0

我想使用 Pulumi 复制以下 PowerShell 脚本。

# Create Service Principle

$myRegistryId = $(az acr show --name $myRegistryName --query id --output json)
$mySp = `
    $(az ad sp create-for-rbac `
  --name "http://$myRegistryName-pull" `
  --scopes $myRegistryId `
  --role acrpull)

 $mySpAppId = $($mySp | ConvertFrom-Json).appId
 $mySpPassword = $($mySp | ConvertFrom-Json).password

我的代码

  const string acrPullRoleDefinitionId =
    "/subscriptions/63bda4c1-5028-4540-8cda-0f5b059bacb3/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c";  // had to manually copy this from az command how can we get this by name?


 #region Registry
    name = $"mycontainerregistry";

    var registry =
      new Registry
      (
        name: name,
        new RegistryArgs
        {
          RegistryName = name,
          ResourceGroupName = resourceGroup.Name,
          Sku = new Pulumi.AzureNative.ContainerRegistry.Inputs.SkuArgs
          {
            Name = Pulumi.AzureNative.ContainerRegistry.SkuName.Standard
          },
          AdminUserEnabled = true,
          Policies = new PoliciesArgs
          {
            QuarantinePolicy = new QuarantinePolicyArgs
            {
              Status = PolicyStatus.Disabled
            },
            RetentionPolicy = new RetentionPolicyArgs
            {
              Status = PolicyStatus.Disabled,
              Days = 7
            },
            TrustPolicy = new TrustPolicyArgs
            {
              Type = TrustPolicyType.Notary,
              Status = PolicyStatus.Disabled
            }
          }
        }
      );


    #endregion

    #region Service Principal for Registry Pull 
    // Create a service principal to pull images out of the infrastructure container registry.
    // Store the SP username/appId and password in the key vault


    name = "mycontainerregistry-pull";

    var servicePrincipal =
       new ServicePrincipal
       (
         name,
         new ServicePrincipalArgs
         {
           ApplicationId = registry.xxx // <== How do I get the associated application ID of the registry?
         }
       );

    #endregion

    #region Add Role Assignment
    var roleAssignment =
     new Pulumi.AzureNative.Authorization.RoleAssignment
     (
       "acrPullRoleAssignment", 
       new Pulumi.AzureNative.Authorization.RoleAssignmentArgs
       {
         PrincipalId = servicePrincipal.ApplicationId!,
         PrincipalType = Pulumi.AzureNative.Authorization.PrincipalType.ServicePrincipal,
         RoleDefinitionId = acrPullRoleDefinitionId,
         Scope = registry.Id,
       }
     );
    #endregion
4

0 回答 0