Share via


az acr scope-map

Manage scope access maps for Azure Container Registries.

Commands

Name Description Type Status
az acr scope-map create

Create a scope map for an Azure Container Registry.

Core GA
az acr scope-map delete

Delete a scope map for an Azure Container Registry.

Core GA
az acr scope-map list

List all scope maps for an Azure Container Registry.

Core GA
az acr scope-map show

Show details and attributes of a scope map for an Azure Container Registry.

Core GA
az acr scope-map update

Update a scope map for an Azure Container Registry.

Core GA

az acr scope-map create

Create a scope map for an Azure Container Registry.

az acr scope-map create --name
                        --registry
                        [--description]
                        [--gateway]
                        [--repository]
                        [--resource-group]

Examples

Create a scope map that allows content/write and metadata/read actions for `hello-world` repository, and content/read action for `hello-world-again`.

az acr scope-map create -n MyScopeMap -r myregistry --repository hello-world content/write metadata/read --repository hello-world-again content/read --description "Sample scope map."

Create a scope map that allows all repository actions for `test`, and all gateway actions for `connectedRegistry`.

az acr scope-map create -n MyScopeMap -r myregistry --description "Sample scope map."
  --repository test content/delete content/read content/write metadata/read metadata/write
  --gateway connectedRegistry config/read config/write message/read message/write

Required Parameters

--name -n

The name of the scope map.

--registry -r

The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.

Optional Parameters

--description

Description for the scope map. Maximum 256 characters are allowed.

--gateway

Gateway permissions. Use the format "--gateway GATEWAY [ACTION1 ACTION2 ...]" per flag. Valid actions are ['config/read', 'config/write', 'message/read', 'message/write'].

--repository

Repository permissions. Use the format "--repository REPO [ACTION1 ACTION2 ...]" per flag. Valid actions are ['content/delete', 'content/read', 'content/write', 'metadata/read', 'metadata/write'].

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az acr scope-map delete

Delete a scope map for an Azure Container Registry.

az acr scope-map delete --name
                        --registry
                        [--resource-group]
                        [--yes]

Examples

Delete the scope map 'MyScopeMap'.

az acr scope-map delete -n MyScopeMap -r myregistry

Required Parameters

--name -n

The name of the scope map.

--registry -r

The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--yes -y

Do not prompt for confirmation.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az acr scope-map list

List all scope maps for an Azure Container Registry.

az acr scope-map list --registry
                      [--resource-group]

Examples

List scope maps under the registry 'myregistry'.

az acr scope-map list -r myregistry

Required Parameters

--registry -r

The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az acr scope-map show

Show details and attributes of a scope map for an Azure Container Registry.

az acr scope-map show --name
                      --registry
                      [--resource-group]

Examples

Get information for the scope map 'MyScopeMap'.

az acr scope-map show -n MyScopeMap -r myregistry

Required Parameters

--name -n

The name of the scope map.

--registry -r

The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az acr scope-map update

Update a scope map for an Azure Container Registry.

az acr scope-map update --name
                        --registry
                        [--add-gateway]
                        [--add-repository]
                        [--description]
                        [--remove-gateway]
                        [--remove-repository]
                        [--resource-group]

Examples

Update the scope map 'MyScopeMap' removing metadata/read and content/read actions for `hello-world` repository, and message/write action for `connectedRegistry`.

az acr scope-map update -n MyScopeMap -r myregistry --remove-repo hello-world metadata/read content/read --remove-gateway connectedRegistry message/write

Required Parameters

--name -n

The name of the scope map.

--registry -r

The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.

Optional Parameters

--add-gateway

Gateway permissions to be added. Use the format "--add-gateway GATEWAY [ACTION1 ACTION2 ...]" per flag. Valid actions are ['config/read', 'config/write', 'message/read', 'message/write'].

--add-repository

Repository permissions to be added. Use the format "--add-repository REPO [ACTION1 ACTION2 ...]" per flag. Valid actions are ['content/delete', 'content/read', 'content/write', 'metadata/read', 'metadata/write'].

--description

Description for the scope map. Maximum 256 characters are allowed.

--remove-gateway

Gateway permissions to be removed. Use the format "--remove-gateway GATEWAY [ACTION1 ACTION2 ...]" per flag. Valid actions are ['config/read', 'config/write', 'message/read', 'message/write'].

--remove-repository

Repository permissions to be removed. Use the format "--remove-repository REPO [ACTION1 ACTION2 ...]" per flag. Valid actions are ['content/delete', 'content/read', 'content/write', 'metadata/read', 'metadata/write'].

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.