From c7c110810d2632e2b7779c0ac8dfe89cd6d9461e Mon Sep 17 00:00:00 2001 From: Jon Huhn Date: Wed, 6 Nov 2024 20:07:01 -0600 Subject: [PATCH] azure infra: assign AcrPush to Service Principal --- infra/azure/terraform/capz/role-assignments/main.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/infra/azure/terraform/capz/role-assignments/main.tf b/infra/azure/terraform/capz/role-assignments/main.tf index b10a4c428ed..e70ada8e990 100644 --- a/infra/azure/terraform/capz/role-assignments/main.tf +++ b/infra/azure/terraform/capz/role-assignments/main.tf @@ -48,6 +48,12 @@ resource "azurerm_role_assignment" "acr_pull" { scope = var.container_registry_scope } +resource "azurerm_role_assignment" "acr_push" { + principal_id = data.azuread_service_principal.az_service_principal.id + role_definition_name = "AcrPush" + scope = var.container_registry_scope +} + resource "azurerm_role_definition" "custom_role" { name = "WriteAccessOnly" scope = "/subscriptions/${var.subscription_id}"