AzureCR · djyou · Mar 6, 2019 · Feb 26, 2019 · Mar 1, 2019
diff --git a/src/command_modules/azure-cli-acr/azure/cli/command_modules/acr/_help.py b/src/command_modules/azure-cli-acr/azure/cli/command_modules/acr/_help.py
@@ -465,6 +465,15 @@
   - name: Create a Windows task from a public GitHub repository which builds the Azure Container Builder image on Amd64 architecture.
     text: >
         az acr task create -t acb:{{.Run.ID}} -n acb-win -r MyRegistry -c https://github.com/Azure/acr-builder.git -f Windows.Dockerfile --commit-trigger-enabled false --pull-request-trigger-enabled false --platform Windows/amd64
+- name: Create a Linux task from a public GitHub repository which builds the hello-world image with a git commit trigger and with the system-assigned managed identity
+    text: >
+        az acr task create -t hello-world:{{.Run.ID}} -n hello-world -r MyRegistry -c https://github.com/Azure-Samples/acr-build-helloworld-node.git -f Dockerfile --assign-identity [system]
+- name: Create a Linux task from a public GitHub repository which builds the hello-world image with a git commit trigger and with a user-assigned managed identity
+    text: >
+        az acr task create -t hello-world:{{.Run.ID}} -n hello-world -r MyRegistry -c https://github.com/Azure-Samples/acr-build-helloworld-node.git -f Dockerfile --assign-identity "/subscriptions/<SUBSCRIPTON ID>/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myUserAssignedIdentitiy"
+- name: Create a Linux task from a public GitHub repository which builds the hello-world image with a git commit trigger and with both system-assigned and user-assigned managed identities
+    text: >
+        az acr task create -t hello-world:{{.Run.ID}} -n hello-world -r MyRegistry -c https://github.com/Azure-Samples/acr-build-helloworld-node.git -f Dockerfile --assign-identity [system] "/subscriptions/<SUBSCRIPTON ID>/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myUserAssignedIdentitiy"
 """
 
 helps['acr task delete'] = """
@@ -573,6 +582,47 @@
         az acr task update-run -r MyRegistry --run-id runId --no-archive false
 """
 
+helps['acr task identity'] = """
+type: group
+short-summary: Managed Service Identities for Task.
+"""
+
+helps['acr task identity assign'] = """
+type: group
+short-summary: Update the managed service identity for a task.
+examples:
+  - name: Enable the system-assigned identity to an existing task. This will replace all existing user-assigned identities. 
+    text: >
+        az acr task identity assign -n MyTask -r MyRegistry --identities [system]
+  - name: Assign user=assigned managed identities to an existing task. This will replace an existing system-assigned identity.
+    text: >
+        az acr task identity assign -n MyTask -r MyRegistry --identities "/subscriptions/<SUBSCRIPTON ID>/resourcegroups/<RESOURCE GROUP>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<USER ASSIGNED IDENTITY NAME>"
+  - name: Assign both system-assigned and user=assigned managed identities to an existing task.
+    text: >
+        az acr task identity assign -n MyTask -r MyRegistry --identities [system] "/subscriptions/<SUBSCRIPTON ID>/resourcegroups/<RESOURCE GROUP>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<USER ASSIGNED IDENTITY NAME>"
+"""
+
+helps['acr task identity remove'] = """
+type: group
+short-summary: Remove managed service identities for a task.
+examples:
+  - name: Remove a user-assigned identity from a task. 
+    text: >
+        az acr task identity remove -n MyTask -r MyRegistry --identities "/subscriptions/<SUBSCRIPTON ID>/resourcegroups/<RESOURCE GROUP>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<USER ASSIGNED IDENTITY NAME>"
+  - name: Remove all managed identities from a task.
+    text: >
+        az acr task identity remove -n MyTask -r MyRegistry
+"""
+
+helps['acr task identity show'] = """
+type: group
+short-summary: Display the managed service identities for task.
+examples:
+  - name: Display the managed service identities for a task.
+    text: >
+        az acr task identity show -n MyTask -r MyRegistry
+"""
+
 helps['acr update'] = """
 type: command
 short-summary: Update an Azure Container Registry.

diff --git a/src/command_modules/azure-cli-acr/azure/cli/command_modules/acr/_params.py b/src/command_modules/azure-cli-acr/azure/cli/command_modules/acr/_params.py
@@ -182,10 +182,16 @@ def load_arguments(self, _):  # pylint: disable=too-many-statements
 
         # Run agent parameters
         c.argument('cpu', type=int, help='The CPU configuration in terms of number of cores required for the run.')
+
+        # MSI parameter
+        c.argument('assign_identity', nargs='*', help="Assigns a Managed Identity to the task. Use '[system]' to refer system assigned identity, or a resource id to refer user assigned identity.")
 
     with self.argument_context('acr task create') as c:
         c.argument('task_name', completer=None)
 
+    with self.argument_context('acr task identity') as c:
+        c.argument('assign_identity', options_list=['--identities'], nargs='*', help="The identities to assign. Use '[system]' to refer to the system-assigned identity.")
+
     with self.argument_context('acr helm') as c:
         c.argument('resource_group_name', deprecate_info=c.deprecate(hide=True))
         c.argument('repository', help=argparse.SUPPRESS)

diff --git a/...li-acr/azure/cli/command_modules/acr/azure/mgmt/containerregistry/v2018_09_01/__init__.py b/...li-acr/azure/cli/command_modules/acr/azure/mgmt/containerregistry/v2018_09_01/__init__.py
@@ -0,0 +1,18 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from .container_registry_management_client import ContainerRegistryManagementClient
+from .version import VERSION
+
+__all__ = ['ContainerRegistryManagementClient']
+
+__version__ = VERSION
+
diff --git a/...ules/acr/azure/mgmt/containerregistry/v2018_09_01/container_registry_management_client.py b/...ules/acr/azure/mgmt/containerregistry/v2018_09_01/container_registry_management_client.py
@@ -0,0 +1,105 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.service_client import ServiceClient
+from msrest import Serializer, Deserializer
+from msrestazure import AzureConfiguration
+from .version import VERSION
+from .operations.registries_operations import RegistriesOperations
+from .operations.operations import Operations
+from .operations.replications_operations import ReplicationsOperations
+from .operations.webhooks_operations import WebhooksOperations
+from .operations.runs_operations import RunsOperations
+from .operations.tasks_operations import TasksOperations
+from . import models
+
+
+class ContainerRegistryManagementClientConfiguration(AzureConfiguration):
+    """Configuration for ContainerRegistryManagementClient
+    Note that all parameters used to create this instance are saved as instance
+    attributes.
+
+    :param credentials: Credentials needed for the client to connect to Azure.
+    :type credentials: :mod:`A msrestazure Credentials
+     object<msrestazure.azure_active_directory>`
+    :param subscription_id: The Microsoft Azure subscription ID.
+    :type subscription_id: str
+    :param str base_url: Service URL
+    """
+
+    def __init__(
+            self, credentials, subscription_id, base_url=None):
+
+        if credentials is None:
+            raise ValueError("Parameter 'credentials' must not be None.")
+        if subscription_id is None:
+            raise ValueError("Parameter 'subscription_id' must not be None.")
+        if not base_url:
+            base_url = 'https://management.azure.com'
+
+        super(ContainerRegistryManagementClientConfiguration, self).__init__(base_url)
+
+        self.add_user_agent('azure-mgmt-containerregistry/{}'.format(VERSION))
+        self.add_user_agent('Azure-SDK-For-Python')
+
+        self.credentials = credentials
+        self.subscription_id = subscription_id
+
+
+class ContainerRegistryManagementClient(object):
+    """ContainerRegistryManagementClient
+
+    :ivar config: Configuration for client.
+    :vartype config: ContainerRegistryManagementClientConfiguration
+
+    :ivar registries: Registries operations
+    :vartype registries: azure.mgmt.containerregistry.v2018_09_01.operations.RegistriesOperations
+    :ivar operations: Operations operations
+    :vartype operations: azure.mgmt.containerregistry.v2018_09_01.operations.Operations
+    :ivar replications: Replications operations
+    :vartype replications: azure.mgmt.containerregistry.v2018_09_01.operations.ReplicationsOperations
+    :ivar webhooks: Webhooks operations
+    :vartype webhooks: azure.mgmt.containerregistry.v2018_09_01.operations.WebhooksOperations
+    :ivar runs: Runs operations
+    :vartype runs: azure.mgmt.containerregistry.v2018_09_01.operations.RunsOperations
+    :ivar tasks: Tasks operations
+    :vartype tasks: azure.mgmt.containerregistry.v2018_09_01.operations.TasksOperations
+
+    :param credentials: Credentials needed for the client to connect to Azure.
+    :type credentials: :mod:`A msrestazure Credentials
+     object<msrestazure.azure_active_directory>`
+    :param subscription_id: The Microsoft Azure subscription ID.
+    :type subscription_id: str
+    :param str base_url: Service URL
+    """
+
+    def __init__(
+            self, credentials, subscription_id, base_url=None):
+
+        self.config = ContainerRegistryManagementClientConfiguration(credentials, subscription_id, base_url)
+        self._client = ServiceClient(self.config.credentials, self.config)
+
+        client_models = {k: v for k, v in models.__dict__.items() if isinstance(v, type)}
+        self._serialize = Serializer(client_models)
+        self._deserialize = Deserializer(client_models)
+
+        self.registries = RegistriesOperations(
+            self._client, self.config, self._serialize, self._deserialize)
+        self.operations = Operations(
+            self._client, self.config, self._serialize, self._deserialize)
+        self.replications = ReplicationsOperations(
+            self._client, self.config, self._serialize, self._deserialize)
+        self.webhooks = WebhooksOperations(
+            self._client, self.config, self._serialize, self._deserialize)
+        self.runs = RunsOperations(
+            self._client, self.config, self._serialize, self._deserialize)
+        self.tasks = TasksOperations(
+            self._client, self.config, self._serialize, self._deserialize)