Generate ACR token passwords

[stfnzl]

Hello!

• Vote on this issue by adding a 👍 reaction
• If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

With containerregistry.Token we are able to create the token object but we do not have the possibility of generating the password. We would need a new resource type, which would be the equivalent of azurerm_container_registry_token_password.

Something like https://github.com/hashicorp/terraform-provider-azurerm/issues/12810

[stfnzl]

My current workaround:

import { ContainerRegistryManagementClient } from "@azure/arm-containerregistry";
import { GetTokenOptions, AccessToken } from "@azure/identity";

const generatePassword = (
  token: azure.containerregistry.Token
): pulumi.Output<string> => {
  if (pulumi.runtime.isDryRun()) {
    return pulumi.Output.create("1337");
  }

  return token.id.apply(async (tokenId) => {
    const clientConfig = await azure.authorization.getClientConfig();
    const clientToken = await azure.authorization.getClientToken();

    const credential = {
      getToken: async (
        scopes: string | string[],
        options?: GetTokenOptions
      ): Promise<AccessToken | null> => ({
        token: clientToken.token,
        expiresOnTimestamp: Date.now() + 3600 * 1000,
      }),
    };

    const client = new ContainerRegistryManagementClient(
      credential,
      clientConfig.subscriptionId
    );

    const credentials = await client.registries.beginGenerateCredentialsAndWait(
      containerRegistryResourceGroupName,
      containerRegistryName,
      {
        tokenId,
      }
    );

    return credentials!.passwords!.at(0)!.value!;
  });
};

[mjeffryes]

Thanks for suggesting this @stfnzl and for sharing your workaround.