import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Manages a Container Registry Credential Set. * * ## Example Usage * * ### Minimal) * * > **Note:** Be aware that you will need to permit the Identity that is created for the Container Registry to have `get` on secrets to the Key Vault, e.g. using the `azure.keyvault.AccessPolicy` resource. * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const example = new azure.core.ResourceGroup("example", { * name: "example-resources", * location: "West Europe", * }); * const exampleRegistry = new azure.containerservice.Registry("example", { * name: "exampleContainerRegistry", * resourceGroupName: example.name, * location: example.location, * sku: "Basic", * }); * const exampleRegistryCredentialSet = new azure.containerservice.RegistryCredentialSet("example", { * name: "exampleCredentialSet", * containerRegistryId: exampleRegistry.id, * loginServer: "docker.io", * identity: { * type: "SystemAssigned", * }, * authenticationCredentials: { * usernameSecretId: "https://example-keyvault.vault.azure.net/secrets/example-user-name", * passwordSecretId: "https://example-keyvault.vault.azure.net/secrets/example-user-password", * }, * }); * ``` * * ### Full) * * This example provisions a key vault with two secrets, a container registry, a container registry credential set, and an access policy to allow the container registry to read the secrets from the key vault. * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const example = new azure.core.ResourceGroup("example", { * name: "example-resources", * location: "West Europe", * }); * const current = azure.core.getClientConfig({}); * const exampleKeyVault = new azure.keyvault.KeyVault("example", { * name: "examplekeyvault", * location: example.location, * resourceGroupName: example.name, * tenantId: current.then(current => current.tenantId), * skuName: "standard", * softDeleteRetentionDays: 7, * accessPolicies: [{ * tenantId: current.then(current => current.tenantId), * objectId: current.then(current => current.objectId), * certificatePermissions: [], * keyPermissions: [], * secretPermissions: [ * "Get", * "Set", * "Delete", * "Purge", * ], * }], * }); * const exampleUser = new azure.keyvault.Secret("example_user", { * keyVaultId: exampleKeyVault.id, * name: "example-user-name", * value: "name", * }); * const examplePassword = new azure.keyvault.Secret("example_password", { * keyVaultId: exampleKeyVault.id, * name: "example-user-password", * value: "password", * }); * const exampleRegistry = new azure.containerservice.Registry("example", { * name: "exampleContainerRegistry", * resourceGroupName: example.name, * location: example.location, * sku: "Basic", * }); * const exampleRegistryCredentialSet = new azure.containerservice.RegistryCredentialSet("example", { * name: "exampleCredentialSet", * containerRegistryId: exampleRegistry.id, * loginServer: "docker.io", * identity: { * type: "SystemAssigned", * }, * authenticationCredentials: { * usernameSecretId: exampleUser.versionlessId, * passwordSecretId: examplePassword.versionlessId, * }, * }); * const readSecrets = new azure.keyvault.AccessPolicy("read_secrets", { * keyVaultId: exampleKeyVault.id, * tenantId: exampleRegistryCredentialSet.identity.apply(identity => identity.tenantId), * objectId: exampleRegistryCredentialSet.identity.apply(identity => identity.principalId), * secretPermissions: ["Get"], * }); * ``` * * ## API Providers * * * This resource uses the following Azure API Providers: * * * `Microsoft.ContainerRegistry` - 2023-07-01 * * ## Import * * Container Registry Credential Sets can be imported using the `resource id`, e.g. * * ```sh * $ pulumi import azure:containerservice/registryCredentialSet:RegistryCredentialSet example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.ContainerRegistry/registries/registry1/credentialSets/credentialSet1 * ``` */ export declare class RegistryCredentialSet extends pulumi.CustomResource { /** * Get an existing RegistryCredentialSet resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: RegistryCredentialSetState, opts?: pulumi.CustomResourceOptions): RegistryCredentialSet; /** * Returns true if the given object is an instance of RegistryCredentialSet. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is RegistryCredentialSet; /** * A `authenticationCredentials` block as defined below. */ readonly authenticationCredentials: pulumi.Output; /** * The ID of the Container Registry. Changing this forces a new Container Registry Credential Set to be created. */ readonly containerRegistryId: pulumi.Output; /** * An `identity` block as defined below. */ readonly identity: pulumi.Output; /** * The login server for the Credential Set. Changing this forces a new Container Registry Credential Set to be created. */ readonly loginServer: pulumi.Output; /** * The name which should be used for this Container Registry Credential Set. Changing this forces a new Container Registry Credential Set to be created. */ readonly name: pulumi.Output; /** * Create a RegistryCredentialSet resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: RegistryCredentialSetArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering RegistryCredentialSet resources. */ export interface RegistryCredentialSetState { /** * A `authenticationCredentials` block as defined below. */ authenticationCredentials?: pulumi.Input; /** * The ID of the Container Registry. Changing this forces a new Container Registry Credential Set to be created. */ containerRegistryId?: pulumi.Input; /** * An `identity` block as defined below. */ identity?: pulumi.Input; /** * The login server for the Credential Set. Changing this forces a new Container Registry Credential Set to be created. */ loginServer?: pulumi.Input; /** * The name which should be used for this Container Registry Credential Set. Changing this forces a new Container Registry Credential Set to be created. */ name?: pulumi.Input; } /** * The set of arguments for constructing a RegistryCredentialSet resource. */ export interface RegistryCredentialSetArgs { /** * A `authenticationCredentials` block as defined below. */ authenticationCredentials: pulumi.Input; /** * The ID of the Container Registry. Changing this forces a new Container Registry Credential Set to be created. */ containerRegistryId: pulumi.Input; /** * An `identity` block as defined below. */ identity: pulumi.Input; /** * The login server for the Credential Set. Changing this forces a new Container Registry Credential Set to be created. */ loginServer: pulumi.Input; /** * The name which should be used for this Container Registry Credential Set. Changing this forces a new Container Registry Credential Set to be created. */ name?: pulumi.Input; }