az acr connected-registry

This command group is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Manage connected registry resources with Azure Container Registries.

Commands

Name	Description	Type	Status
az acr connected-registry create	Create a connected registry for an Azure Container Registry.	Core	Preview
az acr connected-registry deactivate	Deactivate a connected registry from Azure Container Registry.	Core	Preview
az acr connected-registry delete	Delete a connected registry from Azure Container Registry.	Core	Preview
az acr connected-registry get-settings	Retrieve information required to activate a connected registry, and creates or rotates the sync token credentials.	Core	Preview
az acr connected-registry install	Help to access the necessary information for installing a connected registry. Please see https://aka.ms/acr/connected-registry for more information.	Core	Preview and Deprecated
az acr connected-registry install info	Retrieve information required to activate a connected registry.	Core	Preview and Deprecated
az acr connected-registry install renew-credentials	Retrieve information required to activate a connected registry, and renews the sync token credentials.	Core	Preview and Deprecated
az acr connected-registry list	List all the connected registries under the current parent registry.	Core	Preview
az acr connected-registry list-client-tokens	List all the client tokens associated to a specific connected registries.	Core	Preview
az acr connected-registry permissions	Manage the repository permissions accross multiple connected registries. Please see https://aka.ms/acr/connected-registry for more information.	Core	Preview
az acr connected-registry permissions show	Show the connected registry sync scope map information.	Core	Preview
az acr connected-registry permissions update	Add and remove repository permissions accross all the necessary connected registry sync scope maps.	Core	Preview
az acr connected-registry repo	Update all the necessary connected registry sync scope maps repository permissions.	Core	Preview and Deprecated
az acr connected-registry show	Show connected registry details.	Core	Preview
az acr connected-registry update	Update a connected registry for an Azure Container Registry.	Core	Preview

az acr connected-registry create

Preview

Command group 'acr connected-registry' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create a connected registry for an Azure Container Registry.

az acr connected-registry create --name
                                 --registry
                                 [--audit-logs-enabled {false, true}]
                                 [--client-tokens]
                                 [--log-level]
                                 [--mode {ReadOnly, ReadWrite}]
                                 [--notifications]
                                 [--parent]
                                 [--repository]
                                 [--resource-group]
                                 [--sync-message-ttl]
                                 [--sync-schedule]
                                 [--sync-token]
                                 [--sync-window]
                                 [--yes]

Examples

Create a connected registry in registry mode with access to repos app/hello-world and service/mycomponent. It'll create a sync token and scope-map with the right repo permissions.

az acr connected-registry create --registry mycloudregistry --name myconnectedregistry \
    --repository "app/hello-world" "service/mycomponent"

Create a read only connected registry with only read permissions and pass the sync token

az acr connected-registry create --registry mycloudregistry  --name myreadonlyacr \
    --mode readonly --parent myconnectedregistry --sync-token mySyncTokenName

Create a read only connected registry with client tokens, that syncs every day at midninght and sync window of 4 hours.

az acr connected-registry create -r mycloudregistry -n myreadonlyacr -p myconnectedregistry \
    --repository "app/mycomponent" -m ReadOnly -s "0 12 * * *" -w PT4H \
    --client-tokens myTokenName1 myTokenName2

Required Parameters

--name -n

Name for the connected registry. Name must be between 5 to 40 character long, start with a letter and contain only alphanumeric characters (including ‘_’ or ‘-’). Name must be unique under the Cloud ACR hierarchy.

--registry -r

The login server of the Cloud ACR registry. Must be the FQDN to support also Azure Stack.

Optional Parameters

--audit-logs-enabled

Deprecated

Argument 'sync_audit_logs_enabled' has been deprecated and will be removed in a future release.

Indicate whether audit log synchronization is enabled. It is enabled by default.

Accepted values: false, true

Default value: False

--client-tokens

Specify the client access to the repositories in the connected registry. It can be in the format [TOKEN_NAME01] [TOKEN_NAME02]...

--log-level

Set the log level for logging on the instance. Accepted log levels are Debug, Information, Warning, Error, and None.

Default value: Information

--mode -m

Determine the access it will have when synchronized.

Accepted values: ReadOnly, ReadWrite

Default value: ReadOnly

--notifications

List of artifact pattern for which notifications need to be generated. Use the format "--notifications [PATTERN1 PATTERN2 ...]".

--parent -p

The name of the parent connected registry.

--repository

Specify the repositories that need to be sync to the connected registry. It can be in the format [REPO01] [REPO02]...

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--sync-message-ttl

Determine how long the sync messages will be kept in the cloud. Uses ISO 8601 duration format.

Default value: P2D

--sync-schedule -s

Optional parameter to define the sync schedule. Uses cron expression to determine the schedule. If not specified, the instance is considered always online and attempts to sync every minute.

Default value: * * * * *

--sync-token

Specifies the sync token used to synchronize the connected registry with its parent. It most have only repo permissions and at least the actions required for its mode. It can include access for multiple repositories.

--sync-window -w

Required parameter if --sync-schedule is present. Used to determine the schedule duration. Uses ISO 8601 duration format.

--yes -y

Do not prompt for confirmation.

Default value: False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az acr connected-registry deactivate

Preview

Command group 'acr connected-registry' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Deactivate a connected registry from Azure Container Registry.

az acr connected-registry deactivate --name
                                     --registry
                                     [--resource-group]
                                     [--yes]

Examples

Deactivate a connected registry 'myconnectedregistry'.

az acr connected-registry deactivate -r mycloudregistry -n myconnectedregistry

Required Parameters

--name -n

Name for the connected registry. Name must be between 5 to 40 character long, start with a letter and contain only alphanumeric characters (including ‘_’ or ‘-’). Name must be unique under the Cloud ACR hierarchy.

--registry -r

The login server of the Cloud ACR registry. Must be the FQDN to support also Azure Stack.

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--yes -y

Do not prompt for confirmation.

Default value: False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az acr connected-registry delete

Preview

Command group 'acr connected-registry' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Delete a connected registry from Azure Container Registry.

az acr connected-registry delete --name
                                 --registry
                                 [--cleanup]
                                 [--resource-group]
                                 [--yes]

Examples

Delete a read only connected registry 'myconnectedregistry' from parent registry 'mycloudregistry'.

az acr connected-registry delete --registry mycloudregistry --name myconnectedregistry

Delete a read only connected registry 'myconnectedregistry' and it's sync token and scope-map from parent registry 'mycloudregistry'.

az acr connected-registry delete -r mycloudregistry -n myconnectedregistry --cleanup

Required Parameters

--name -n

Name for the connected registry. Name must be between 5 to 40 character long, start with a letter and contain only alphanumeric characters (including ‘_’ or ‘-’). Name must be unique under the Cloud ACR hierarchy.

--registry -r

The login server of the Cloud ACR registry. Must be the FQDN to support also Azure Stack.

Optional Parameters

--cleanup

It will aslo delete the sync token and the scope map resources.

Default value: False

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--yes -y

Do not prompt for confirmation.

Default value: False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az acr connected-registry get-settings

Preview

Command group 'acr connected-registry' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Retrieve information required to activate a connected registry, and creates or rotates the sync token credentials.

az acr connected-registry get-settings --name
                                       --parent-protocol {http, https}
                                       --registry
                                       [--generate-password {1, 2}]
                                       [--resource-group]
                                       [--yes]

Examples

Get the settings information required to install a connected registry without the password.

az acr connected-registry get-settings -r mycloudregistry -n myconnectedregistry --parent-protocol http

Generate a new sync token password 1 or rotates the password if it already exists, and gets the settings information required to install a connected registry.

az acr connected-registry get-settings -r mycloudregistry -n myconnectedregistry --generate-password 1 --parent-protocol https

Required Parameters

--name -n

Name for the connected registry. Name must be between 5 to 40 character long, start with a letter and contain only alphanumeric characters (including ‘_’ or ‘-’). Name must be unique under the Cloud ACR hierarchy.

--parent-protocol

Specify the protocol used to communicate with its parent.

Accepted values: http, https

--registry -r

The login server of the Cloud ACR registry. Must be the FQDN to support also Azure Stack.

Optional Parameters

--generate-password

Select which password you want to generate, and it is required to retrieve the password from the sync token.

Accepted values: 1, 2

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--yes -y

Do not prompt for confirmation.

Default value: False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az acr connected-registry list

Preview

Command group 'acr connected-registry' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

List all the connected registries under the current parent registry.

az acr connected-registry list --registry
                               [--no-children]
                               [--parent]
                               [--resource-group]

Examples

List all the connected registries of 'mycloudregistry' in table format.

az acr connected-registry list --registry mycloudregistry --output table

List only the inmediate children of 'mycloudregistry' in expanded form in a table.

az acr connected-registry list --registry mycloudregistry --no-children --output table

List all the offspring of 'myconnectedregistry' in expanded form inside a table.

az acr connected-registry list -r mycloudregistry -p myconnectedregistry --output table

Required Parameters

--registry -r

The login server of the Cloud ACR registry. Must be the FQDN to support also Azure Stack.

Optional Parameters

--no-children

Used to remove all children from the list.

Default value: False

--parent -p

The name of the parent connected registry.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az acr connected-registry list-client-tokens

Preview

Command group 'acr connected-registry' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

List all the client tokens associated to a specific connected registries.

az acr connected-registry list-client-tokens --name
                                             --registry
                                             [--resource-group]

Examples

List all client tokens of 'myreadonlyacr'.

az acr connected-registry list-client-tokens -r mycloudregistry -n myreadonlyacr -o table

Required Parameters

--name -n

Name for the connected registry. Name must be between 5 to 40 character long, start with a letter and contain only alphanumeric characters (including ‘_’ or ‘-’). Name must be unique under the Cloud ACR hierarchy.

--registry -r

The login server of the Cloud ACR registry. Must be the FQDN to support also Azure Stack.

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az acr connected-registry repo

Preview Deprecated

Command group 'acr connected-registry' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

This command has been deprecated and will be removed in a future release. Use 'permissions update' instead.

Update all the necessary connected registry sync scope maps repository permissions.

az acr connected-registry repo --name
                               --registry
                               [--add]
                               [--remove]
                               [--resource-group]

Examples

Add permissions to synchronize images from 'repo1' and 'repo2' to the connected registry 'myconnectedregistry' and its ancestors.

az acr connected-registry repo -r mycloudregistry -n myconnectedregistry --add repo1 repo2

Remove permissions to synchronize images from 'repo1' and 'repo2' to the connected registry 'myconnectedregistry' and its descendants.

az acr connected-registry repo -r mycloudregistry -n myconnectedregistry --remove repo1 repo2

Remove permissions to synchronize 'repo1' images and adds permissions for 'repo2' images.

az acr connected-registry repo -r mycloudregistry -n myconnectedregistry --remove repo1 --add repo2

Required Parameters

--name -n

Name for the connected registry. Name must be between 5 to 40 character long, start with a letter and contain only alphanumeric characters (including ‘_’ or ‘-’). Name must be unique under the Cloud ACR hierarchy.

--registry -r

The login server of the Cloud ACR registry. Must be the FQDN to support also Azure Stack.

Optional Parameters

--add

Repository permissions to be added to the targeted connected registry and it's ancestors sync scope maps. Use the format "--add [REPO1 REPO2 ...]" per flag. Valid actions are ['content/delete', 'content/read', 'content/write', 'metadata/read', 'metadata/write'].

--remove

Repository permissions to be removed from the targeted connected registry and it's succesors sync scope maps. Use the format "--remove [REPO1 REPO2 ...]" per flag. Valid actions are ['content/delete', 'content/read', 'content/write', 'metadata/read', 'metadata/write'].

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az acr connected-registry show

Preview

Command group 'acr connected-registry' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Show connected registry details.

az acr connected-registry show --name
                               --registry
                               [--resource-group]

Examples

Show all the details of the 'myreadonlyacr' registry in table form.

az acr connected-registry show --registry mycloudregistry --name myreadonlyacr --output table

Required Parameters

--name -n

Name for the connected registry. Name must be between 5 to 40 character long, start with a letter and contain only alphanumeric characters (including ‘_’ or ‘-’). Name must be unique under the Cloud ACR hierarchy.

--registry -r

The login server of the Cloud ACR registry. Must be the FQDN to support also Azure Stack.

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az acr connected-registry update

Preview

Command group 'acr connected-registry' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Update a connected registry for an Azure Container Registry.

az acr connected-registry update --name
                                 --registry
                                 [--add-client-tokens]
                                 [--add-notifications]
                                 [--audit-logs-enabled {false, true}]
                                 [--log-level]
                                 [--remove-client-tokens]
                                 [--remove-notifications]
                                 [--resource-group]
                                 [--sync-message-ttl]
                                 [--sync-schedule]
                                 [--sync-window]

Examples

Update the connected registry client Tokens.

az acr connected-registry update --registry mycloudregistry --name myconnectedregistry \
    --remove-client-tokens myTokenName1 --add-client-tokens myTokenName2 myTokenName3

Update the sync and window time of a connected registry.

az acr connected-registry update --registry mycloudregistry --name myreadonlyacr \
    --sync-schedule "0 12 * * *" --sync-window PT4H

Required Parameters

--name -n

Name for the connected registry. Name must be between 5 to 40 character long, start with a letter and contain only alphanumeric characters (including ‘_’ or ‘-’). Name must be unique under the Cloud ACR hierarchy.

--registry -r

The login server of the Cloud ACR registry. Must be the FQDN to support also Azure Stack.

Optional Parameters

--add-client-tokens

Client tokens to be added. Use the format "--add-client-tokens [TOKEN_NAME1 TOKEN_NAME2 ...]" per token id.

--add-notifications

List of artifact pattern to be added to notifications list. Use the format "--add-notifications [PATTERN1 PATTERN2 ...]".

--audit-logs-enabled

Deprecated

Argument 'sync_audit_logs_enabled' has been deprecated and will be removed in a future release.

Indicate whether audit log synchronization is enabled. It is enabled by default.

Accepted values: false, true

--log-level

Set the log level for logging on the instance. Accepted log levels are Debug, Information, Warning, Error, and None.

--remove-client-tokens

Client tokens to be removed. Use the format "--remove-client-tokens [TOKEN_NAME1 TOKEN_NAME2 ...]" per token id.

--remove-notifications

List of artifact pattern to be removed from notifications list. Use the format "--remove-notifications [PATTERN1 PATTERN2 ...]".

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--sync-message-ttl

Determine how long the sync messages will be kept in the cloud. Uses ISO 8601 duration format.

--sync-schedule -s

Optional parameter to define the sync schedule. Uses cron expression to determine the schedule. If not specified, the instance is considered always online and attempts to sync every minute.

--sync-window -w

Used to determine the schedule duration. Uses ISO 8601 duration format.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.