What is the problem you're trying to solve
Creating a task, with an identity, with a role is a very tedious, multi-step process
To streamline this, we should support assigning a role at the time of creation.
az acr task create \
--name import-node \
--registry contosobaseimages \
-f ./task.yaml \
--context /dev/null \
--assign-identity
- Get the principal ID, saving in vars, running a 4th command to configure
Worse, is if you ever re-create or update the task, the below commands will need to be re-run, and likely get forgotten by users, until they remember the pain of not resetting
principalID=$(az acr task show --name import-node --registry contosobaseimages --query identity.principalId --output tsv)
registryID=$(az acr show --name contosobaseimages --query id --output tsv)
az role assignment create --assignee $principalID --scope $registryID --role contributor
Describe the solution you'd like
az acr task credential add \
--name import-node \
--registry contosobaseimages \
--login-server targetregistry.azurecr.io \
--use-identity acrpush
What is the problem you're trying to solve
Creating a task, with an identity, with a role is a very tedious, multi-step process
To streamline this, we should support assigning a role at the time of creation.
az acr task create \ --name import-node \ --registry contosobaseimages \ -f ./task.yaml \ --context /dev/null \ --assign-identityWorse, is if you ever re-create or update the task, the below commands will need to be re-run, and likely get forgotten by users, until they remember the pain of not resetting
Describe the solution you'd like
az acr task credential add \ --name import-node \ --registry contosobaseimages \ --login-server targetregistry.azurecr.io \ --use-identity acrpush