Support for CMD option on azure container registry tasks

Bijlsma commented 2 years ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Thanks for developing the azurerm_container_registry_task, however, as suggested here in the original request, I am missing the cmd option in the current resource which would help a lot in easily purging or deleted imaged from the container registry like shown here on the Microsoft documentation page.

New or Affected Resource(s)

azurerm_container_registry_task

Potential Terraform Configuration

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

References

https://docs.microsoft.com/en-gb/azure/container-registry/container-registry-auto-purge#schedule-the-purge

aristosvo commented 2 years ago

Hi @Bijlsma!

I think I can help you with this one. The azurerm_container_registry_task resource is unfortunately not that straight-forward as the CLI command, as it is an implementation of the API as exposed by Azure. The underlying model is also visible when you run an az acr task show command, and based on that output I could reconstruct the resource in Terraform HCL.

When creating the purge task via az, this is the result:

{
  "agentConfiguration": {
    "cpu": 2
  },
  "agentPoolName": null,
  "creationDate": "2022-01-05T19:35:23.913639+00:00",
  "credentials": null,
  "id": "/subscriptions/<mysubscription>/resourceGroups/azurerm/providers/Microsoft.ContainerRegistry/registries/azurerm/tasks/weeklyPurgeTask",
  "identity": null,
  "isSystemTask": false,
  "location": "westeurope",
  "logTemplate": null,
  "name": "weeklyPurgeTask",
  "platform": {
    "architecture": "amd64",
    "os": "linux",
    "variant": null
  },
  "provisioningState": "Succeeded",
  "resourceGroup": "azurerm",
  "status": "Enabled",
  "step": {
    "baseImageDependencies": null,
    "contextAccessToken": null,
    "contextPath": null,
    "encodedTaskContent": "dmVyc2lvbjogdjEuMS4wCnN0ZXBzOiAKICAtIGNtZDogYWNyIHB1cmdlICAgLS1maWx0ZXIgJ3NhbXBsZXMvZGV2aW1hZ2UxOi4qJyAtLWZpbHRlciAnc2FtcGxlcy9kZXZpbWFnZTI6LionICAgLS1hZ28gMGQgLS11bnRhZ2dlZAogICAgZGlzYWJsZVdvcmtpbmdEaXJlY3RvcnlPdmVycmlkZTogdHJ1ZQogICAgdGltZW91dDogMzYwMAo=",
    "encodedValuesContent": null,
    "type": "EncodedTask",
    "values": []
  },
  "systemData": {
    "createdAt": "2022-01-05T19:35:23.870782+00:00",
    "createdBy": "<me>",
    "createdByType": "User",
    "lastModifiedAt": "2022-01-05T19:35:23.870782+00:00",
    "lastModifiedBy": "<me>",
    "lastModifiedByType": "User"
  },
  "tags": null,
  "timeout": 3600,
  "trigger": {
    "baseImageTrigger": {
      "baseImageTriggerType": "Runtime",
      "name": "defaultBaseimageTriggerName",
      "status": "Enabled",
      "updateTriggerEndpoint": null,
      "updateTriggerPayloadType": "Default"
    },
    "sourceTriggers": null,
    "timerTriggers": [
      {
        "name": "t1",
        "schedule": "0 1 * * Sun",
        "status": "Enabled"
      }
    ]
  },
  "type": "Microsoft.ContainerRegistry/registries/tasks"
}

A similar configuration can be created by this terraform hcl configuration:

provider "azurerm" {
  features {}
}

resource "azurerm_container_registry_task" "test" {
  name                  = "testacccrTask"
  container_registry_id = azurerm_container_registry.test.id
  platform {
    os           = "Linux"
    architecture = "amd64" 
  }
  encoded_step {
    task_content = <<EOF
version: v1.1.0
steps: 
  - cmd: acr purge   --filter 'samples/devimage1:.*' --filter 'samples/devimage2:.*'   --ago 0d --untagged
    disableWorkingDirectoryOverride: true
    timeout: 3600
EOF
  }
  agent_setting {
    cpu = 2
  }
  base_image_trigger {
    name                        = "defaultBaseimageTriggerName"
    type                        = "Runtime"
    enabled                     = true
    update_trigger_payload_type = "Default"
  }
  timer_trigger {
    name     = "t1"
    schedule = "0 1 * * Sun"
    enabled  = true
  }
}

Bijlsma commented 2 years ago

Thanks a lot @aristosvo, I will try this out!

samjpv commented 2 years ago

Really helpful response. One thing I'll add is that you'll probably have to reference the ms docker image for acr "mcr.microsoft.com/acr/acr-cli:0.x" instead of just "acr" for the purge command to work.

samjpv commented 1 year ago

@aristosvo Any idea why a regex repository name would work when running the purge script locally but not when creating using the encoded step you suggested? I've been seeing this: Deleting tags for repository: .*, .* repository not found In the task run logs

When trying to use '.*:.*' and a similar error for any other regex in the repository name.

aristosvo commented 1 year ago

@samjpv Hi! No, I don't.., have you compared the payload the az cli is sending (--debug) and azurerm sends in debug mode?

It might be something simple, I haven't had the time to do it myself.

samjpv commented 1 year ago

It looks like it's actually the microsoft docker image that I'm using (as per my comment a few months ago) that is causing the issue, and I'm able to recreate locally. It's odd because it works on non-regex and regex tag only cases. I'll have to mess around with it and see if I can find a solution that doesn't use the docker image, since using acr purge . . . doesn't actually work for me.

hashicorp / terraform-provider-azurerm