Skip to content

Comments

Add managed identity support for connecting to container registries#745

Merged
MicroFish91 merged 23 commits intomainfrom
mwf/cr-iii
Oct 4, 2024
Merged

Add managed identity support for connecting to container registries#745
MicroFish91 merged 23 commits intomainfrom
mwf/cr-iii

Conversation

@MicroFish91
Copy link
Contributor

@MicroFish91 MicroFish91 commented Sep 17, 2024
edited
Loading

Addresses Part 1 of #719

Example

A few additional notes:

  • I forgot to remove some files/functions in my previous PR... I noticed and removed them here.
  • I have not yet updated deployWorkspaceProjectApi... I will add that change in a follow-up PR. Those API changes will impact the Containerized Functions feature

Implementation:

  • Enable system assigned identity on the managed environment level
  • Assign acr pull access to the managed environment identity
  • Set the container registry as a system-environment registry credential on the container app envelope. This will tell the service to use the permission level assigned to the managed environment. This permission level gets passed down to the child container app.

@MicroFish91 MicroFish91 changed the base branch from main to mwf/cr-ii September 17, 2024 19:47
@MicroFish91 MicroFish91 marked this pull request as ready for review September 18, 2024 01:51
@MicroFish91 MicroFish91 requested a review from a team as a code owner September 18, 2024 01:51
Base automatically changed from mwf/cr-ii to main September 30, 2024 17:18
nturinski
nturinski approved these changes Oct 3, 2024
View reviewed changes
Copy link
Member

@nturinski nturinski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall, everything looks good to me. Just small comments/nits, but I don't want to block progress based on that.

src/commands/registryCredentials/RegistryCredentialsAddConfigurationListStep.ts
// data: RegistryCredentialType.SystemAssigned,
// });
picks.push({
label: 'Managed Identity',
Copy link
Member

@nturinski nturinski Oct 3, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Should localize both strings.

Copy link
Contributor Author

@MicroFish91 MicroFish91 Oct 4, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll localize the recommended, but do we want to localize Managed Identity? I was treating it like the official resource title and so wasn't thinking to add localization

Copy link
Member

@nturinski nturinski Oct 4, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume that Chinese or Korean would localize it to say Managed Identity, but in that language.

{D3FB564D-BC12-47D6-A42B-72B8AFE55F07}

@MicroFish91 MicroFish91 merged commit 21a6074 into main Oct 4, 2024
@MicroFish91 MicroFish91 deleted the mwf/cr-iii branch October 4, 2024 19:51
@microsoft microsoft locked and limited conversation to collaborators Nov 19, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@nturinski nturinski nturinski approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MicroFish91 @nturinski