az acr connected-registry

Manage connected registry resources with Azure Container Registries.

Commands

az acr connected-registry create

Create a connected registry for an Azure Container Registry.

az acr connected-registry deactivate

Deactivate a connected registry from Azure Container Registry.

az acr connected-registry delete

Delete a connected registry from Azure Container Registry.

az acr connected-registry get-settings

Retrieve information required to activate a connected registry, and creates or rotates the sync token credentials.

az acr connected-registry install

Help to access the necessary information for installing a connected registry. Please see https://aka.ms/acr/connected-registry for more information.

az acr connected-registry install info

Retrieve information required to activate a connected registry.

az acr connected-registry install renew-credentials

Retrieve information required to activate a connected registry, and renews the sync token credentials.

az acr connected-registry list

List all the connected registries under the current parent registry.

az acr connected-registry list-client-tokens

List all the client tokens associated to a specific connected registries.

az acr connected-registry permissions

Manage the repository permissions accross multiple connected registries. Please see https://aka.ms/acr/connected-registry for more information.

az acr connected-registry permissions show

Show the connected registry sync scope map information.

az acr connected-registry permissions update

Add and remove repository permissions accross all the necessary connected registry sync scope maps.

az acr connected-registry repo

Update all the necessary connected registry sync scope maps repository permissions.

az acr connected-registry show

Show connected registry details.

az acr connected-registry update

Update a connected registry for an Azure Container Registry.

az acr connected-registry create

Create a connected registry for an Azure Container Registry.

az acr connected-registry create --name
                                 --registry
                                 [--audit-logs-enabled {false, true}]
                                 [--client-tokens]
                                 [--log-level]
                                 [--mode {ReadOnly, ReadWrite}]
                                 [--notifications]
                                 [--parent]
                                 [--repository]
                                 [--resource-group]
                                 [--sync-message-ttl]
                                 [--sync-schedule]
                                 [--sync-token]
                                 [--sync-window]

Examples

Create a connected registry in registry mode with access to repos app/hello-world and service/mycomponent. It'll create a sync token and scope-map with the right repo permissions.

az acr connected-registry create --registry mycloudregistry --name myconnectedregistry \
    --repository "app/hello-world" "service/mycomponent"

Create a read only connected registry with only read permissions and pass the sync token

az acr connected-registry create --registry mycloudregistry  --name myreadonlyacr \
    --mode readonly --parent myconnectedregistry --sync-token mySyncTokenName

Create a read only connected registry with client tokens, that syncs every day at midninght and sync window of 4 hours.

az acr connected-registry create -r mycloudregistry -n myreadonlyacr -p myconnectedregistry \
    --repository "app/mycomponent" -m ReadOnly -s "0 12 * * *" -w PT4H \
    --client-tokens myTokenName1 myTokenName2

Required Parameters

--name -n

Name for the connected registry. Name must be between 5 to 40 character long, start with a letter and contain only alphanumeric characters (including ‘_’ or ‘-’). Name must be unique under the Cloud ACR hierarchy.

--registry -r

The login server of the Cloud ACR registry. Must be the FQDN to support also Azure Stack.

Optional Parameters

--audit-logs-enabled

Indicate whether audit log synchronization is enabled. It is enabled by default.

accepted values: false, true
--client-tokens

Specify the client access to the repositories in the connected registry. It can be in the format [TOKEN_NAME01] [TOKEN_NAME02]...

--log-level

Set the log level for logging on the instance. Accepted log levels are Debug, Information, Warning, Error, and None.

default value: Information
--mode -m

Determine the access it will have when synchronized.

accepted values: ReadOnly, ReadWrite
default value: ReadWrite
--notifications

List of artifact pattern for which notifications need to be generated. Use the format "--notifications [PATTERN1 PATTERN2 ...]".

--parent -p

The name of the parent connected registry.

--repository

Specify the repositories that need to be sync to the connected registry. It can be in the format [REPO01] [REPO02]...

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--sync-message-ttl

Determine how long the sync messages will be kept in the cloud. Uses ISO 8601 duration format.

default value: P2D
--sync-schedule -s

Optional parameter to define the sync schedule. Uses cron expression to determine the schedule. If not specified, the instance is considered always online and attempts to sync every minute.

--sync-token

Specifies the sync token used to synchronize the connected registry with its parent. It most have only repo permissions and at least the actions required for its mode. It can include access for multiple repositories.

--sync-window -w

Required parameter if --sync-schedule is present. Used to determine the schedule duration. Uses ISO 8601 duration format.

az acr connected-registry deactivate

Deactivate a connected registry from Azure Container Registry.

az acr connected-registry deactivate --name
                                     --registry
                                     [--resource-group]
                                     [--yes]

Examples

Deactivate a connected registry 'myconnectedregistry'.

az acr connected-registry deactivate -r mycloudregistry -n myconnectedregistry

Required Parameters

--name -n

Name for the connected registry. Name must be between 5 to 40 character long, start with a letter and contain only alphanumeric characters (including ‘_’ or ‘-’). Name must be unique under the Cloud ACR hierarchy.

--registry -r

The login server of the Cloud ACR registry. Must be the FQDN to support also Azure Stack.

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--yes -y

Do not prompt for confirmation.

az acr connected-registry delete

Delete a connected registry from Azure Container Registry.

az acr connected-registry delete --name
                                 --registry
                                 [--cleanup]
                                 [--resource-group]
                                 [--yes]

Examples

Delete a read only connected registry 'myconnectedregistry' from parent registry 'mycloudregistry'.

az acr connected-registry delete --registry mycloudregistry --name myconnectedregistry

Delete a read only connected registry 'myconnectedregistry' and it's sync token and scope-map from parent registry 'mycloudregistry'.

az acr connected-registry delete -r mycloudregistry -n myconnectedregistry --cleanup

Required Parameters

--name -n

Name for the connected registry. Name must be between 5 to 40 character long, start with a letter and contain only alphanumeric characters (including ‘_’ or ‘-’). Name must be unique under the Cloud ACR hierarchy.

--registry -r

The login server of the Cloud ACR registry. Must be the FQDN to support also Azure Stack.

Optional Parameters

--cleanup

It will aslo delete the sync token and the scope map resources.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--yes -y

Do not prompt for confirmation.

az acr connected-registry get-settings

Retrieve information required to activate a connected registry, and creates or rotates the sync token credentials.

az acr connected-registry get-settings --name
                                       --parent-protocol {http, https}
                                       --registry
                                       [--generate-password {1, 2}]
                                       [--resource-group]
                                       [--yes]

Examples

Get the settings information required to install a connected registry without the password.

az acr connected-registry get-settings -r mycloudregistry -n myconnectedregistry --parent-protocol http

Generate a new sync token password 1 or rotates the password if it already exists, and gets the settings information required to install a connected registry.

az acr connected-registry get-settings -r mycloudregistry -n myconnectedregistry --generate-password 1 --parent-protocol https

Required Parameters

--name -n

Name for the connected registry. Name must be between 5 to 40 character long, start with a letter and contain only alphanumeric characters (including ‘_’ or ‘-’). Name must be unique under the Cloud ACR hierarchy.

--parent-protocol

Specify the protocol used to communicate with its parent.

accepted values: http, https
--registry -r

The login server of the Cloud ACR registry. Must be the FQDN to support also Azure Stack.

Optional Parameters

--generate-password

Select which password you want to generate, and it is required to retrieve the password from the sync token.

accepted values: 1, 2
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--yes -y

Do not prompt for confirmation.

az acr connected-registry list

List all the connected registries under the current parent registry.

az acr connected-registry list --registry
                               [--no-children]
                               [--parent]
                               [--resource-group]

Examples

List all the connected registries of 'mycloudregistry' in table format.

az acr connected-registry list --registry mycloudregistry --output table

List only the inmediate children of 'mycloudregistry' in expanded form in a table.

az acr connected-registry list --registry mycloudregistry --no-children --output table

List all the offspring of 'myconnectedregistry' in expanded form inside a table.

az acr connected-registry list -r mycloudregistry -p myconnectedregistry --output table

Required Parameters

--registry -r

The login server of the Cloud ACR registry. Must be the FQDN to support also Azure Stack.

Optional Parameters

--no-children

Used to remove all children from the list.

--parent -p

The name of the parent connected registry.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az acr connected-registry list-client-tokens

List all the client tokens associated to a specific connected registries.

az acr connected-registry list-client-tokens --name
                                             --registry
                                             [--resource-group]

Examples

List all client tokens of 'myreadonlyacr'.

az acr connected-registry list-client-tokens -r mycloudregistry -n myreadonlyacr -o table

Required Parameters

--name -n

Name for the connected registry. Name must be between 5 to 40 character long, start with a letter and contain only alphanumeric characters (including ‘_’ or ‘-’). Name must be unique under the Cloud ACR hierarchy.

--registry -r

The login server of the Cloud ACR registry. Must be the FQDN to support also Azure Stack.

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az acr connected-registry repo

Update all the necessary connected registry sync scope maps repository permissions.

az acr connected-registry repo --name
                               --registry
                               [--add]
                               [--remove]
                               [--resource-group]

Examples

Add permissions to synchronize images from 'repo1' and 'repo2' to the connected registry 'myconnectedregistry' and its ancestors.

az acr connected-registry repo -r mycloudregistry -n myconnectedregistry --add repo1 repo2

Remove permissions to synchronize images from 'repo1' and 'repo2' to the connected registry 'myconnectedregistry' and its descendants.

az acr connected-registry repo -r mycloudregistry -n myconnectedregistry --remove repo1 repo2

Remove permissions to synchronize 'repo1' images and adds permissions for 'repo2' images.

az acr connected-registry repo -r mycloudregistry -n myconnectedregistry --remove repo1 --add repo2

Required Parameters

--name -n

Name for the connected registry. Name must be between 5 to 40 character long, start with a letter and contain only alphanumeric characters (including ‘_’ or ‘-’). Name must be unique under the Cloud ACR hierarchy.

--registry -r

The login server of the Cloud ACR registry. Must be the FQDN to support also Azure Stack.

Optional Parameters

--add

Repository permissions to be added to the targeted connected registry and it's ancestors sync scope maps. Use the format "--add [REPO1 REPO2 ...]" per flag. Valid actions are {'content/read', 'content/delete', 'content/write', 'metadata/read', 'metadata/write'}.

--remove

Respsitory permissions to be removed from the targeted connected registry and it's succesors sync scope maps. Use the format "--remove [REPO1 REPO2 ...]" per flag. Valid actions are {'content/read', 'content/delete', 'content/write', 'metadata/read', 'metadata/write'}.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az acr connected-registry show

Show connected registry details.

az acr connected-registry show --name
                               --registry
                               [--resource-group]

Examples

Show all the details of the 'myreadonlyacr' registry in table form.

az acr connected-registry show --registry mycloudregistry --name myreadonlyacr --output table

Required Parameters

--name -n

Name for the connected registry. Name must be between 5 to 40 character long, start with a letter and contain only alphanumeric characters (including ‘_’ or ‘-’). Name must be unique under the Cloud ACR hierarchy.

--registry -r

The login server of the Cloud ACR registry. Must be the FQDN to support also Azure Stack.

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az acr connected-registry update

Update a connected registry for an Azure Container Registry.

az acr connected-registry update --name
                                 --registry
                                 [--add-client-tokens]
                                 [--add-notifications]
                                 [--audit-logs-enabled {false, true}]
                                 [--log-level]
                                 [--remove-client-tokens]
                                 [--remove-notifications]
                                 [--resource-group]
                                 [--sync-message-ttl]
                                 [--sync-schedule]
                                 [--sync-window]

Examples

Update the connected registry client Tokens.

az acr connected-registry update --registry mycloudregistry --name myconnectedregistry \
    --remove-client-tokens myTokenName1 --add-client-tokens myTokenName2 myTokenName3

Update the sync and window time of a connected registry.

az acr connected-registry update --registry mycloudregistry --name myreadonlyacr \
    --sync-schedule "0 12 * * *" --sync-window PT4H

Required Parameters

--name -n

Name for the connected registry. Name must be between 5 to 40 character long, start with a letter and contain only alphanumeric characters (including ‘_’ or ‘-’). Name must be unique under the Cloud ACR hierarchy.

--registry -r

The login server of the Cloud ACR registry. Must be the FQDN to support also Azure Stack.

Optional Parameters

--add-client-tokens

Client tokens to be added. Use the format "--add-client-tokens [TOKEN_NAME1 TOKEN_NAME2 ...]" per token id.

--add-notifications

List of artifact pattern to be added to notifications list. Use the format "--add-notifications [PATTERN1 PATTERN2 ...]".

--audit-logs-enabled

Indicate whether audit log synchronization is enabled. It is enabled by default.

accepted values: false, true
--log-level

Set the log level for logging on the instance. Accepted log levels are Debug, Information, Warning, Error, and None.

--remove-client-tokens

Client tokens to be removed. Use the format "--remove-client-tokens [TOKEN_NAME1 TOKEN_NAME2 ...]" per token id.

--remove-notifications

List of artifact pattern to be removed from notifications list. Use the format "--remove-notifications [PATTERN1 PATTERN2 ...]".

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--sync-message-ttl

Determine how long the sync messages will be kept in the cloud. Uses ISO 8601 duration format.

--sync-schedule -s

Optional parameter to define the sync schedule. Uses cron expression to determine the schedule. If not specified, the instance is considered always online and attempts to sync every minute.

--sync-window -w

Used to determine the schedule duration. Uses ISO 8601 duration format.