Issue with pushing Signed docker image to Azure Container Registry with Content Trust Enabled

Harsh 0 Reputation points
2023-03-17T21:32:48.8166667+00:00

I have a Azure Container Registry with content trust enabled and trying to run following commands to push signed image to registry but it is failing for command #2 with the error you are not authorized to perform this operation: server returned 401.

sudo docker trust signer add --key delegation.crt harsh testhlaveva.azurecr.io/hello-world
sudo docker trust signer add --key delegation.crt harsh testhlaveva.azurecr.io/hello-world
sudo docker trust sign testhlaveva.azurecr.io/hello-world:1.0.0-signed
sudo docker trust inspect --pretty testhlaveva.azurecr.io/hello-world

Error Log

harsh@ubuntu:~/Desktop/content_trust/test3_crt$ sudo docker trust signer add --key delegation.crt harsh testhlaveva.azurecr.io/hello-world
Adding signer "harsh" to testhlaveva.azurecr.io/hello-world...
Initializing signed repository for testhlaveva.azurecr.io/hello-world...
Enter passphrase for root key with ID fb3d071: 
Enter passphrase for new repository key with ID 66ae075: 
Repeat passphrase for new repository key with ID 66ae075: 
Successfully initialized "testhlaveva.azurecr.io/hello-world"
you are not authorized to perform this operation: server returned 401.
Failed to add signer to: testhlaveva.azurecr.io/hello-world
Azure Container Registry
Azure Container Registry
An Azure service that provides a registry of Docker and Open Container Initiative images.
382 questions
{count} votes

1 answer

Sort by: Most helpful
  1. shiva patpi 13,131 Reputation points Microsoft Employee
    2023-03-18T00:21:04.8766667+00:00

    Hello @harsh,

    Please assign the role AcrImageSigner role to the user on ACR for the user who ever is signing the image

    https://learn.microsoft.com/en-us/azure/container-registry/container-registry-content-trust

    I was able to repro your exact issue but after assigning AcrImageSigner permission , it was successful.

    Before giving the permission:

    User's image

    After giving the permission:

    User's image

    Able to sign successfully:

    User's image

    Regards,

    Shiva.

    0 comments No comments