Azure · seesharprun · Nov 11, 2024 · Nov 11, 2024 · Nov 11, 2024 · Nov 11, 2024
@@ -56,17 +56,22 @@ module registry 'br/public:avm/res/container-registry/registry:<version>' = {
   name: 'registryDeployment'
   params: {
     // Required parameters
-    name: '<name>'
+    name: 'crrcach001'
     // Non-required parameters
     acrAdminUserEnabled: false
     acrSku: 'Standard'
     cacheRules: [
       {
         credentialSetResourceId: '<credentialSetResourceId>'
-        name: 'customRule'
+        name: 'docker-rule-with-credentials'
         sourceRepository: 'docker.io/library/hello-world'
         targetRepository: 'cached-docker-hub/hello-world'
       }
+      {
+        name: 'mcr-rule-anonymous'
+        sourceRepository: 'mcr.microsoft.com/*'
+        targetRepository: 'cached-mcr/*'
+      }
     ]
     credentialSets: [
       {
@@ -81,10 +86,22 @@ module registry 'br/public:avm/res/container-registry/registry:<version>' = {
         managedIdentities: {
           systemAssigned: true
         }
-        name: 'default'
+        name: 'docker-credential-set'
       }
     ]
     location: '<location>'
+    managedIdentities: {
+      userAssignedResourceIds: [
+        '<managedIdentityResourceId>'
+      ]
+    }
+    roleAssignments: [
+      {
+        principalId: '<principalId>'
+        principalType: 'ServicePrincipal'
+        roleDefinitionIdOrName: '4633458b-17de-408a-b874-0445c86b69e6'
+      }
+    ]
   }
 }
 ```
@@ -103,7 +120,7 @@ module registry 'br/public:avm/res/container-registry/registry:<version>' = {
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<name>"
+      "value": "crrcach001"
     },
     // Non-required parameters
     "acrAdminUserEnabled": {
@@ -116,9 +133,14 @@ module registry 'br/public:avm/res/container-registry/registry:<version>' = {
       "value": [
         {
           "credentialSetResourceId": "<credentialSetResourceId>",
-          "name": "customRule",
+          "name": "docker-rule-with-credentials",
           "sourceRepository": "docker.io/library/hello-world",
           "targetRepository": "cached-docker-hub/hello-world"
+        },
+        {
+          "name": "mcr-rule-anonymous",
+          "sourceRepository": "mcr.microsoft.com/*",
+          "targetRepository": "cached-mcr/*"
         }
       ]
     },
@@ -136,12 +158,28 @@ module registry 'br/public:avm/res/container-registry/registry:<version>' = {
           "managedIdentities": {
             "systemAssigned": true
           },
-          "name": "default"
+          "name": "docker-credential-set"
         }
       ]
     },
     "location": {
       "value": "<location>"
+    },
+    "managedIdentities": {
+      "value": {
+        "userAssignedResourceIds": [
+          "<managedIdentityResourceId>"
+        ]
+      }
+    },
+    "roleAssignments": {
+      "value": [
+        {
+          "principalId": "<principalId>",
+          "principalType": "ServicePrincipal",
+          "roleDefinitionIdOrName": "4633458b-17de-408a-b874-0445c86b69e6"
+        }
+      ]
     }
   }
 }
@@ -158,17 +196,22 @@ module registry 'br/public:avm/res/container-registry/registry:<version>' = {
 using 'br/public:avm/res/container-registry/registry:<version>'
 
 // Required parameters
-param name = '<name>'
+param name = 'crrcach001'
 // Non-required parameters
 param acrAdminUserEnabled = false
 param acrSku = 'Standard'
 param cacheRules = [
   {
     credentialSetResourceId: '<credentialSetResourceId>'
-    name: 'customRule'
+    name: 'docker-rule-with-credentials'
     sourceRepository: 'docker.io/library/hello-world'
     targetRepository: 'cached-docker-hub/hello-world'
   }
+  {
+    name: 'mcr-rule-anonymous'
+    sourceRepository: 'mcr.microsoft.com/*'
+    targetRepository: 'cached-mcr/*'
+  }
 ]
 param credentialSets = [
   {
@@ -183,10 +226,22 @@ param credentialSets = [
     managedIdentities: {
       systemAssigned: true
     }
-    name: 'default'
+    name: 'docker-credential-set'
   }
 ]
 param location = '<location>'
+param managedIdentities = {
+  userAssignedResourceIds: [
+    '<managedIdentityResourceId>'
+  ]
+}
+param roleAssignments = [
+  {
+    principalId: '<principalId>'
+    principalType: 'ServicePrincipal'
+    roleDefinitionIdOrName: '4633458b-17de-408a-b874-0445c86b69e6'
+  }
+]
 ```
 
 </details>

@@ -20,24 +20,17 @@ Cache for Azure Container Registry (Preview) feature allows users to cache conta
 
 | Parameter | Type | Description |
 | :-- | :-- | :-- |
-| [`credentialSetResourceId`](#parameter-credentialsetresourceid) | string | The resource ID of the credential store which is associated with the cache rule. |
 | [`registryName`](#parameter-registryname) | string | The name of the parent registry. Required if the template is used in a standalone deployment. |
 | [`sourceRepository`](#parameter-sourcerepository) | string | Source repository pulled from upstream. |
 
 **Optional parameters**
 
 | Parameter | Type | Description |
 | :-- | :-- | :-- |
+| [`credentialSetResourceId`](#parameter-credentialsetresourceid) | string | The resource ID of the credential store which is associated with the cache rule. |
 | [`name`](#parameter-name) | string | The name of the cache rule. Will be derived from the source repository name if not defined. |
 | [`targetRepository`](#parameter-targetrepository) | string | Target repository specified in docker pull command. E.g.: docker pull myregistry.azurecr.io/{targetRepository}:{tag}. |
 
-### Parameter: `credentialSetResourceId`
-
-The resource ID of the credential store which is associated with the cache rule.
-
-- Required: Yes
-- Type: string
-
 ### Parameter: `registryName`
 
 The name of the parent registry. Required if the template is used in a standalone deployment.
@@ -52,13 +45,20 @@ Source repository pulled from upstream.
 - Required: Yes
 - Type: string
 
+### Parameter: `credentialSetResourceId`
+
+The resource ID of the credential store which is associated with the cache rule.
+
+- Required: No
+- Type: string
+
 ### Parameter: `name`
 
 The name of the cache rule. Will be derived from the source repository name if not defined.
 
 - Required: No
 - Type: string
-- Default: `[replace(replace(parameters('sourceRepository'), '/', '-'), '.', '-')]`
+- Default: `[replace(replace(replace(parameters('sourceRepository'), '/', '-'), '.', '-'), '*', '')]`
 
 ### Parameter: `targetRepository`
 

@@ -6,16 +6,16 @@ metadata owner = 'Azure/module-maintainers'
 param registryName string
 
 @description('Optional. The name of the cache rule. Will be derived from the source repository name if not defined.')
-param name string = replace(replace(sourceRepository, '/', '-'), '.', '-')
+param name string = replace(replace(replace(sourceRepository, '/', '-'), '.', '-'), '*', '')
 
 @description('Required. Source repository pulled from upstream.')
 param sourceRepository string
 
 @description('Optional. Target repository specified in docker pull command. E.g.: docker pull myregistry.azurecr.io/{targetRepository}:{tag}.')
 param targetRepository string = sourceRepository
 
-@description('Required. The resource ID of the credential store which is associated with the cache rule.')
-param credentialSetResourceId string
+@description('Optional. The resource ID of the credential store which is associated with the cache rule.')
+param credentialSetResourceId string?
 
 resource registry 'Microsoft.ContainerRegistry/registries@2023-06-01-preview' existing = {
   name: registryName

@@ -1,11 +1,12 @@
 {
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "languageVersion": "2.0",
   "contentVersion": "1.0.0.0",
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.30.3.12046",
-      "templateHash": "17205938486061573561"
+      "version": "0.31.92.45157",
+      "templateHash": "17904436773568970815"
     },
     "name": "Container Registries Cache",
     "description": "Cache for Azure Container Registry (Preview) feature allows users to cache container images in a private container registry. Cache for ACR, is a preview feature available in Basic, Standard, and Premium service tiers ([ref](https://learn.microsoft.com/en-us/azure/container-registry/tutorial-registry-cache)).",
@@ -20,7 +21,7 @@
     },
     "name": {
       "type": "string",
-      "defaultValue": "[replace(replace(parameters('sourceRepository'), '/', '-'), '.', '-')]",
+      "defaultValue": "[replace(replace(replace(parameters('sourceRepository'), '/', '-'), '.', '-'), '*', '')]",
       "metadata": {
         "description": "Optional. The name of the cache rule. Will be derived from the source repository name if not defined."
       }
@@ -40,23 +41,33 @@
     },
     "credentialSetResourceId": {
       "type": "string",
+      "nullable": true,
       "metadata": {
-        "description": "Required. The resource ID of the credential store which is associated with the cache rule."
+        "description": "Optional. The resource ID of the credential store which is associated with the cache rule."
       }
     }
   },
-  "resources": [
-    {
+  "resources": {
+    "registry": {
+      "existing": true,
+      "type": "Microsoft.ContainerRegistry/registries",
+      "apiVersion": "2023-06-01-preview",
+      "name": "[parameters('registryName')]"
+    },
+    "cacheRule": {
       "type": "Microsoft.ContainerRegistry/registries/cacheRules",
       "apiVersion": "2023-06-01-preview",
       "name": "[format('{0}/{1}', parameters('registryName'), parameters('name'))]",
       "properties": {
         "sourceRepository": "[parameters('sourceRepository')]",
         "targetRepository": "[parameters('targetRepository')]",
         "credentialSetResourceId": "[parameters('credentialSetResourceId')]"
-      }
+      },
+      "dependsOn": [
+        "registry"
+      ]
     }
-  ],
+  },
   "outputs": {
     "name": {
       "type": "string",

@@ -5,8 +5,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.30.3.12046",
-      "templateHash": "13281764602355848660"
+      "version": "0.31.92.45157",
+      "templateHash": "6279725946439884689"
     },
     "name": "Container Registries Credential Sets",
     "description": "This module deploys an ACR Credential Set.",

@@ -354,9 +354,9 @@ module registry_cacheRules 'cache-rule/main.bicep' = [
     params: {
       registryName: registry.name
       sourceRepository: cacheRule.sourceRepository
-      name: cacheRule.?name ?? replace(replace(cacheRule.sourceRepository, '/', '-'), '.', '-')
+      name: cacheRule.?name ?? replace(replace(replace(cacheRule.sourceRepository, '/', '-'), '.', '-'), '*', '')
       targetRepository: cacheRule.?targetRepository ?? cacheRule.sourceRepository
-      credentialSetResourceId: cacheRule.?credentialSetResourceId
+      credentialSetResourceId: !empty(cacheRule.?credentialSetResourceId) ? cacheRule.?credentialSetResourceId : null // Must only be set if condition is set
     }
     dependsOn: [
       registry_credentialSets