Comments (4)
Service principal credentials are not retrievable so there is no way to authenticate with the registry in the portal if admin user is not enabled, thus you were seeing the message.
docker search
is not a supported Docker V2 API, thus you were seeing the error. It is not related to whether admin user is enabled or not.
If you only use service principal to authenticate, one way to list images is to use the Azure CLI:
az acr repository list -n <your registry name>
And enter your service principal app id and password in the prompt. Or provide them as command arguments:
az acr repository list -n <your registry name> -u <your service principal app id> -p <your service principal password>
from acr.
The question has been answered. But this is a usability issue. It really makes no sense that I can log in to the azure portal as a user that has 'owner' access rights to the ACR instance, but I can't list that registry's images.
I live in a world that is very sensitive to security issues. By not allowing AD User Principals to list the registry images you have limited our ability to audit who did what. We aren't going to create a different service principal for every user - that defeats the whole point of a service principal. For ACR this is a minor issue because no data will ever get saved in these images. It is just confusing because ACR doesn't behave like other Azure services.
from acr.
@markarnott - AAD integration #32 is something we are definitely implementing. We understand the issues related to SP creation and maintaining them from a security perspective and once AAD is integrated with ACR, you should be able to managed users directly on the registry resource as you would with any other Azure resource.
/cc @DavidObando
from acr.
This is now available on the portal.
from acr.
Related Issues (20)
- Pull Through Caching from Another Azure Container Registry HOT 2
- Add support of registry.k8s.io type in cache rules HOT 1
- Rest api for get tags doesn respect n parameter (pagesize) HOT 2
- Scope Security/ Vulnerability scan to certain image tags only
- Catalog API only works with scope map * HOT 2
- Allow configuration of CORS headers for API access from web clients HOT 1
- Use Entra security principals with scope maps HOT 3
- [Docker Hub] ACR Cache error: too many requests to source registry for cache rule HOT 52
- connectivity_challenge_error grcsharedacr
- Unable to login into azure acr HOT 2
- Unable to login to container registry shazdevops HOT 1
- Auth Endpoint seems to require account parameter which is not part of the API Spec
- Cache elastic images HOT 1
- ACR Build with public access disabled HOT 1
- ACR streaming: failed to open remote file as tar file error HOT 6
- Cached images do not update. HOT 6
- Cannot create cache rule for public docker image `python:3.11-bookworm` due to naming rules HOT 4
- Cache zalando images
- Quay self-hosted Registry Caching HOT 1
- token support for signed images HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from acr.