Add managed identity support for connecting to container registries (#745)

Author: MicroFish91

package-lock.json

@@ -789,7 +789,8 @@
         "webpack-cli": "^4.6.0"
     },
     "dependencies": {
-        "@azure/arm-appcontainers": "^2.0.0",
+        "@azure/arm-appcontainers": "^2.1.0-beta.1",
+        "@azure/arm-authorization": "^9.0.0",
         "@azure/arm-containerregistry": "^10.0.0",
         "@azure/arm-operationalinsights": "^8.0.0",
         "@azure/arm-resources": "^5.2.0",

package.json

@@ -28,7 +28,10 @@ When creating or updating resources, execute steps should occupy certain priorit
 
 #### Steps
 ##### Managed Identity Registry Credential
-- Coming soon...
+- ManagedEnvironmentIdentityEnableStep: 450
+- AcrPullVerifyStep: 460
+- AcrPullEnableStep: 461
+- ManagedIdentityRegistryCredentialAddConfigurationStep: 470
 
 ##### Admin User Registry Credential
 - AcrEnableAdminUserStep: 450

src/commands/EXECUTE_PRIORITY.md

@@ -3,19 +3,24 @@
  *  Licensed under the MIT License. See License.txt in the project root for license information.
  *--------------------------------------------------------------------------------------------*/
 
+import { type RegistryCredentials } from "@azure/arm-appcontainers";
 import { type RegistryPassword } from "@azure/arm-containerregistry";
 import { type Workspace } from "@azure/arm-operationalinsights";
 import { uiUtils } from "@microsoft/vscode-azext-azureutils";
 import { createOperationalInsightsManagementClient } from "../../utils/azureClients";
 import type * as api from "../api/vscode-azurecontainerapps.api";
-import { listCredentialsFromRegistry } from "../image/imageSource/containerRegistry/acr/listCredentialsFromRegistry";
+import { listCredentialsFromAcr } from "../registryCredentials/dockerLogin/listCredentialsFromAcr";
 import { type DeployWorkspaceProjectContext } from "./DeployWorkspaceProjectContext";
 
 export type DeployWorkspaceProjectResults = api.DeployWorkspaceProjectResults;
 
 export async function getDeployWorkspaceProjectResults(context: DeployWorkspaceProjectContext): Promise<DeployWorkspaceProjectResults> {
-    const registryCredentials: { username: string, password: RegistryPassword } | undefined = context.registry ?
-        await listCredentialsFromRegistry(context, context.registry) : undefined;
+    const registryCredentials: RegistryCredentials | undefined = context.containerApp?.configuration?.registries?.find(r => r.server === context.registry?.loginServer);
+
+    let listedCredentials: { username: string, password: RegistryPassword } | undefined;
+    if (!registryCredentials?.identity) {
+        listedCredentials = await listCredentialsFromAcr(context);
+    }
 
     context.logAnalyticsWorkspace ??= await tryGetLogAnalyticsWorkspace(context);
 
@@ -26,8 +31,8 @@ export async function getDeployWorkspaceProjectResults(context: DeployWorkspaceP
         containerAppId: context.containerApp?.id,
         registryId: context.registry?.id,
         registryLoginServer: context.registry?.loginServer,
-        registryUsername: registryCredentials?.username,
-        registryPassword: registryCredentials?.password.value,
+        registryUsername: listedCredentials?.username,
+        registryPassword: listedCredentials?.password.value,
         imageName: context.imageName
     };
 }

src/commands/deployWorkspaceProject/getDeployWorkspaceProjectResults.ts

@@ -14,7 +14,6 @@ import { showContainerAppNotification } from "../../createContainerApp/showConta
 import { ContainerAppUpdateStep } from "../imageSource/ContainerAppUpdateStep";
 import { ImageSourceListStep } from "../imageSource/ImageSourceListStep";
 import { type ContainerRegistryImageSourceContext } from "../imageSource/containerRegistry/ContainerRegistryImageSourceContext";
-import { RegistryEnableAdminUserStep } from "../imageSource/containerRegistry/acr/RegistryEnableAdminUserStep";
 import { type DeployImageApiContext } from "./deployImageApi";
 
 export async function deployImage(context: IActionContext & Partial<ContainerRegistryImageSourceContext>, node: ContainerAppItem): Promise<void> {
@@ -33,7 +32,6 @@ export async function deployImage(context: IActionContext & Partial<ContainerReg
     wizardContext.telemetry.properties.revisionMode = containerApp.revisionsMode;
 
     const promptSteps: AzureWizardPromptStep<DeployImageApiContext>[] = [
-        new RegistryEnableAdminUserStep(),
         new ImageSourceListStep(),
         new ContainerAppOverwriteConfirmStep(),
     ];

src/commands/image/deployImageApi/deployImage.ts

@@ -13,7 +13,7 @@ import { type ImageSourceContext } from "./ImageSourceContext";
 import { getContainerNameForImage } from "./containerRegistry/getContainerNameForImage";
 
 export class ContainerAppUpdateStep<T extends ImageSourceContext> extends AzureWizardExecuteStep<T> {
-    public priority: number = 650;
+    public priority: number = 680;
 
     public async execute(context: T, progress: Progress<{ message?: string | undefined; increment?: number | undefined }>): Promise<void> {
         const containerApp: ContainerAppModel = nonNullProp(context, 'containerApp');