dotnet · captainsafia · May 1, 2025 · Apr 30, 2025 · May 1, 2025 · May 1, 2025
diff --git a/Aspire.sln b/Aspire.sln
@@ -1,4 +1,4 @@
-
+
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio Version 17
 VisualStudioVersion = 17.0.31903.59
@@ -675,6 +675,10 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Aspire.Azure.Npgsql.EntityF
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Aspire.Components.Common.Tests", "tests\Aspire.Components.Common.Tests\Aspire.Components.Common.Tests.csproj", "{30950CEB-2232-F9FC-04FF-ADDCB8AC30A7}"
 EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{827E0CD3-B72D-47B6-A68D-7590B98EB39B}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Aspire.Hosting.Azure.ContainerRegistry", "src\Aspire.Hosting.Azure.ContainerRegistry\Aspire.Hosting.Azure.ContainerRegistry.csproj", "{6CBA29C8-FF78-4ABC-BEFA-2A53CB4DB2A3}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -3961,6 +3965,18 @@ Global
 		{30950CEB-2232-F9FC-04FF-ADDCB8AC30A7}.Release|x64.Build.0 = Release|Any CPU
 		{30950CEB-2232-F9FC-04FF-ADDCB8AC30A7}.Release|x86.ActiveCfg = Release|Any CPU
 		{30950CEB-2232-F9FC-04FF-ADDCB8AC30A7}.Release|x86.Build.0 = Release|Any CPU
+		{6CBA29C8-FF78-4ABC-BEFA-2A53CB4DB2A3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{6CBA29C8-FF78-4ABC-BEFA-2A53CB4DB2A3}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{6CBA29C8-FF78-4ABC-BEFA-2A53CB4DB2A3}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{6CBA29C8-FF78-4ABC-BEFA-2A53CB4DB2A3}.Debug|x64.Build.0 = Debug|Any CPU
+		{6CBA29C8-FF78-4ABC-BEFA-2A53CB4DB2A3}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{6CBA29C8-FF78-4ABC-BEFA-2A53CB4DB2A3}.Debug|x86.Build.0 = Debug|Any CPU
+		{6CBA29C8-FF78-4ABC-BEFA-2A53CB4DB2A3}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{6CBA29C8-FF78-4ABC-BEFA-2A53CB4DB2A3}.Release|Any CPU.Build.0 = Release|Any CPU
+		{6CBA29C8-FF78-4ABC-BEFA-2A53CB4DB2A3}.Release|x64.ActiveCfg = Release|Any CPU
+		{6CBA29C8-FF78-4ABC-BEFA-2A53CB4DB2A3}.Release|x64.Build.0 = Release|Any CPU
+		{6CBA29C8-FF78-4ABC-BEFA-2A53CB4DB2A3}.Release|x86.ActiveCfg = Release|Any CPU
+		{6CBA29C8-FF78-4ABC-BEFA-2A53CB4DB2A3}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -4285,6 +4301,7 @@ Global
 		{192747A2-9338-DECF-5C8C-28EB8E13829B} = {27381127-6C45-4B4C-8F18-41FF48DFE4B2}
 		{8FCA0CFA-7823-6A2F-342A-107A994915B0} = {C424395C-1235-41A4-BF55-07880A04368C}
 		{30950CEB-2232-F9FC-04FF-ADDCB8AC30A7} = {C424395C-1235-41A4-BF55-07880A04368C}
+		{6CBA29C8-FF78-4ABC-BEFA-2A53CB4DB2A3} = {827E0CD3-B72D-47B6-A68D-7590B98EB39B}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {47DCFECF-5631-4BDE-A1EC-BE41E90F60C4}

diff --git a/playground/AzureContainerApps/AzureContainerApps.AppHost/api-roles-account-kv.module.bicep b/playground/AzureContainerApps/AzureContainerApps.AppHost/api-roles-account-kv.module.bicep
@@ -9,11 +9,11 @@ resource account_kv 'Microsoft.KeyVault/vaults@2023-07-01' existing = {
   name: account_kv_outputs_name
 }
 
-resource account_kv_KeyVaultAdministrator 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-  name: guid(account_kv.id, principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00482a5a-887f-4fb3-b363-3b7fe8e74483'))
+resource account_kv_KeyVaultSecretsUser 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid(account_kv.id, principalId, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4633458b-17de-408a-b874-0445c86b69e6'))
   properties: {
     principalId: principalId
-    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00482a5a-887f-4fb3-b363-3b7fe8e74483')
+    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4633458b-17de-408a-b874-0445c86b69e6')
     principalType: 'ServicePrincipal'
   }
   scope: account_kv

@@ -19,6 +19,7 @@
     <PackageReference Include="Azure.Provisioning.KeyVault" />
     <PackageReference Include="Azure.Provisioning.Storage" />
     <ProjectReference Include="..\Aspire.Hosting.Azure\Aspire.Hosting.Azure.csproj" />
+    <ProjectReference Include="..\Aspire.Hosting.Azure.ContainerRegistry\Aspire.Hosting.Azure.ContainerRegistry.csproj" />
   </ItemGroup>
 
 </Project>
@@ -98,12 +98,19 @@ public static IResourceBuilder<AzureContainerAppEnvironmentResource> AddAzureCon
 
             infra.Add(identity);
 
-            var containerRegistry = new ContainerRegistryService(Infrastructure.NormalizeBicepIdentifier($"{appEnvResource.Name}_acr"))
+            ContainerRegistryService? containerRegistry = null;
+            if (appEnvResource.TryGetLastAnnotation<ContainerRegistryReferenceAnnotation>(out var registryReferenceAnnotation) && registryReferenceAnnotation.Registry is AzureProvisioningResource registry)
             {
-                Sku = new() { Name = ContainerRegistrySkuName.Basic },
-                Tags = tags
-            };
-
+                containerRegistry = (ContainerRegistryService)registry.AddAsExistingResource(infra);
+            }
+            else
+            {
+                containerRegistry = new ContainerRegistryService(Infrastructure.NormalizeBicepIdentifier($"{appEnvResource.Name}_acr"))
+                {
+                    Sku = new() { Name = ContainerRegistrySkuName.Basic },
+                    Tags = tags
+                };
+            }
             infra.Add(containerRegistry);
 
             var pullRa = containerRegistry.CreateRoleAssignment(ContainerRegistryBuiltInRole.AcrPull, identity);
@@ -345,7 +352,7 @@ public static IResourceBuilder<AzureContainerAppEnvironmentResource> AddAzureCon
     /// <returns><see cref="IResourceBuilder{T}"/></returns>
     /// <remarks>
     /// By default, the container app environment resources use a different naming convention than azd.
-    /// 
+    ///
     /// This method allows for reusing the previously deployed resources if the application was deployed using
     /// azd without calling <see cref="AddAzureContainerAppEnvironment"/>
     /// </remarks>

@@ -1,3 +1,5 @@
+#pragma warning disable ASPIRECOMPUTE001 // Type is for evaluation purposes only and is subject to change or removal in future updates. Suppress this diagnostic to proceed.
+
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
@@ -60,11 +62,12 @@ public async Task BeforeStartAsync(DistributedApplicationModel appModel, Cancell
             // container app environment in the deployment target information
             // associated with each compute resource that needs an image
 #pragma warning disable ASPIRECOMPUTE001 // Type is for evaluation purposes only and is subject to change or removal in future updates. Suppress this diagnostic to proceed.
-            r.Annotations.Add(new DeploymentTargetAnnotation(containerApp)
+            if (r is IComputeResource computeResource)
             {
-                ContainerRegistryInfo = caes.FirstOrDefault(),
-                ComputeEnvironment = environment as IComputeEnvironmentResource // will be null if azd
-            });
+                computeResource.ContainerRegistry = caes.FirstOrDefault();
+                computeResource.ComputeEnvironment = environment as IComputeEnvironmentResource;
+            }
+            r.Annotations.Add(new DeploymentTargetAnnotation(containerApp));
 #pragma warning restore ASPIRECOMPUTE001 // Type is for evaluation purposes only and is subject to change or removal in future updates. Suppress this diagnostic to proceed.
         }
 

diff --git a/src/Aspire.Hosting.Azure.ContainerRegistry/Aspire.Hosting.Azure.ContainerRegistry.csproj b/src/Aspire.Hosting.Azure.ContainerRegistry/Aspire.Hosting.Azure.ContainerRegistry.csproj
@@ -0,0 +1,23 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>$(DefaultTargetFramework)</TargetFramework>
+    <IsPackable>true</IsPackable>
+    <PackageTags>aspire integration hosting azure containerregistry</PackageTags>
+    <Description>Azure Container Registry resource types for .NET Aspire.</Description>
+    <EnablePackageValidation>false</EnablePackageValidation>
+    <SuppressFinalPackageVersion>true</SuppressFinalPackageVersion>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Compile Include="$(RepoRoot)src\Shared\AzureRoleAssignmentUtils.cs" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\Aspire.Hosting.Azure\Aspire.Hosting.Azure.csproj" />
+    <PackageReference Include="Azure.Provisioning" />
+    <PackageReference Include="Azure.Provisioning.ContainerRegistry" />
+  </ItemGroup>
+
+
+</Project>
diff --git a/src/Aspire.Hosting.Azure.ContainerRegistry/AzureContainerRegistryExtensions.cs b/src/Aspire.Hosting.Azure.ContainerRegistry/AzureContainerRegistryExtensions.cs
@@ -0,0 +1,79 @@
+#pragma warning disable ASPIRECOMPUTE001 // Type is for evaluation purposes only and is subject to change or removal in future updates. Suppress this diagnostic to proceed.
+
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using Aspire.Hosting.ApplicationModel;
+using Aspire.Hosting.Azure;
+using Aspire.Hosting.Azure.ContainerRegistry;
+using Azure.Provisioning;
+using Azure.Provisioning.ContainerRegistry;
+
+namespace Aspire.Hosting;
+
+/// <summary>
+/// Provides extension methods for adding Azure Container Registry resources to the application model.
+/// </summary>
+public static class AzureContainerRegistryExtensions
+{
+    /// <summary>
+    /// Adds an Azure Container Registry resource to the application model.
+    /// </summary>
+    /// <param name="builder">The builder for the distributed application.</param>
+    /// <param name="name">The name of the resource.</param>
+    /// <returns>A reference to the <see cref="IResourceBuilder{AzureContainerRegistryResource}"/> builder.</returns>
+    /// <exception cref="ArgumentNullException">Thrown when <paramref name="builder"/> is null.</exception>
+    /// <exception cref="ArgumentException">Thrown when <paramref name="name"/> is null or empty.</exception>
+    public static IResourceBuilder<AzureContainerRegistryResource> AddAzureContainerRegistry(this IDistributedApplicationBuilder builder, [ResourceName] string name)
+    {
+        ArgumentNullException.ThrowIfNull(builder);
+        ArgumentException.ThrowIfNullOrEmpty(name);
+
+        builder.AddAzureProvisioning();
+
+        var configureInfrastructure = (AzureResourceInfrastructure infrastructure) =>
+        {
+            var registry = AzureProvisioningResource.CreateExistingOrNewProvisionableResource(infrastructure,
+                (identifier, name) =>
+                {
+                    var resource = ContainerRegistryService.FromExisting(identifier);
+                    resource.Name = name;
+                    return resource;
+                },
+                (infrastructure) => new ContainerRegistryService(infrastructure.AspireResource.GetBicepIdentifier())
+                {
+                    Sku = new() { Name = ContainerRegistrySkuName.Basic },
+                    Tags = { { "aspire-resource-name", infrastructure.AspireResource.Name } }
+                });
+
+            infrastructure.Add(registry);
+
+            infrastructure.Add(new ProvisioningOutput("name", typeof(string)) { Value = registry.Name });
+            infrastructure.Add(new ProvisioningOutput("loginServer", typeof(string)) { Value = registry.LoginServer });
+        };
+
+        var resource = new AzureContainerRegistryResource(name, configureInfrastructure);
+        return builder.AddResource(resource)
+            .WithAnnotation(new DefaultRoleAssignmentsAnnotation(new HashSet<RoleDefinition>()));
+    }
+
+    /// <summary>
+    /// Configures a resource that implements <see cref="IContainerRegistry"/> to use the specified Azure Container Registry.
+    /// </summary>
+    /// <typeparam name="T">The resource type that implements <see cref="IContainerRegistry"/>.</typeparam>
+    /// <param name="builder">The resource builder for a resource that implements <see cref="IContainerRegistry"/>.</param>
+    /// <param name="registryBuilder">The resource builder for the <see cref="AzureContainerRegistryResource"/> to use.</param>
+    /// <returns>A reference to the <see cref="IResourceBuilder{T}"/>.</returns>
+    /// <exception cref="ArgumentNullException">Thrown when <paramref name="builder"/> or <paramref name="registryBuilder"/> is null.</exception>
+    public static IResourceBuilder<T> WithAzureContainerRegistry<T>(this IResourceBuilder<T> builder, IResourceBuilder<AzureContainerRegistryResource> registryBuilder)
+        where T : IResource, IComputeEnvironmentResource
+    {
+        ArgumentNullException.ThrowIfNull(builder);
+        ArgumentNullException.ThrowIfNull(registryBuilder);
+
+        // Add a ContainerRegistryReferenceAnnotation to indicate that the resource is using a specific registry
+        builder.WithAnnotation(new ContainerRegistryReferenceAnnotation(registryBuilder.Resource));
+
+        return builder;
+    }
+}
diff --git a/src/Aspire.Hosting.Azure.ContainerRegistry/AzureContainerRegistryResource.cs b/src/Aspire.Hosting.Azure.ContainerRegistry/AzureContainerRegistryResource.cs
@@ -0,0 +1,42 @@
+#pragma warning disable ASPIRECOMPUTE001 // Type is for evaluation purposes only and is subject to change or removal in future updates. Suppress this diagnostic to proceed.
+
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using Aspire.Hosting.ApplicationModel;
+using Azure.Provisioning.ContainerRegistry;
+using Azure.Provisioning.Primitives;
+
+namespace Aspire.Hosting.Azure.ContainerRegistry;
+
+/// <summary>
+/// Represents an Azure Container Registry resource.
+/// </summary>
+public class AzureContainerRegistryResource(string name, Action<AzureResourceInfrastructure> configureInfrastructure)
+    : AzureProvisioningResource(name, configureInfrastructure), IContainerRegistry
+{
+    /// <summary>
+    /// The name of the Azure Container Registry.
+    /// </summary>
+    public BicepOutputReference RegistryName => new("name", this);
+
+    /// <summary>
+    /// The endpoint of the Azure Container Registry.
+    /// </summary>
+    public BicepOutputReference RegistryEndpoint => new("loginServer", this);
+
+    /// <inheritdoc/>
+    ReferenceExpression IContainerRegistry.Name => ReferenceExpression.Create($"{RegistryName}");
+
+    /// <inheritdoc/>
+    ReferenceExpression IContainerRegistry.Endpoint => ReferenceExpression.Create($"{RegistryEndpoint}");
+
+    /// <inheritdoc/>
+    public override ProvisionableResource AddAsExistingResource(AzureResourceInfrastructure infra)
+    {
+        var store = ContainerRegistryService.FromExisting(this.GetBicepIdentifier());
+        store.Name = RegistryName.AsProvisioningParameter(infra);
+        infra.Add(store);
+        return store;
+    }
+}
diff --git a/src/Aspire.Hosting.Azure.ContainerRegistry/ContainerRegistryReferenceAnnotation.cs b/src/Aspire.Hosting.Azure.ContainerRegistry/ContainerRegistryReferenceAnnotation.cs
@@ -0,0 +1,23 @@
+#pragma warning disable ASPIRECOMPUTE001 // Type is for evaluation purposes only and is subject to change or removal in future updates. Suppress this diagnostic to proceed.
+
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using Aspire.Hosting.ApplicationModel;
+
+namespace Aspire.Hosting.Azure;
+
+/// <summary>
+/// Annotation that indicates a resource is using a specific container registry.
+/// </summary>
+/// <remarks>
+/// Initializes a new instance of the <see cref="ContainerRegistryReferenceAnnotation"/> class.
+/// </remarks>
+/// <param name="registry">The container registry resource.</param>
+public class ContainerRegistryReferenceAnnotation(IContainerRegistry registry) : IResourceAnnotation
+{
+    /// <summary>
+    /// Gets the container registry resource.
+    /// </summary>
+    public IContainerRegistry Registry { get; } = registry;
+}
diff --git a/src/Aspire.Hosting.Azure/Aspire.Hosting.Azure.csproj b/src/Aspire.Hosting.Azure/Aspire.Hosting.Azure.csproj
@@ -33,6 +33,7 @@
     <PackageReference Include="System.IO.Hashing" />
     <PackageReference Include="Azure.Provisioning" />
     <PackageReference Include="Azure.Provisioning.KeyVault" />
+    <PackageReference Include="Azure.Provisioning.ContainerRegistry" />
     <PackageReference Include="Azure.ResourceManager.Authorization" />
     <PackageReference Include="Azure.ResourceManager.KeyVault" />
     <PackageReference Include="Azure.ResourceManager.Resources" />

@@ -238,12 +238,14 @@ void CaptureBicepOutputs(object value)
                 File.Copy(file.Path, modulePath, true);
 
                 // Capture any bicep outputs from the registry info as it may be needed
-                Visit(annotation.ContainerRegistryInfo?.Name, CaptureBicepOutputs);
-                Visit(annotation.ContainerRegistryInfo?.Endpoint, CaptureBicepOutputs);
-
-                if (annotation.ContainerRegistryInfo is IAzureContainerRegistry acr)
+                if (resource is IComputeResource computeResource)
                 {
-                    Visit(acr.ManagedIdentityId, CaptureBicepOutputs);
+                    Visit(computeResource.ContainerRegistry?.Name, CaptureBicepOutputs);
+                    Visit(computeResource.ContainerRegistry?.Endpoint, CaptureBicepOutputs);
+                    if (computeResource.ContainerRegistry is IAzureContainerRegistry acr)
+                    {
+                        Visit(acr.ManagedIdentityId, CaptureBicepOutputs);
+                    }
                 }
 
                 foreach (var parameter in br.Parameters)

@@ -57,10 +57,11 @@ public async Task BeforeStartAsync(DistributedApplicationModel appModel, Cancell
 
             // Add deployment target annotation to the resource
 #pragma warning disable ASPIRECOMPUTE001 // Type is for evaluation purposes only and is subject to change or removal in future updates. Suppress this diagnostic to proceed.
-            r.Annotations.Add(new DeploymentTargetAnnotation(serviceResource)
+            r.Annotations.Add(new DeploymentTargetAnnotation(serviceResource));
+            if (r is IComputeResource computeResource)
             {
-                ComputeEnvironment = environment,
-            });
+                computeResource.ComputeEnvironment = environment;
+            }
 #pragma warning restore ASPIRECOMPUTE001 // Type is for evaluation purposes only and is subject to change or removal in future updates. Suppress this diagnostic to proceed.
         }
     }

diff --git a/src/Aspire.Hosting.Kubernetes/KubernetesInfrastructure.cs b/src/Aspire.Hosting.Kubernetes/KubernetesInfrastructure.cs
@@ -57,10 +57,11 @@ public async Task BeforeStartAsync(DistributedApplicationModel appModel, Cancell
 
             // Add deployment target annotation to the resource
 #pragma warning disable ASPIRECOMPUTE001 // Type is for evaluation purposes only and is subject to change or removal in future updates. Suppress this diagnostic to proceed.
-            r.Annotations.Add(new DeploymentTargetAnnotation(serviceResource)
+            r.Annotations.Add(new DeploymentTargetAnnotation(serviceResource));
+            if (r is IComputeResource computeResource)
             {
-                ComputeEnvironment = environment,
-            });
+                computeResource.ComputeEnvironment = environment;
+            }
 #pragma warning restore ASPIRECOMPUTE001
         }
     }

diff --git a/src/Aspire.Hosting/ApplicationModel/ContainerResource.cs b/src/Aspire.Hosting/ApplicationModel/ContainerResource.cs
@@ -1,3 +1,5 @@
+#pragma warning disable ASPIRECOMPUTE001 // Type is for evaluation purposes only and is subject to change or removal in future updates. Suppress this diagnostic to proceed.
+
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
@@ -10,13 +12,17 @@ namespace Aspire.Hosting.ApplicationModel;
 /// <param name="entrypoint">An optional container entrypoint.</param>
 public class ContainerResource(string name, string? entrypoint = null)
     : Resource(name), IResourceWithEnvironment, IResourceWithArgs, IResourceWithEndpoints, IResourceWithWaitSupport,
-#pragma warning disable ASPIRECOMPUTE001 // Type is for evaluation purposes only and is subject to change or removal in future updates. Suppress this diagnostic to proceed.
     IComputeResource
-#pragma warning restore ASPIRECOMPUTE001
 {
     /// <summary>
     /// The container Entrypoint.
     /// </summary>
     /// <remarks><c>null</c> means use the default Entrypoint defined by the container.</remarks>
     public string? Entrypoint { get; set; } = entrypoint;
+
+    /// <inheritdoc />
+    IComputeEnvironmentResource? IComputeResource.ComputeEnvironment { get; set; }
+
+    /// <inheritdoc />
+    IContainerRegistry? IComputeResource.ContainerRegistry { get; set; }
 }