Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

@olafurnielsen
Created February 13, 2024 16:16
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save olafurnielsen/9845499644d0e0f50505345661411cb0 to your computer and use it in GitHub Desktop.
Save olafurnielsen/9845499644d0e0f50505345661411cb0 to your computer and use it in GitHub Desktop.
Authorize App Service to pull container image from a registry
import pulumi
from pulumi_azure_native import authorization, web, containerregistry
# AcrPull Role definition:
# https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#acrpull
def webapp_acrpull_role(
name: str, web_app: web.WebApp, registry: containerregistry.Registry
) -> authorization.RoleAssignment:
"""Assign AcrPull role to the web app"""
return authorization.RoleAssignment(
name,
principal_id=web_app.identity.principal_id,
principal_type="ServicePrincipal",
role_definition_id="/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d",
scope=registry.id,
opts=pulumi.ResourceOptions(parent=web_app, ignore_changes=["principal_id"]),
)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment