Add AcrPull access to Vulnerability scanner Writer MI (#1290)

* Add AcrPull access to Vulnerability scanner Write

* formatting

terraform/subscriptions/s940/c2/vulnerability-scanner/main.tf

@@ -50,7 +50,7 @@ module "github-workload-id" {
   location            = module.resourcegroup.data.location
   roleassignments = {
     contributor = {
-      role     = "Contributor" # Needed to open firewall
+      role = "Contributor" # Needed to open firewall
       scope_id = data.azurerm_container_registry.acr.id
     },
   }
@@ -69,6 +69,12 @@ module "mi-writer" {
   name                = "radix-id-vulnerability-scan-writer-${module.config.environment}"
   resource_group_name = module.resourcegroup.data.name
   location            = module.resourcegroup.data.location
+  roleassignments = {
+    "acr" = {
+      role     = "AcrPull"
+      scope_id = data.azurerm_container_registry.acr.id
+    }
+  }
 }
 
 module "mi-reader" {

terraform/subscriptions/s940/prod/vulnerability-scanner/main.tf

@@ -70,6 +70,12 @@ module "mi-writer" {
   name                = "radix-id-vulnerability-scan-writer-${module.config.environment}"
   resource_group_name = module.resourcegroup.data.name
   location            = module.resourcegroup.data.location
+  roleassignments = {
+    "acr" = {
+      role     = "AcrPull"
+      scope_id = data.azurerm_container_registry.acr.id
+    }
+  }
 }
 
 module "mi-reader" {

terraform/subscriptions/s941/playground/vulnerability-scanner/main.tf

@@ -68,6 +68,13 @@ module "mi-writer" {
   name                = "radix-id-vulnerability-scan-writer-${module.config.environment}"
   resource_group_name = module.resourcegroup.data.name
   location            = module.resourcegroup.data.location
+
+  roleassignments = {
+    "acr" = {
+      role     = "AcrPull"
+      scope_id = data.azurerm_container_registry.acr.id
+    }
+  }
 }
 
 module "mi-reader" {