": "Azure Container Registry (ACR) Webhooks", "description": "This module deploys an Azure Container Registry (ACR) Webhook.", @@ -1704,7 +1720,10 @@ "scope": "[parameters('scope')]", "serviceUri": "[parameters('serviceUri')]", "status": "[parameters('status')]" - } + }, + "dependsOn": [ + "registry" + ] } }, "outputs": { diff --git a/avm/res/container-registry/registry/replication/main.json b/avm/res/container-registry/registry/replication/main.json index 7b7f36cd0d..f5b4e121e5 100644 --- a/avm/res/container-registry/registry/replication/main.json +++ b/avm/res/container-registry/registry/replication/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.34.60546", - "templateHash": "15461001069282237891" + "version": "0.31.92.45157", + "templateHash": "15634919072704510138" }, "name": "Azure Container Registry (ACR) Replications", "description": "This module deploys an Azure Container Registry (ACR) Replication.", @@ -74,7 +74,10 @@ "properties": { "regionEndpointEnabled": "[parameters('regionEndpointEnabled')]", "zoneRedundancy": "[parameters('zoneRedundancy')]" - } + }, + "dependsOn": [ + "registry" + ] } }, "outputs": { diff --git a/avm/res/container-registry/registry/scope-map/main.json b/avm/res/container-registry/registry/scope-map/main.json index ce23f17cfc..919eb26299 100644 --- a/avm/res/container-registry/registry/scope-map/main.json +++ b/avm/res/container-registry/registry/scope-map/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.34.60546", - "templateHash": "15839262747902849468" + "version": "0.31.92.45157", + "templateHash": "2013383059353814727" }, "name": "Container Registries scopeMaps", "description": "This module deploys an Azure Container Registry (ACR) scopeMap.", @@ -57,7 +57,10 @@ "properties": { "actions": "[parameters('actions')]", "description": "[parameters('description')]" - } + }, + "dependsOn": [ + "registry" + ] } }, "outputs": { diff --git a/avm/res/container-registry/registry/webhook/main.json b/avm/res/container-registry/registry/webhook/main.json index 27c0e314c8..3634e4f1bb 100644 --- a/avm/res/container-registry/registry/webhook/main.json +++ b/avm/res/container-registry/registry/webhook/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.34.60546", - "templateHash": "16676482092818033709" + "version": "0.31.92.45157", + "templateHash": "14778812339643154349" }, "name": "Azure Container Registry (ACR) Webhooks", "description": "This module deploys an Azure Container Registry (ACR) Webhook.", @@ -106,7 +106,10 @@ "scope": "[parameters('scope')]", "serviceUri": "[parameters('serviceUri')]", "status": "[parameters('status')]" - } + }, + "dependsOn": [ + "registry" + ] } }, "outputs": { From b854404f2a98afabb768c526a391ca70943f366d Mon Sep 17 00:00:00 2001 From: Sidney Andrews Date: Sun, 17 Nov 2024 21:17:59 -0500 Subject: [PATCH 11/14] Remove credential set conflict --- avm/res/container-registry/registry/README.md | 50 ------------------- .../registry/tests/e2e/cache/main.test.bicep | 16 ------ 2 files changed, 66 deletions(-) diff --git a/avm/res/container-registry/registry/README.md b/avm/res/container-registry/registry/README.md index ef1ce3cf66..3e038311ea 100644 --- a/avm/res/container-registry/registry/README.md +++ b/avm/res/container-registry/registry/README.md @@ -72,22 +72,6 @@ module registry 'br/public:avm/res/container-registry/registry:' = { targetRepository: 'cached-mcr/*' } ] - credentialSets: [ - { - authCredentials: [ - { - name: 'Credential1' - passwordSecretIdentifier: '' - usernameSecretIdentifier: '' - } - ] - loginServer: 'docker.io' - managedIdentities: { - systemAssigned: true - } - name: 'default' - } - ] location: '' } } @@ -130,24 +114,6 @@ module registry 'br/public:avm/res/container-registry/registry:' = { } ] }, - "credentialSets": { - "value": [ - { - "authCredentials": [ - { - "name": "Credential1", - "passwordSecretIdentifier": "", - "usernameSecretIdentifier": "" - } - ], - "loginServer": "docker.io", - "managedIdentities": { - "systemAssigned": true - }, - "name": "default" - } - ] - }, "location": { "value": "" } @@ -182,22 +148,6 @@ param cacheRules = [ targetRepository: 'cached-mcr/*' } ] -param credentialSets = [ - { - authCredentials: [ - { - name: 'Credential1' - passwordSecretIdentifier: '' - usernameSecretIdentifier: '' - } - ] - loginServer: 'docker.io' - managedIdentities: { - systemAssigned: true - } - name: 'default' - } -] param location = '' ``` diff --git a/avm/res/container-registry/registry/tests/e2e/cache/main.test.bicep b/avm/res/container-registry/registry/tests/e2e/cache/main.test.bicep index 26618d2bb6..aaefbc55e2 100644 --- a/avm/res/container-registry/registry/tests/e2e/cache/main.test.bicep +++ b/avm/res/container-registry/registry/tests/e2e/cache/main.test.bicep @@ -56,22 +56,6 @@ module testDeployment '../../../main.bicep' = [ location: resourceLocation acrAdminUserEnabled: false acrSku: 'Standard' - credentialSets: [ - { - name: 'default' - managedIdentities: { - systemAssigned: true - } - authCredentials: [ - { - name: 'Credential1' - usernameSecretIdentifier: nestedDependencies.outputs.userNameSecretURI - passwordSecretIdentifier: nestedDependencies.outputs.pwdSecretURI - } - ] - loginServer: 'docker.io' - } - ] cacheRules: [ { name: 'customRule' From 1ad088ca55b0c40fb279c70a280d0d4c751e476c Mon Sep 17 00:00:00 2001 From: Sidney Andrews Date: Wed, 20 Nov 2024 12:53:56 -0500 Subject: [PATCH 12/14] Rework tests --- avm/res/container-registry/registry/README.md | 74 +++++++++++++++++-- .../tests/e2e/cache/dependencies.bicep | 48 +++--------- .../registry/tests/e2e/cache/main.test.bicep | 34 ++++++++- 3 files changed, 110 insertions(+), 46 deletions(-) diff --git a/avm/res/container-registry/registry/README.md b/avm/res/container-registry/registry/README.md index 3e038311ea..abad32e4e3 100644 --- a/avm/res/container-registry/registry/README.md +++ b/avm/res/container-registry/registry/README.md @@ -56,22 +56,42 @@ module registry 'br/public:avm/res/container-registry/registry:' = { name: 'registryDeployment' params: { // Required parameters - name: '' + name: 'crrcach001' // Non-required parameters acrAdminUserEnabled: false acrSku: 'Standard' cacheRules: [ { credentialSetResourceId: '' - name: 'customRule' + name: 'docker-rule-with-credentials' sourceRepository: 'docker.io/library/hello-world' targetRepository: 'cached-docker-hub/hello-world' } { + name: 'mcr-rule-anonymous' sourceRepository: 'mcr.microsoft.com/*' targetRepository: 'cached-mcr/*' } ] + credentialSets: [ + { + authCredentials: [ + { + name: 'Credential1' + passwordSecretIdentifier: '' + usernameSecretIdentifier: '' + } + ] + loginServer: 'docker.io' + managedIdentities: { + systemAssigned: true + userAssignedResourceIds: [ + '' + ] + } + name: 'docker-credential-set' + } + ] location: '' } } @@ -91,7 +111,7 @@ module registry 'br/public:avm/res/container-registry/registry:' = { "parameters": { // Required parameters "name": { - "value": "" + "value": "crrcach001" }, // Non-required parameters "acrAdminUserEnabled": { @@ -104,16 +124,38 @@ module registry 'br/public:avm/res/container-registry/registry:' = { "value": [ { "credentialSetResourceId": "", - "name": "customRule", + "name": "docker-rule-with-credentials", "sourceRepository": "docker.io/library/hello-world", "targetRepository": "cached-docker-hub/hello-world" }, { + "name": "mcr-rule-anonymous", "sourceRepository": "mcr.microsoft.com/*", "targetRepository": "cached-mcr/*" } ] }, + "credentialSets": { + "value": [ + { + "authCredentials": [ + { + "name": "Credential1", + "passwordSecretIdentifier": "", + "usernameSecretIdentifier": "" + } + ], + "loginServer": "docker.io", + "managedIdentities": { + "systemAssigned": true, + "userAssignedResourceIds": [ + "" + ] + }, + "name": "docker-credential-set" + } + ] + }, "location": { "value": "" } @@ -132,22 +174,42 @@ module registry 'br/public:avm/res/container-registry/registry:' = { using 'br/public:avm/res/container-registry/registry:' // Required parameters -param name = '' +param name = 'crrcach001' // Non-required parameters param acrAdminUserEnabled = false param acrSku = 'Standard' param cacheRules = [ { credentialSetResourceId: '' - name: 'customRule' + name: 'docker-rule-with-credentials' sourceRepository: 'docker.io/library/hello-world' targetRepository: 'cached-docker-hub/hello-world' } { + name: 'mcr-rule-anonymous' sourceRepository: 'mcr.microsoft.com/*' targetRepository: 'cached-mcr/*' } ] +param credentialSets = [ + { + authCredentials: [ + { + name: 'Credential1' + passwordSecretIdentifier: '' + usernameSecretIdentifier: '' + } + ] + loginServer: 'docker.io' + managedIdentities: { + systemAssigned: true + userAssignedResourceIds: [ + '' + ] + } + name: 'docker-credential-set' + } +] param location = '' ``` diff --git a/avm/res/container-registry/registry/tests/e2e/cache/dependencies.bicep b/avm/res/container-registry/registry/tests/e2e/cache/dependencies.bicep index 00cee9eca4..a3323b9351 100644 --- a/avm/res/container-registry/registry/tests/e2e/cache/dependencies.bicep +++ b/avm/res/container-registry/registry/tests/e2e/cache/dependencies.bicep @@ -1,8 +1,8 @@ @description('Optional. The location to deploy resources to.') param location string = resourceGroup().location -@description('Required. The name of the Azure Container Registry to pre-create before the actual test.') -param acrName string +@description('Required. The name of the Managed Identity to create.') +param managedIdentityName string @description('Required. The name of the Key Vault referenced by the ACR Credential Set.') param keyVaultName string @@ -15,6 +15,11 @@ param userNameSecret string = newGuid() @secure() param passwordSecret string = newGuid() +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { + name: managedIdentityName + location: location +} + resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' = { name: keyVaultName location: location @@ -45,37 +50,11 @@ resource keyVaulSecretPwd 'Microsoft.KeyVault/vaults/secrets@2023-07-01' = { } } -resource acr 'Microsoft.ContainerRegistry/registries@2023-11-01-preview' = { - name: acrName - location: location - sku: { - name: 'Standard' - } -} - -resource acrCredentialSet 'Microsoft.ContainerRegistry/registries/credentialSets@2023-11-01-preview' = { - parent: acr - name: 'default' - identity: { - type: 'SystemAssigned' - } - properties: { - authCredentials: [ - { - name: 'Credential1' - passwordSecretIdentifier: keyVaulSecretPwd.properties.secretUri - usernameSecretIdentifier: keyVaultSecretUserName.properties.secretUri - } - ] - loginServer: 'docker.io' - } -} - resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = { - name: guid('msi-${acrCredentialSet.name}-KeyVaultSecretUser-RoleAssignment') + name: guid('msi-${location}-${managedIdentity.id}-KeyVaultSecretsUser-RoleAssignment') scope: keyVault properties: { - principalId: acrCredentialSet.identity.principalId + principalId: managedIdentity.properties.principalId roleDefinitionId: subscriptionResourceId( 'Microsoft.Authorization/roleDefinitions', '4633458b-17de-408a-b874-0445c86b69e6' @@ -84,14 +63,11 @@ resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = { } } +@description('The managed identity resource ID.') +output managedIdentityResourceId string = managedIdentity.id + @description('The username key vault secret URI.') output userNameSecretURI string = keyVaultSecretUserName.properties.secretUri @description('The password key vault secret URI.') output pwdSecretURI string = keyVaulSecretPwd.properties.secretUri - -@description('The name of the Azure Container Registry.') -output acrName string = acr.name - -@description('The resource ID of the Azure Container Registry Credential Set.') -output acrCredentialSetResourceId string = acrCredentialSet.id diff --git a/avm/res/container-registry/registry/tests/e2e/cache/main.test.bicep b/avm/res/container-registry/registry/tests/e2e/cache/main.test.bicep index aaefbc55e2..cbd5aa3a39 100644 --- a/avm/res/container-registry/registry/tests/e2e/cache/main.test.bicep +++ b/avm/res/container-registry/registry/tests/e2e/cache/main.test.bicep @@ -38,7 +38,7 @@ module nestedDependencies 'dependencies.bicep' = { // Adding base time to make the name unique as purge protection must be enabled (but may not be longer than 24 characters total) location: resourceLocation keyVaultName: 'dep-${namePrefix}-kv-${serviceShort}' - acrName: '${namePrefix}${serviceShort}001' + managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}' } } @@ -52,18 +52,44 @@ module testDeployment '../../../main.bicep' = [ scope: resourceGroup name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' params: { - name: nestedDependencies.outputs.acrName + name: '${namePrefix}${serviceShort}001' location: resourceLocation acrAdminUserEnabled: false acrSku: 'Standard' + credentialSets: [ + { + name: 'docker-credential-set' + authCredentials: [ + { + name: 'Credential1' + passwordSecretIdentifier: nestedDependencies.outputs.pwdSecretURI + usernameSecretIdentifier: nestedDependencies.outputs.userNameSecretURI + } + ] + loginServer: 'docker.io' + managedIdentities: { + systemAssigned: true + userAssignedResourceIds: [ + nestedDependencies.outputs.managedIdentityResourceId + ] + } + } + ] cacheRules: [ { - name: 'customRule' + name: 'docker-rule-with-credentials' sourceRepository: 'docker.io/library/hello-world' targetRepository: 'cached-docker-hub/hello-world' - credentialSetResourceId: nestedDependencies.outputs.acrCredentialSetResourceId + credentialSetResourceId: resourceId( + subscription().subscriptionId, + resourceGroup.name, + 'Microsoft.ContainerRegistry/registries/credentialSets', + '${namePrefix}${serviceShort}001', + 'docker-credential-set' + ) } { + name: 'mcr-rule-anonymous' sourceRepository: 'mcr.microsoft.com/*' targetRepository: 'cached-mcr/*' } From 37fe9014fe1c54f12a9334eb0a871aa9dae8a36c Mon Sep 17 00:00:00 2001 From: Sidney Andrews Date: Wed, 20 Nov 2024 13:37:50 -0500 Subject: [PATCH 13/14] Fix bug with unique key vault names in test --- .../registry/tests/e2e/cache/main.test.bicep | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/avm/res/container-registry/registry/tests/e2e/cache/main.test.bicep b/avm/res/container-registry/registry/tests/e2e/cache/main.test.bicep index cbd5aa3a39..45d868c8d4 100644 --- a/avm/res/container-registry/registry/tests/e2e/cache/main.test.bicep +++ b/avm/res/container-registry/registry/tests/e2e/cache/main.test.bicep @@ -20,6 +20,9 @@ param serviceShort string = 'crrcach' @description('Optional. A token to inject into the name of each resource.') param namePrefix string = '#_namePrefix_#' +@description('Generated. Used as a basis for unique resource names.') +param baseTime string = utcNow('u') + // ============ // // Dependencies // // ============ // @@ -35,10 +38,10 @@ module nestedDependencies 'dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' params: { - // Adding base time to make the name unique as purge protection must be enabled (but may not be longer than 24 characters total) location: resourceLocation - keyVaultName: 'dep-${namePrefix}-kv-${serviceShort}' - managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}' + // Adding base time to make the name unique as purge protection must be enabled (but may not be longer than 24 characters total) + keyVaultName: 'dep-${namePrefix}-kv-${serviceShort}-${substring(uniqueString(baseTime), 0, 3)}' + managedIdentityName: 'dep-${namePrefix}-${resourceLocation}-msi-${serviceShort}' } } From c49924e971fb0ccaca9515621a7cb705bbed4596 Mon Sep 17 00:00:00 2001 From: Sidney Andrews Date: Wed, 20 Nov 2024 21:44:07 -0500 Subject: [PATCH 14/14] Fix credential set deployment --- avm/res/container-registry/registry/README.md | 51 +++++++++++++++---- .../tests/e2e/cache/dependencies.bicep | 16 ++---- .../registry/tests/e2e/cache/main.test.bicep | 21 +++++--- 3 files changed, 57 insertions(+), 31 deletions(-) diff --git a/avm/res/container-registry/registry/README.md b/avm/res/container-registry/registry/README.md index abad32e4e3..db195f7b92 100644 --- a/avm/res/container-registry/registry/README.md +++ b/avm/res/container-registry/registry/README.md @@ -85,14 +85,23 @@ module registry 'br/public:avm/res/container-registry/registry:' = { loginServer: 'docker.io' managedIdentities: { systemAssigned: true - userAssignedResourceIds: [ - '' - ] } name: 'docker-credential-set' } ] location: '' + managedIdentities: { + userAssignedResourceIds: [ + '' + ] + } + roleAssignments: [ + { + principalId: '' + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: '4633458b-17de-408a-b874-0445c86b69e6' + } + ] } } ``` @@ -147,10 +156,7 @@ module registry 'br/public:avm/res/container-registry/registry:' = { ], "loginServer": "docker.io", "managedIdentities": { - "systemAssigned": true, - "userAssignedResourceIds": [ - "" - ] + "systemAssigned": true }, "name": "docker-credential-set" } @@ -158,6 +164,22 @@ module registry 'br/public:avm/res/container-registry/registry:' = { }, "location": { "value": "" + }, + "managedIdentities": { + "value": { + "userAssignedResourceIds": [ + "" + ] + } + }, + "roleAssignments": { + "value": [ + { + "principalId": "", + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "4633458b-17de-408a-b874-0445c86b69e6" + } + ] } } } @@ -203,14 +225,23 @@ param credentialSets = [ loginServer: 'docker.io' managedIdentities: { systemAssigned: true - userAssignedResourceIds: [ - '' - ] } name: 'docker-credential-set' } ] param location = '' +param managedIdentities = { + userAssignedResourceIds: [ + '' + ] +} +param roleAssignments = [ + { + principalId: '' + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: '4633458b-17de-408a-b874-0445c86b69e6' + } +] ``` diff --git a/avm/res/container-registry/registry/tests/e2e/cache/dependencies.bicep b/avm/res/container-registry/registry/tests/e2e/cache/dependencies.bicep index a3323b9351..60257c5032 100644 --- a/avm/res/container-registry/registry/tests/e2e/cache/dependencies.bicep +++ b/avm/res/container-registry/registry/tests/e2e/cache/dependencies.bicep @@ -50,22 +50,12 @@ resource keyVaulSecretPwd 'Microsoft.KeyVault/vaults/secrets@2023-07-01' = { } } -resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = { - name: guid('msi-${location}-${managedIdentity.id}-KeyVaultSecretsUser-RoleAssignment') - scope: keyVault - properties: { - principalId: managedIdentity.properties.principalId - roleDefinitionId: subscriptionResourceId( - 'Microsoft.Authorization/roleDefinitions', - '4633458b-17de-408a-b874-0445c86b69e6' - ) // Key Vault Secrets User - principalType: 'ServicePrincipal' - } -} - @description('The managed identity resource ID.') output managedIdentityResourceId string = managedIdentity.id +@description('The managed identity principal ID.') +output managedIdentityPrincipalId string = managedIdentity.properties.principalId + @description('The username key vault secret URI.') output userNameSecretURI string = keyVaultSecretUserName.properties.secretUri diff --git a/avm/res/container-registry/registry/tests/e2e/cache/main.test.bicep b/avm/res/container-registry/registry/tests/e2e/cache/main.test.bicep index 45d868c8d4..704fb57526 100644 --- a/avm/res/container-registry/registry/tests/e2e/cache/main.test.bicep +++ b/avm/res/container-registry/registry/tests/e2e/cache/main.test.bicep @@ -20,9 +20,6 @@ param serviceShort string = 'crrcach' @description('Optional. A token to inject into the name of each resource.') param namePrefix string = '#_namePrefix_#' -@description('Generated. Used as a basis for unique resource names.') -param baseTime string = utcNow('u') - // ============ // // Dependencies // // ============ // @@ -39,8 +36,7 @@ module nestedDependencies 'dependencies.bicep' = { name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' params: { location: resourceLocation - // Adding base time to make the name unique as purge protection must be enabled (but may not be longer than 24 characters total) - keyVaultName: 'dep-${namePrefix}-kv-${serviceShort}-${substring(uniqueString(baseTime), 0, 3)}' + keyVaultName: 'dep-${namePrefix}-kv-${serviceShort}' managedIdentityName: 'dep-${namePrefix}-${resourceLocation}-msi-${serviceShort}' } } @@ -59,6 +55,18 @@ module testDeployment '../../../main.bicep' = [ location: resourceLocation acrAdminUserEnabled: false acrSku: 'Standard' + managedIdentities: { + userAssignedResourceIds: [ + nestedDependencies.outputs.managedIdentityResourceId + ] + } + roleAssignments: [ + { + principalId: nestedDependencies.outputs.managedIdentityPrincipalId + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: '4633458b-17de-408a-b874-0445c86b69e6' // Key Vault Secrets User + } + ] credentialSets: [ { name: 'docker-credential-set' @@ -72,9 +80,6 @@ module testDeployment '../../../main.bicep' = [ loginServer: 'docker.io' managedIdentities: { systemAssigned: true - userAssignedResourceIds: [ - nestedDependencies.outputs.managedIdentityResourceId - ] } } ]