protected void AddAcrRoleAssignment(string acrName, string acrParameterName, AcsServicePrincipal acsServicePrincipal) { string acrResourceId = null; try { //Find Acr resourceId first var acrQuery = new ODataQuery <GenericResourceFilter>($"$filter=resourceType eq 'Microsoft.ContainerRegistry/registries' and name eq '{acrName}'"); var acrObjects = RmClient.Resources.List(acrQuery); acrResourceId = acrObjects.First().Id; } catch (Exception) { throw new AzPSArgumentException( string.Format(Resources.CouldNotFindSpecifiedAcr, acrName), acrParameterName, string.Format(Resources.CouldNotFindSpecifiedAcr, "*")); } var roleId = GetRoleId("acrpull", acrResourceId); RoleAssignment roleAssignment = GetRoleAssignmentWithRoleDefinitionId(roleId); if (roleAssignment != null) { WriteWarning(string.Format(Resources.AcrRoleAssignmentIsAlreadyExist, acrResourceId)); return; } var spObjectId = acsServicePrincipal.ObjectId; if (spObjectId == null) { try { ODataQuery <MicrosoftGraphServicePrincipal> oDataQuery = new ODataQuery <MicrosoftGraphServicePrincipal>(sp => sp.AppId == acsServicePrincipal.SpId); var servicePrincipal = GraphClient.FilterServicePrincipals(oDataQuery).First(); spObjectId = servicePrincipal.Id; } catch (Exception ex) { throw new AzPSInvalidOperationException( string.Format(Resources.CouldNotFindObjectIdForServicePrincipal, acsServicePrincipal.SpId), ex, string.Format(Resources.CouldNotFindObjectIdForServicePrincipal, "*")); } } var success = RetryAction(() => AuthClient.RoleAssignments.Create(acrResourceId, Guid.NewGuid().ToString(), new RoleAssignmentCreateParameters() { Properties = new RoleAssignmentProperties(roleId, spObjectId) }), Resources.AddRoleAssignment); if (!success) { throw new AzPSInvalidOperationException( Resources.CouldNotAddAcrRoleAssignment, desensitizedMessage: Resources.CouldNotAddAcrRoleAssignment); } }