Skip to content

[ACR] az acr task create/update and az acr build/run: Add ABAC support for ACR Tasks#31069

Merged
zhoxing-ms merged 18 commits intoAzure:devfrom
lizMSFT:zoeyli/acr/abac_tasks
May 9, 2025
Merged

[ACR] az acr task create/update and az acr build/run: Add ABAC support for ACR Tasks#31069
zhoxing-ms merged 18 commits intoAzure:devfrom
lizMSFT:zoeyli/acr/abac_tasks

Conversation

@lizMSFT
Copy link
Member

@lizMSFT lizMSFT commented Mar 18, 2025

Related command
az acr task create | update
az acr build | run

Description
Added the new optional --source-acr-auth-id flag

History Notes
[ACR] az acr task create/update: Add a new optional parameter --source-acr-auth-id to specify the managed identity used for authentication with the source registry
[ACR] az acr build: Add a new optional parameter --source-acr-auth-id to specify the identity used for authentication with the source registry
[ACR] az acr run: Add a new optional parameter --source-acr-auth-id to specify the identity used for authentication with the source registry

Testing Guide
az acr task create:

  • ABAC-enabled registry:
  1. System-Assigned MI for Task Access
    image
    Before the role assignment:
    image
    After the role assignment:
    image

  2. User-Assigned MI for Task Access
    image

  3. No Task Source Registry Identity for Access
    image
    image

  • Non-ABAC-enabled registry:
    image
    image

az acr task update:

  • ABAC-enabled registry:
    image
    image
    image
    image

az acr build:
image

az acr run:
image


This checklist is used to make sure that common guidelines for a pull request are followed.

@azure-client-tools-bot-prd
Copy link

azure-client-tools-bot-prd bot commented Mar 18, 2025

️✔️AzureCLI-FullTest
️✔️acr
️✔️latest
️✔️3.12
️✔️3.9
️✔️acs
️✔️latest
️✔️3.12
️✔️3.9
️✔️advisor
️✔️latest
️✔️3.12
️✔️3.9
️✔️ams
️✔️latest
️✔️3.12
️✔️3.9
️✔️apim
️✔️latest
️✔️3.12
️✔️3.9
️✔️appconfig
️✔️latest
️✔️3.12
️✔️3.9
️✔️appservice
️✔️latest
️✔️3.12
️✔️3.9
️✔️aro
️✔️latest
️✔️3.12
️✔️3.9
️✔️backup
️✔️latest
️✔️3.12
️✔️3.9
️✔️batch
️✔️latest
️✔️3.12
️✔️3.9
️✔️batchai
️✔️latest
️✔️3.12
️✔️3.9
️✔️billing
️✔️latest
️✔️3.12
️✔️3.9
️✔️botservice
️✔️latest
️✔️3.12
️✔️3.9
️✔️cdn
️✔️latest
️✔️3.12
️✔️3.9
️✔️cloud
️✔️latest
️✔️3.12
️✔️3.9
️✔️cognitiveservices
️✔️latest
️✔️3.12
️✔️3.9
️✔️compute_recommender
️✔️latest
️✔️3.12
️✔️3.9
️✔️computefleet
️✔️latest
️✔️3.12
️✔️3.9
️✔️config
️✔️latest
️✔️3.12
️✔️3.9
️✔️configure
️✔️latest
️✔️3.12
️✔️3.9
️✔️consumption
️✔️latest
️✔️3.12
️✔️3.9
️✔️container
️✔️latest
️✔️3.12
️✔️3.9
️✔️containerapp
️✔️latest
️✔️3.12
️✔️3.9
️✔️core
️✔️latest
️✔️3.12
️✔️3.9
️✔️cosmosdb
️✔️latest
️✔️3.12
️✔️3.9
️✔️databoxedge
️✔️latest
️✔️3.12
️✔️3.9
️✔️dls
️✔️latest
️✔️3.12
️✔️3.9
️✔️dms
️✔️latest
️✔️3.12
️✔️3.9
️✔️eventgrid
️✔️latest
️✔️3.12
️✔️3.9
️✔️eventhubs
️✔️latest
️✔️3.12
️✔️3.9
️✔️feedback
️✔️latest
️✔️3.12
️✔️3.9
️✔️find
️✔️latest
️✔️3.12
️✔️3.9
️✔️hdinsight
️✔️latest
️✔️3.12
️✔️3.9
️✔️identity
️✔️latest
️✔️3.12
️✔️3.9
️✔️iot
️✔️latest
️✔️3.12
️✔️3.9
️✔️keyvault
️✔️latest
️✔️3.12
️✔️3.9
️✔️lab
️✔️latest
️✔️3.12
️✔️3.9
️✔️managedservices
️✔️latest
️✔️3.12
️✔️3.9
️✔️maps
️✔️latest
️✔️3.12
️✔️3.9
️✔️marketplaceordering
️✔️latest
️✔️3.12
️✔️3.9
️✔️monitor
️✔️latest
️✔️3.12
️✔️3.9
️✔️mysql
️✔️latest
️✔️3.12
️✔️3.9
️✔️netappfiles
️✔️latest
️✔️3.12
️✔️3.9
️✔️network
️✔️latest
️✔️3.12
️✔️3.9
️✔️policyinsights
️✔️latest
️✔️3.12
️✔️3.9
️✔️privatedns
️✔️latest
️✔️3.12
️✔️3.9
️✔️profile
️✔️latest
️✔️3.12
️✔️3.9
️✔️rdbms
️✔️latest
️✔️3.12
️✔️3.9
️✔️redis
️✔️latest
️✔️3.12
️✔️3.9
️✔️relay
️✔️latest
️✔️3.12
️✔️3.9
️✔️resource
️✔️latest
️✔️3.12
️✔️3.9
️✔️role
️✔️latest
️✔️3.12
️✔️3.9
️✔️search
️✔️latest
️✔️3.12
️✔️3.9
️✔️security
️✔️latest
️✔️3.12
️✔️3.9
️✔️servicebus
️✔️latest
️✔️3.12
️✔️3.9
️✔️serviceconnector
️✔️latest
️✔️3.12
️✔️3.9
️✔️servicefabric
️✔️latest
️✔️3.12
️✔️3.9
️✔️signalr
️✔️latest
️✔️3.12
️✔️3.9
️✔️sql
️✔️latest
️✔️3.12
️✔️3.9
️✔️sqlvm
️✔️latest
️✔️3.12
️✔️3.9
️✔️storage
️✔️latest
️✔️3.12
️✔️3.9
️✔️synapse
️✔️latest
️✔️3.12
️✔️3.9
️✔️telemetry
️✔️latest
️✔️3.12
️✔️3.9
️✔️util
️✔️latest
️✔️3.12
️✔️3.9
️✔️vm
️✔️latest
️✔️3.12
️✔️3.9

@azure-client-tools-bot-prd
Copy link

Hi @lizMSFT,
Since the current milestone time is less than 7 days, this pr will be reviewed in the next milestone.

@azure-client-tools-bot-prd
Copy link

azure-client-tools-bot-prd bot commented Mar 18, 2025

❌AzureCLI-BreakingChangeTest
❌acr
rule cmd_name rule_message suggest_message
1006 - ParaAdd acr build cmd acr build added parameter source_location please remove parameter source_location for cmd acr build
1006 - ParaAdd acr run cmd acr run added parameter source_location please remove parameter source_location for cmd acr run
⚠️ 1006 - ParaAdd acr build cmd acr build added parameter source_acr_auth_id
⚠️ 1010 - ParaPropUpdate acr build cmd acr build update parameter source_location: updated property name from source_location to registry_name
⚠️ 1010 - ParaPropUpdate acr build cmd acr build update parameter source_location: updated property options from [] to ['--registry', '-r']
⚠️ 1006 - ParaAdd acr run cmd acr run added parameter source_acr_auth_id
⚠️ 1010 - ParaPropUpdate acr run cmd acr run update parameter source_location: updated property name from source_location to registry_name
⚠️ 1010 - ParaPropUpdate acr run cmd acr run update parameter source_location: updated property options from [] to ['--registry', '-r']
⚠️ 1006 - ParaAdd acr task create cmd acr task create added parameter source_acr_auth_id
⚠️ 1006 - ParaAdd acr task update cmd acr task update added parameter source_acr_auth_id

Please submit your Breaking Change Pre-announcement ASAP if you haven't already. Please note:

  • Breaking changes can only be merged during the designated breaking change window
  • A pre-announcement must be released at least one month in advance

For more details on how to introduce breaking changes, refer to the documentation: azure-cli/doc/how_to_introduce_breaking_changes.md

@yonzhan
Copy link
Collaborator

yonzhan commented Mar 18, 2025

Thank you for your contribution! We will review the pull request and get back to you soon.

@github-actions
Copy link

The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR.

Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions).
After that please run the following commands to enable git hooks:

pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>

@lizMSFT lizMSFT changed the title [ACR] az acr tasks create | update, az acr build | run: Add ABAC support for ACR Tasks [WIP][ACR] az acr tasks create | update, az acr build | run: Add ABAC support for ACR Tasks Mar 18, 2025
@lizMSFT lizMSFT changed the title [WIP][ACR] az acr tasks create | update, az acr build | run: Add ABAC support for ACR Tasks [ACR] az acr tasks create | update, az acr build | run: Add ABAC support for ACR Tasks Mar 18, 2025
@lizMSFT lizMSFT marked this pull request as ready for review April 22, 2025 16:47
@lizMSFT lizMSFT changed the title [ACR] az acr tasks create | update, az acr build | run: Add ABAC support for ACR Tasks [ACR] az acr task create/update and az acr build/run: Add ABAC support for ACR Tasks Apr 25, 2025
@zhoxing-ms
Copy link
Contributor

/azp run

@azure-pipelines
Copy link

Azure Pipelines successfully started running 3 pipeline(s).

@yanzhudd
Copy link
Contributor

yanzhudd commented May 7, 2025

/azp run

@azure-pipelines
Copy link

Azure Pipelines successfully started running 3 pipeline(s).

@lizMSFT lizMSFT requested a review from yanzhudd May 7, 2025 19:13
@yanzhudd
Copy link
Contributor

yanzhudd commented May 8, 2025

/azp run

@azure-pipelines
Copy link

Azure Pipelines successfully started running 3 pipeline(s).

@zhoxing-ms zhoxing-ms merged commit a382f46 into Azure:dev May 9, 2025
49 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Auto-Assign Auto assign by bot Container Registry az acr

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants