From de31485b2899ec6e4c522f89410c45e28d50b34c Mon Sep 17 00:00:00 2001 From: Sidney Andrews Date: Sat, 25 Jan 2025 15:38:34 -0500 Subject: [PATCH] fix: update `avm/res/container-registry/registry` `cache-rule` to support unauthenticated repositories and wildcards (#3764) ## Description Updating the ACR module to allow for unauthenticated cache rules and wildcard repositories. Today, the module: - Errantly tries to include the asterisk from a wildcard repository in the name, causing a deployment failure - Errantly marks the `credentialSetResourceId` property as required when it's not required for some repositories like Microsoft Artifact Registry (`mcr.microsoft.com`) ### Changes - [x] Make `credentialSetResourceId` optional (nullable) - [x] Fix `name` parameter to replace wilcards in the `sourceRepository` parameter - [x] Run generation of readme files - [x] Update existing unit test to create a cache rule for MCR without an explicit name or credential set specified. - [x] Ran generation on all modules since Bicep no-longer requires `dependsOn` - This was required to get a successful build ### Resolves - [x] Fixes azure/bicep-registry-modules#3741 ## Pipeline Reference | Pipeline | | -------- | | [![avm.res.container-registry.registry](https://github.com/seesharprun/bicep-registry-modules/actions/workflows/avm.res.container-registry.registry.yml/badge.svg)](https://github.com/seesharprun/bicep-registry-modules/actions/workflows/avm.res.container-registry.registry.yml) | ## Type of Change - [ ] Update to CI Environment or utilities (Non-module affecting changes) - [x] Azure Verified Module updates: - [x] Bugfix containing backwards-compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in `version.json`: - [x] Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description. - [ ] The bug was found by the module author, and no one has opened an issue to report it yet. - [ ] Feature update backwards compatible feature updates, and I have bumped the MINOR version in `version.json`. - [ ] Breaking changes and I have bumped the MAJOR version in `version.json`. - [ ] Update to documentation ## Checklist - [x] I'm sure there are no other open Pull Requests for the same update/change - [x] I have run `Set-AVMModule` locally to generate the supporting module files. - [ ] My corresponding pipelines / checks run clean and green without any errors or warnings --------- Co-authored-by: Alexander Sehr --- avm/res/container-registry/registry/README.md | 171 +----------------- .../registry/cache-rule/README.md | 18 +- .../registry/cache-rule/main.bicep | 6 +- .../registry/cache-rule/main.json | 20 +- .../registry/credential-set/main.json | 2 +- .../container-registry/registry/main.bicep | 4 +- avm/res/container-registry/registry/main.json | 28 +-- .../registry/replication/main.json | 2 +- .../registry/scope-map/main.json | 2 +- .../tests/e2e/cache/dependencies.bicep | 94 ---------- .../registry/tests/e2e/cache/main.test.bicep | 85 --------- .../registry/webhook/main.json | 2 +- 12 files changed, 59 insertions(+), 375 deletions(-) delete mode 100644 avm/res/container-registry/registry/tests/e2e/cache/dependencies.bicep delete mode 100644 avm/res/container-registry/registry/tests/e2e/cache/main.test.bicep diff --git a/avm/res/container-registry/registry/README.md b/avm/res/container-registry/registry/README.md index f98e0090ae..57ec51b751 100644 --- a/avm/res/container-registry/registry/README.md +++ b/avm/res/container-registry/registry/README.md @@ -35,164 +35,13 @@ The following section provides usage examples for the module, which were used to >**Note**: To reference the module, please use the following syntax `br/public:avm/res/container-registry/registry:`. -- [Using cache rules](#example-1-using-cache-rules) -- [Using only defaults](#example-2-using-only-defaults) -- [Using encryption with Customer-Managed-Key](#example-3-using-encryption-with-customer-managed-key) -- [Using large parameter set](#example-4-using-large-parameter-set) -- [Using `scopeMaps` in parameter set](#example-5-using-scopemaps-in-parameter-set) -- [WAF-aligned](#example-6-waf-aligned) +- [Using only defaults](#example-1-using-only-defaults) +- [Using encryption with Customer-Managed-Key](#example-2-using-encryption-with-customer-managed-key) +- [Using large parameter set](#example-3-using-large-parameter-set) +- [Using `scopeMaps` in parameter set](#example-4-using-scopemaps-in-parameter-set) +- [WAF-aligned](#example-5-waf-aligned) -### Example 1: _Using cache rules_ - -This instance deploys the module with a credential set and a cache rule. - - -
- -via Bicep module - -```bicep -module registry 'br/public:avm/res/container-registry/registry:' = { - name: 'registryDeployment' - params: { - // Required parameters - name: '' - // Non-required parameters - acrAdminUserEnabled: false - acrSku: 'Standard' - cacheRules: [ - { - credentialSetResourceId: '' - name: 'customRule' - sourceRepository: 'docker.io/library/hello-world' - targetRepository: 'cached-docker-hub/hello-world' - } - ] - credentialSets: [ - { - authCredentials: [ - { - name: 'Credential1' - passwordSecretIdentifier: '' - usernameSecretIdentifier: '' - } - ] - loginServer: 'docker.io' - managedIdentities: { - systemAssigned: true - } - name: 'default' - } - ] - location: '' - } -} -``` - -
-

- -

- -via JSON parameters file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "" - }, - // Non-required parameters - "acrAdminUserEnabled": { - "value": false - }, - "acrSku": { - "value": "Standard" - }, - "cacheRules": { - "value": [ - { - "credentialSetResourceId": "", - "name": "customRule", - "sourceRepository": "docker.io/library/hello-world", - "targetRepository": "cached-docker-hub/hello-world" - } - ] - }, - "credentialSets": { - "value": [ - { - "authCredentials": [ - { - "name": "Credential1", - "passwordSecretIdentifier": "", - "usernameSecretIdentifier": "" - } - ], - "loginServer": "docker.io", - "managedIdentities": { - "systemAssigned": true - }, - "name": "default" - } - ] - }, - "location": { - "value": "" - } - } -} -``` - -
-

- -

- -via Bicep parameters file - -```bicep-params -using 'br/public:avm/res/container-registry/registry:' - -// Required parameters -param name = '' -// Non-required parameters -param acrAdminUserEnabled = false -param acrSku = 'Standard' -param cacheRules = [ - { - credentialSetResourceId: '' - name: 'customRule' - sourceRepository: 'docker.io/library/hello-world' - targetRepository: 'cached-docker-hub/hello-world' - } -] -param credentialSets = [ - { - authCredentials: [ - { - name: 'Credential1' - passwordSecretIdentifier: '' - usernameSecretIdentifier: '' - } - ] - loginServer: 'docker.io' - managedIdentities: { - systemAssigned: true - } - name: 'default' - } -] -param location = '' -``` - -
-

- -### Example 2: _Using only defaults_ +### Example 1: _Using only defaults_ This instance deploys the module with the minimum set of required parameters. @@ -261,7 +110,7 @@ param location = ''

-### Example 3: _Using encryption with Customer-Managed-Key_ +### Example 2: _Using encryption with Customer-Managed-Key_ This instance deploys the module using Customer-Managed-Keys using a User-Assigned Identity to access the Customer-Managed-Key secret. @@ -369,7 +218,7 @@ param publicNetworkAccess = 'Disabled'

-### Example 4: _Using large parameter set_ +### Example 3: _Using large parameter set_ This instance deploys the module with most of its features enabled. @@ -770,7 +619,7 @@ param webhooks = [

-### Example 5: _Using `scopeMaps` in parameter set_ +### Example 4: _Using `scopeMaps` in parameter set_ This instance deploys the module with the scopeMaps feature. @@ -868,7 +717,7 @@ param scopeMaps = [

-### Example 6: _WAF-aligned_ +### Example 5: _WAF-aligned_ This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework. diff --git a/avm/res/container-registry/registry/cache-rule/README.md b/avm/res/container-registry/registry/cache-rule/README.md index ece29b6c2a..28cf73106a 100644 --- a/avm/res/container-registry/registry/cache-rule/README.md +++ b/avm/res/container-registry/registry/cache-rule/README.md @@ -20,7 +20,6 @@ Cache for Azure Container Registry (Preview) feature allows users to cache conta | Parameter | Type | Description | | :-- | :-- | :-- | -| [`credentialSetResourceId`](#parameter-credentialsetresourceid) | string | The resource ID of the credential store which is associated with the cache rule. | | [`registryName`](#parameter-registryname) | string | The name of the parent registry. Required if the template is used in a standalone deployment. | | [`sourceRepository`](#parameter-sourcerepository) | string | Source repository pulled from upstream. | @@ -28,16 +27,10 @@ Cache for Azure Container Registry (Preview) feature allows users to cache conta | Parameter | Type | Description | | :-- | :-- | :-- | +| [`credentialSetResourceId`](#parameter-credentialsetresourceid) | string | The resource ID of the credential store which is associated with the cache rule. | | [`name`](#parameter-name) | string | The name of the cache rule. Will be derived from the source repository name if not defined. | | [`targetRepository`](#parameter-targetrepository) | string | Target repository specified in docker pull command. E.g.: docker pull myregistry.azurecr.io/{targetRepository}:{tag}. | -### Parameter: `credentialSetResourceId` - -The resource ID of the credential store which is associated with the cache rule. - -- Required: Yes -- Type: string - ### Parameter: `registryName` The name of the parent registry. Required if the template is used in a standalone deployment. @@ -52,13 +45,20 @@ Source repository pulled from upstream. - Required: Yes - Type: string +### Parameter: `credentialSetResourceId` + +The resource ID of the credential store which is associated with the cache rule. + +- Required: No +- Type: string + ### Parameter: `name` The name of the cache rule. Will be derived from the source repository name if not defined. - Required: No - Type: string -- Default: `[replace(replace(parameters('sourceRepository'), '/', '-'), '.', '-')]` +- Default: `[replace(replace(replace(parameters('sourceRepository'), '/', '-'), '.', '-'), '*', '')]` ### Parameter: `targetRepository` diff --git a/avm/res/container-registry/registry/cache-rule/main.bicep b/avm/res/container-registry/registry/cache-rule/main.bicep index 6cdd8b6340..8b42b36da5 100644 --- a/avm/res/container-registry/registry/cache-rule/main.bicep +++ b/avm/res/container-registry/registry/cache-rule/main.bicep @@ -5,7 +5,7 @@ metadata description = 'Cache for Azure Container Registry (Preview) feature all param registryName string @description('Optional. The name of the cache rule. Will be derived from the source repository name if not defined.') -param name string = replace(replace(sourceRepository, '/', '-'), '.', '-') +param name string = replace(replace(replace(sourceRepository, '/', '-'), '.', '-'), '*', '') @description('Required. Source repository pulled from upstream.') param sourceRepository string @@ -13,8 +13,8 @@ param sourceRepository string @description('Optional. Target repository specified in docker pull command. E.g.: docker pull myregistry.azurecr.io/{targetRepository}:{tag}.') param targetRepository string = sourceRepository -@description('Required. The resource ID of the credential store which is associated with the cache rule.') -param credentialSetResourceId string +@description('Optional. The resource ID of the credential store which is associated with the cache rule.') +param credentialSetResourceId string? resource registry 'Microsoft.ContainerRegistry/registries@2023-06-01-preview' existing = { name: registryName diff --git a/avm/res/container-registry/registry/cache-rule/main.json b/avm/res/container-registry/registry/cache-rule/main.json index 7e7269234d..ba47f9da31 100644 --- a/avm/res/container-registry/registry/cache-rule/main.json +++ b/avm/res/container-registry/registry/cache-rule/main.json @@ -1,11 +1,12 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.32.4.45862", - "templateHash": "10741185719400519703" + "templateHash": "10966757769768845548" }, "name": "Container Registries Cache", "description": "Cache for Azure Container Registry (Preview) feature allows users to cache container images in a private container registry. Cache for ACR, is a preview feature available in Basic, Standard, and Premium service tiers ([ref](https://learn.microsoft.com/en-us/azure/container-registry/tutorial-registry-cache))." @@ -19,7 +20,7 @@ }, "name": { "type": "string", - "defaultValue": "[replace(replace(parameters('sourceRepository'), '/', '-'), '.', '-')]", + "defaultValue": "[replace(replace(replace(parameters('sourceRepository'), '/', '-'), '.', '-'), '*', '')]", "metadata": { "description": "Optional. The name of the cache rule. Will be derived from the source repository name if not defined." } @@ -39,13 +40,20 @@ }, "credentialSetResourceId": { "type": "string", + "nullable": true, "metadata": { - "description": "Required. The resource ID of the credential store which is associated with the cache rule." + "description": "Optional. The resource ID of the credential store which is associated with the cache rule." } } }, - "resources": [ - { + "resources": { + "registry": { + "existing": true, + "type": "Microsoft.ContainerRegistry/registries", + "apiVersion": "2023-06-01-preview", + "name": "[parameters('registryName')]" + }, + "cacheRule": { "type": "Microsoft.ContainerRegistry/registries/cacheRules", "apiVersion": "2023-06-01-preview", "name": "[format('{0}/{1}', parameters('registryName'), parameters('name'))]", @@ -55,7 +63,7 @@ "credentialSetResourceId": "[parameters('credentialSetResourceId')]" } } - ], + }, "outputs": { "name": { "type": "string", diff --git a/avm/res/container-registry/registry/credential-set/main.json b/avm/res/container-registry/registry/credential-set/main.json index 1483471d74..3ab481f10d 100644 --- a/avm/res/container-registry/registry/credential-set/main.json +++ b/avm/res/container-registry/registry/credential-set/main.json @@ -134,4 +134,4 @@ "value": "[coalesce(tryGet(tryGet(reference('credentialSet', '2023-11-01-preview', 'full'), 'identity'), 'principalId'), '')]" } } -} \ No newline at end of file +} diff --git a/avm/res/container-registry/registry/main.bicep b/avm/res/container-registry/registry/main.bicep index 38e7dd13ba..57ed9cacc9 100644 --- a/avm/res/container-registry/registry/main.bicep +++ b/avm/res/container-registry/registry/main.bicep @@ -361,9 +361,9 @@ module registry_cacheRules 'cache-rule/main.bicep' = [ params: { registryName: registry.name sourceRepository: cacheRule.sourceRepository - name: cacheRule.?name ?? replace(replace(cacheRule.sourceRepository, '/', '-'), '.', '-') + name: cacheRule.?name ?? replace(replace(replace(cacheRule.sourceRepository, '/', '-'), '.', '-'), '*', '') targetRepository: cacheRule.?targetRepository ?? cacheRule.sourceRepository - credentialSetResourceId: cacheRule.?credentialSetResourceId + credentialSetResourceId: !empty(cacheRule.?credentialSetResourceId) ? cacheRule.?credentialSetResourceId : null // Must only be set if condition is set } dependsOn: [ registry_credentialSets diff --git a/avm/res/container-registry/registry/main.json b/avm/res/container-registry/registry/main.json index 62a0a00fb8..ccb9caef7c 100644 --- a/avm/res/container-registry/registry/main.json +++ b/avm/res/container-registry/registry/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.32.4.45862", - "templateHash": "12745095220727956738" + "templateHash": "5661232986574806877" }, "name": "Azure Container Registries (ACR)", "description": "This module deploys an Azure Container Registry (ACR)." @@ -1522,23 +1522,22 @@ "value": "[coalesce(parameters('cacheRules'), createArray())[copyIndex()].sourceRepository]" }, "name": { - "value": "[coalesce(tryGet(coalesce(parameters('cacheRules'), createArray())[copyIndex()], 'name'), replace(replace(coalesce(parameters('cacheRules'), createArray())[copyIndex()].sourceRepository, '/', '-'), '.', '-'))]" + "value": "[coalesce(tryGet(coalesce(parameters('cacheRules'), createArray())[copyIndex()], 'name'), replace(replace(replace(coalesce(parameters('cacheRules'), createArray())[copyIndex()].sourceRepository, '/', '-'), '.', '-'), '*', ''))]" }, "targetRepository": { "value": "[coalesce(tryGet(coalesce(parameters('cacheRules'), createArray())[copyIndex()], 'targetRepository'), coalesce(parameters('cacheRules'), createArray())[copyIndex()].sourceRepository)]" }, - "credentialSetResourceId": { - "value": "[tryGet(coalesce(parameters('cacheRules'), createArray())[copyIndex()], 'credentialSetResourceId')]" - } + "credentialSetResourceId": "[if(not(empty(tryGet(coalesce(parameters('cacheRules'), createArray())[copyIndex()], 'credentialSetResourceId'))), createObject('value', tryGet(coalesce(parameters('cacheRules'), createArray())[copyIndex()], 'credentialSetResourceId')), createObject('value', null()))]" }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.32.4.45862", - "templateHash": "10741185719400519703" + "templateHash": "10966757769768845548" }, "name": "Container Registries Cache", "description": "Cache for Azure Container Registry (Preview) feature allows users to cache container images in a private container registry. Cache for ACR, is a preview feature available in Basic, Standard, and Premium service tiers ([ref](https://learn.microsoft.com/en-us/azure/container-registry/tutorial-registry-cache))." @@ -1552,7 +1551,7 @@ }, "name": { "type": "string", - "defaultValue": "[replace(replace(parameters('sourceRepository'), '/', '-'), '.', '-')]", + "defaultValue": "[replace(replace(replace(parameters('sourceRepository'), '/', '-'), '.', '-'), '*', '')]", "metadata": { "description": "Optional. The name of the cache rule. Will be derived from the source repository name if not defined." } @@ -1572,13 +1571,20 @@ }, "credentialSetResourceId": { "type": "string", + "nullable": true, "metadata": { - "description": "Required. The resource ID of the credential store which is associated with the cache rule." + "description": "Optional. The resource ID of the credential store which is associated with the cache rule." } } }, - "resources": [ - { + "resources": { + "registry": { + "existing": true, + "type": "Microsoft.ContainerRegistry/registries", + "apiVersion": "2023-06-01-preview", + "name": "[parameters('registryName')]" + }, + "cacheRule": { "type": "Microsoft.ContainerRegistry/registries/cacheRules", "apiVersion": "2023-06-01-preview", "name": "[format('{0}/{1}', parameters('registryName'), parameters('name'))]", @@ -1588,7 +1594,7 @@ "credentialSetResourceId": "[parameters('credentialSetResourceId')]" } } - ], + }, "outputs": { "name": { "type": "string", diff --git a/avm/res/container-registry/registry/replication/main.json b/avm/res/container-registry/registry/replication/main.json index 4a7aac2eee..9f501e9287 100644 --- a/avm/res/container-registry/registry/replication/main.json +++ b/avm/res/container-registry/registry/replication/main.json @@ -106,4 +106,4 @@ "value": "[reference('replication', '2023-06-01-preview', 'full').location]" } } -} \ No newline at end of file +} diff --git a/avm/res/container-registry/registry/scope-map/main.json b/avm/res/container-registry/registry/scope-map/main.json index 4ff03f742c..a8966cb5b1 100644 --- a/avm/res/container-registry/registry/scope-map/main.json +++ b/avm/res/container-registry/registry/scope-map/main.json @@ -82,4 +82,4 @@ "value": "[resourceId('Microsoft.ContainerRegistry/registries/scopeMaps', parameters('registryName'), parameters('name'))]" } } -} \ No newline at end of file +} diff --git a/avm/res/container-registry/registry/tests/e2e/cache/dependencies.bicep b/avm/res/container-registry/registry/tests/e2e/cache/dependencies.bicep deleted file mode 100644 index bd4992a7ad..0000000000 --- a/avm/res/container-registry/registry/tests/e2e/cache/dependencies.bicep +++ /dev/null @@ -1,94 +0,0 @@ -@description('Optional. The location to deploy resources to.') -param location string = resourceGroup().location - -@description('Required. The name of the Azure Container Registry to pre-create before the actual test.') -param acrName string - -@description('Required. The name of the Key Vault referenced by the ACR Credential Set.') -param keyVaultName string - -@description('Optional. UserName secret used by the ACR Credential Set deployment. The value is a GUID.') -@secure() -param userNameSecret string = newGuid() - -@description('Optional. Password secret used by the ACR Credential Set deployment. The value is a GUID.') -@secure() -param passwordSecret string = newGuid() - -resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' = { - name: keyVaultName - location: location - properties: { - sku: { - family: 'A' - name: 'standard' - } - tenantId: subscription().tenantId - publicNetworkAccess: 'Enabled' - enableRbacAuthorization: true - } - - resource userName 'secrets@2023-07-01' = { - name: 'UserName' - properties: { - value: userNameSecret - } - } - - resource password 'secrets@2023-07-01' = { - name: 'Password' - properties: { - value: passwordSecret - } - } -} - -resource acr 'Microsoft.ContainerRegistry/registries@2023-11-01-preview' = { - name: acrName - location: location - sku: { - name: 'Standard' - } - - resource credentialSet 'credentialSets@2023-11-01-preview' = { - name: 'default' - identity: { - type: 'SystemAssigned' - } - properties: { - authCredentials: [ - { - name: 'Credential1' - usernameSecretIdentifier: keyVault::userName.properties.secretUri - passwordSecretIdentifier: keyVault::password.properties.secretUri - } - ] - loginServer: 'docker.io' - } - } -} - -resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = { - name: guid('msi-${acr::credentialSet.name}-KeyVaultSecretUser-RoleAssignment') - scope: keyVault - properties: { - principalId: acr::credentialSet.identity.principalId - roleDefinitionId: subscriptionResourceId( - 'Microsoft.Authorization/roleDefinitions', - '4633458b-17de-408a-b874-0445c86b69e6' - ) // Key Vault Secrets User - principalType: 'ServicePrincipal' - } -} - -@description('The username key vault secret URI.') -output userNameSecretURI string = keyVault::userName.properties.secretUri - -@description('The password key vault secret URI.') -output pwdSecretURI string = keyVault::password.properties.secretUri - -@description('The name of the Azure Container Registry.') -output acrName string = acr.name - -@description('The resource ID of the Azure Container Registry Credential Set.') -output acrCredentialSetResourceId string = acr::credentialSet.id diff --git a/avm/res/container-registry/registry/tests/e2e/cache/main.test.bicep b/avm/res/container-registry/registry/tests/e2e/cache/main.test.bicep deleted file mode 100644 index c19abf87f1..0000000000 --- a/avm/res/container-registry/registry/tests/e2e/cache/main.test.bicep +++ /dev/null @@ -1,85 +0,0 @@ -targetScope = 'subscription' - -metadata name = 'Using cache rules' -metadata description = 'This instance deploys the module with a credential set and a cache rule.' - -// ========== // -// Parameters // -// ========== // - -@description('Optional. The name of the resource group to deploy for testing purposes.') -@maxLength(90) -param resourceGroupName string = 'dep-${namePrefix}-containerregistry.registries-${serviceShort}-rg' - -@description('Optional. The location to deploy resources to.') -param resourceLocation string = deployment().location - -@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -param serviceShort string = 'crrcach' - -@description('Optional. A token to inject into the name of each resource.') -param namePrefix string = '#_namePrefix_#' - -// ============ // -// Dependencies // -// ============ // - -// General resources -// ================= -resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { - name: resourceGroupName - location: resourceLocation -} - -module nestedDependencies 'dependencies.bicep' = { - scope: resourceGroup - name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' - params: { - // Adding base time to make the name unique as purge protection must be enabled (but may not be longer than 24 characters total) - location: resourceLocation - keyVaultName: 'dep-${namePrefix}-kv-${serviceShort}' - acrName: '${namePrefix}${serviceShort}001' - } -} - -// ============== // -// Test Execution // -// ============== // - -@batchSize(1) -module testDeployment '../../../main.bicep' = [ - for iteration in ['init', 'idem']: { - scope: resourceGroup - name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' - params: { - name: nestedDependencies.outputs.acrName - location: resourceLocation - acrAdminUserEnabled: false - acrSku: 'Standard' - credentialSets: [ - { - name: 'default' - managedIdentities: { - systemAssigned: true - } - authCredentials: [ - { - name: 'Credential1' - usernameSecretIdentifier: nestedDependencies.outputs.userNameSecretURI - passwordSecretIdentifier: nestedDependencies.outputs.pwdSecretURI - } - ] - loginServer: 'docker.io' - } - ] - cacheRules: [ - { - name: 'customRule' - sourceRepository: 'docker.io/library/hello-world' - targetRepository: 'cached-docker-hub/hello-world' - credentialSetResourceId: nestedDependencies.outputs.acrCredentialSetResourceId - } - ] - } - } -] diff --git a/avm/res/container-registry/registry/webhook/main.json b/avm/res/container-registry/registry/webhook/main.json index 36fe27a07b..63b3b4bf1f 100644 --- a/avm/res/container-registry/registry/webhook/main.json +++ b/avm/res/container-registry/registry/webhook/main.json @@ -159,4 +159,4 @@ "value": "[reference('webhook', '2023-06-01-preview', 'full').location]" } } -} \ No newline at end of file +}