import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Manages an Azure Container Registry. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const example = new azure.core.ResourceGroup("example", { * name: "example-resources", * location: "West Europe", * }); * const acr = new azure.containerservice.Registry("acr", { * name: "containerRegistry1", * resourceGroupName: example.name, * location: example.location, * sku: "Premium", * adminEnabled: false, * georeplications: [ * { * location: "East US", * zoneRedundancyEnabled: true, * tags: {}, * }, * { * location: "North Europe", * zoneRedundancyEnabled: true, * tags: {}, * }, * ], * }); * ``` * * ### Encryption) * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const exampleResourceGroup = new azure.core.ResourceGroup("example", { * name: "example-resources", * location: "West Europe", * }); * const exampleUserAssignedIdentity = new azure.authorization.UserAssignedIdentity("example", { * resourceGroupName: exampleResourceGroup.name, * location: exampleResourceGroup.location, * name: "registry-uai", * }); * const example = azure.keyvault.getKey({ * name: "super-secret", * keyVaultId: existing.id, * }); * const acr = new azure.containerservice.Registry("acr", { * name: "containerRegistry1", * resourceGroupName: exampleResourceGroup.name, * location: exampleResourceGroup.location, * sku: "Premium", * identity: { * type: "UserAssigned", * identityIds: [exampleUserAssignedIdentity.id], * }, * encryption: { * keyVaultKeyId: example.then(example => example.id), * identityClientId: exampleUserAssignedIdentity.clientId, * }, * }); * ``` * * ### Attaching A Container Registry To A Kubernetes Cluster) * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const example = new azure.core.ResourceGroup("example", { * name: "example-resources", * location: "West Europe", * }); * const exampleRegistry = new azure.containerservice.Registry("example", { * name: "containerRegistry1", * resourceGroupName: example.name, * location: example.location, * sku: "Premium", * }); * const exampleKubernetesCluster = new azure.containerservice.KubernetesCluster("example", { * name: "example-aks1", * location: example.location, * resourceGroupName: example.name, * dnsPrefix: "exampleaks1", * defaultNodePool: { * name: "default", * nodeCount: 1, * vmSize: "Standard_D2_v2", * }, * identity: { * type: "SystemAssigned", * }, * tags: { * Environment: "Production", * }, * }); * const exampleAssignment = new azure.authorization.Assignment("example", { * principalId: exampleKubernetesCluster.kubeletIdentity.apply(kubeletIdentity => kubeletIdentity.objectId), * roleDefinitionName: "AcrPull", * scope: exampleRegistry.id, * skipServicePrincipalAadCheck: true, * }); * ``` * * ## API Providers * * * This resource uses the following Azure API Providers: * * * `Microsoft.ContainerRegistry` - 2025-11-01 * * ## Import * * Container Registries can be imported using the `resource id`, e.g. * * ```sh * $ pulumi import azure:containerservice/registry:Registry example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.ContainerRegistry/registries/myregistry1 * ``` */ export declare class Registry extends pulumi.CustomResource { /** * Get an existing Registry resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: RegistryState, opts?: pulumi.CustomResourceOptions): Registry; /** * Returns true if the given object is an instance of Registry. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Registry; /** * Specifies whether the admin user is enabled. Defaults to `false`. */ readonly adminEnabled: pulumi.Output; /** * The Password associated with the Container Registry Admin account - if the admin account is enabled. */ readonly adminPassword: pulumi.Output; /** * The Username associated with the Container Registry Admin account - if the admin account is enabled. */ readonly adminUsername: pulumi.Output; /** * Whether to allow anonymous (unauthenticated) pull access to this Container Registry. This is only supported on resources with the `Standard` or `Premium` SKU. */ readonly anonymousPullEnabled: pulumi.Output; /** * Whether to enable dedicated data endpoints for this Container Registry? This is only supported on resources with the `Premium` SKU. */ readonly dataEndpointEnabled: pulumi.Output; /** * A set of data endpoint hostnames associated with the container registry if data endpoints are enabled. */ readonly dataEndpointHostNames: pulumi.Output; /** * An `encryption` block as documented below. */ readonly encryption: pulumi.Output; /** * Boolean value that indicates whether export policy is enabled. Defaults to `true`. In order to set it to `false`, make sure the `publicNetworkAccessEnabled` is also set to `false`. * * > **Note:** `quarantinePolicyEnabled`, `retentionPolicyInDays`, `trustPolicyEnabled`, `exportPolicyEnabled` and `zoneRedundancyEnabled` are only supported on resources with the `Premium` SKU. */ readonly exportPolicyEnabled: pulumi.Output; /** * One or more `georeplications` blocks as documented below. * * > **Note:** The `georeplications` is only supported on new resources with the `Premium` SKU. * * > **Note:** The `georeplications` list cannot contain the location where the Container Registry exists. * * > **Note:** If more than one `georeplications` block is specified, they are expected to follow the alphabetic order on the `location` property. */ readonly georeplications: pulumi.Output; /** * An `identity` block as defined below. */ readonly identity: pulumi.Output; /** * Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. */ readonly location: pulumi.Output; /** * The URL that can be used to log into the container registry. */ readonly loginServer: pulumi.Output; /** * Specifies the name of the Container Registry. Only Alphanumeric characters allowed. Changing this forces a new resource to be created. */ readonly name: pulumi.Output; /** * Whether to allow trusted Azure services to access a network-restricted Container Registry? Possible values are `None` and `AzureServices`. Defaults to `AzureServices`. */ readonly networkRuleBypassOption: pulumi.Output; /** * A `networkRuleSet` block as documented below. */ readonly networkRuleSet: pulumi.Output; /** * Whether public network access is allowed for the container registry. Defaults to `true`. */ readonly publicNetworkAccessEnabled: pulumi.Output; /** * Boolean value that indicates whether quarantine policy is enabled. */ readonly quarantinePolicyEnabled: pulumi.Output; /** * The name of the resource group in which to create the Container Registry. Changing this forces a new resource to be created. */ readonly resourceGroupName: pulumi.Output; /** * The number of days to retain and untagged manifest after which it gets purged. */ readonly retentionPolicyInDays: pulumi.Output; /** * The SKU name of the container registry. Possible values are `Basic`, `Standard` and `Premium`. */ readonly sku: pulumi.Output; /** * A mapping of tags to assign to the resource. */ readonly tags: pulumi.Output<{ [key: string]: string; } | undefined>; /** * Boolean value that indicated whether trust policy is enabled. Defaults to `false`. */ readonly trustPolicyEnabled: pulumi.Output; /** * Whether zone redundancy is enabled for this Container Registry? Changing this forces a new resource to be created. Defaults to `false`. */ readonly zoneRedundancyEnabled: pulumi.Output; /** * Create a Registry resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: RegistryArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering Registry resources. */ export interface RegistryState { /** * Specifies whether the admin user is enabled. Defaults to `false`. */ adminEnabled?: pulumi.Input; /** * The Password associated with the Container Registry Admin account - if the admin account is enabled. */ adminPassword?: pulumi.Input; /** * The Username associated with the Container Registry Admin account - if the admin account is enabled. */ adminUsername?: pulumi.Input; /** * Whether to allow anonymous (unauthenticated) pull access to this Container Registry. This is only supported on resources with the `Standard` or `Premium` SKU. */ anonymousPullEnabled?: pulumi.Input; /** * Whether to enable dedicated data endpoints for this Container Registry? This is only supported on resources with the `Premium` SKU. */ dataEndpointEnabled?: pulumi.Input; /** * A set of data endpoint hostnames associated with the container registry if data endpoints are enabled. */ dataEndpointHostNames?: pulumi.Input[]>; /** * An `encryption` block as documented below. */ encryption?: pulumi.Input; /** * Boolean value that indicates whether export policy is enabled. Defaults to `true`. In order to set it to `false`, make sure the `publicNetworkAccessEnabled` is also set to `false`. * * > **Note:** `quarantinePolicyEnabled`, `retentionPolicyInDays`, `trustPolicyEnabled`, `exportPolicyEnabled` and `zoneRedundancyEnabled` are only supported on resources with the `Premium` SKU. */ exportPolicyEnabled?: pulumi.Input; /** * One or more `georeplications` blocks as documented below. * * > **Note:** The `georeplications` is only supported on new resources with the `Premium` SKU. * * > **Note:** The `georeplications` list cannot contain the location where the Container Registry exists. * * > **Note:** If more than one `georeplications` block is specified, they are expected to follow the alphabetic order on the `location` property. */ georeplications?: pulumi.Input[]>; /** * An `identity` block as defined below. */ identity?: pulumi.Input; /** * Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. */ location?: pulumi.Input; /** * The URL that can be used to log into the container registry. */ loginServer?: pulumi.Input; /** * Specifies the name of the Container Registry. Only Alphanumeric characters allowed. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * Whether to allow trusted Azure services to access a network-restricted Container Registry? Possible values are `None` and `AzureServices`. Defaults to `AzureServices`. */ networkRuleBypassOption?: pulumi.Input; /** * A `networkRuleSet` block as documented below. */ networkRuleSet?: pulumi.Input; /** * Whether public network access is allowed for the container registry. Defaults to `true`. */ publicNetworkAccessEnabled?: pulumi.Input; /** * Boolean value that indicates whether quarantine policy is enabled. */ quarantinePolicyEnabled?: pulumi.Input; /** * The name of the resource group in which to create the Container Registry. Changing this forces a new resource to be created. */ resourceGroupName?: pulumi.Input; /** * The number of days to retain and untagged manifest after which it gets purged. */ retentionPolicyInDays?: pulumi.Input; /** * The SKU name of the container registry. Possible values are `Basic`, `Standard` and `Premium`. */ sku?: pulumi.Input; /** * A mapping of tags to assign to the resource. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Boolean value that indicated whether trust policy is enabled. Defaults to `false`. */ trustPolicyEnabled?: pulumi.Input; /** * Whether zone redundancy is enabled for this Container Registry? Changing this forces a new resource to be created. Defaults to `false`. */ zoneRedundancyEnabled?: pulumi.Input; } /** * The set of arguments for constructing a Registry resource. */ export interface RegistryArgs { /** * Specifies whether the admin user is enabled. Defaults to `false`. */ adminEnabled?: pulumi.Input; /** * Whether to allow anonymous (unauthenticated) pull access to this Container Registry. This is only supported on resources with the `Standard` or `Premium` SKU. */ anonymousPullEnabled?: pulumi.Input; /** * Whether to enable dedicated data endpoints for this Container Registry? This is only supported on resources with the `Premium` SKU. */ dataEndpointEnabled?: pulumi.Input; /** * An `encryption` block as documented below. */ encryption?: pulumi.Input; /** * Boolean value that indicates whether export policy is enabled. Defaults to `true`. In order to set it to `false`, make sure the `publicNetworkAccessEnabled` is also set to `false`. * * > **Note:** `quarantinePolicyEnabled`, `retentionPolicyInDays`, `trustPolicyEnabled`, `exportPolicyEnabled` and `zoneRedundancyEnabled` are only supported on resources with the `Premium` SKU. */ exportPolicyEnabled?: pulumi.Input; /** * One or more `georeplications` blocks as documented below. * * > **Note:** The `georeplications` is only supported on new resources with the `Premium` SKU. * * > **Note:** The `georeplications` list cannot contain the location where the Container Registry exists. * * > **Note:** If more than one `georeplications` block is specified, they are expected to follow the alphabetic order on the `location` property. */ georeplications?: pulumi.Input[]>; /** * An `identity` block as defined below. */ identity?: pulumi.Input; /** * Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. */ location?: pulumi.Input; /** * Specifies the name of the Container Registry. Only Alphanumeric characters allowed. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * Whether to allow trusted Azure services to access a network-restricted Container Registry? Possible values are `None` and `AzureServices`. Defaults to `AzureServices`. */ networkRuleBypassOption?: pulumi.Input; /** * A `networkRuleSet` block as documented below. */ networkRuleSet?: pulumi.Input; /** * Whether public network access is allowed for the container registry. Defaults to `true`. */ publicNetworkAccessEnabled?: pulumi.Input; /** * Boolean value that indicates whether quarantine policy is enabled. */ quarantinePolicyEnabled?: pulumi.Input; /** * The name of the resource group in which to create the Container Registry. Changing this forces a new resource to be created. */ resourceGroupName: pulumi.Input; /** * The number of days to retain and untagged manifest after which it gets purged. */ retentionPolicyInDays?: pulumi.Input; /** * The SKU name of the container registry. Possible values are `Basic`, `Standard` and `Premium`. */ sku: pulumi.Input; /** * A mapping of tags to assign to the resource. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Boolean value that indicated whether trust policy is enabled. Defaults to `false`. */ trustPolicyEnabled?: pulumi.Input; /** * Whether zone redundancy is enabled for this Container Registry? Changing this forces a new resource to be created. Defaults to `false`. */ zoneRedundancyEnabled?: pulumi.Input; }