az acr scope-map

Manage scope access maps for Azure Container Registries.

Commands

az acr scope-map create

Create a scope map for an Azure Container Registry.

az acr scope-map delete

Delete a scope map for an Azure Container Registry.

az acr scope-map list

List all scope maps for an Azure Container Registry.

az acr scope-map show

Show details and attributes of a scope map for an Azure Container Registry.

az acr scope-map update

Update a scope map for an Azure Container Registry.

az acr scope-map create

Create a scope map for an Azure Container Registry.

az acr scope-map create --name
                        --registry
                        [--description]
                        [--gateway]
                        [--repository]
                        [--resource-group]

Examples

Create a scope map that allows content/write and metadata/read actions for `hello-world` repository, and content/read action for `hello-world-again`.

az acr scope-map create -n MyScopeMap -r MyRegistry --repository hello-world content/write metadata/read --repository hello-world-again content/read --description "Sample scope map."

Create a scope map that allows all repository actions for `test`, and all gateway actions for `connectedRegistry`.

az acr scope-map create -n MyScopeMap -r MyRegistry --description "Sample scope map."
  --repository test content/delete content/read content/write metadata/read metadata/write
  --gateway connectedRegistry config/read config/write message/read message/write

Required Parameters

--name -n

The name of the scope map.

--registry -r

The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.

Optional Parameters

--description

Description for the scope map. Maximum 256 characters are allowed.

--gateway

Gateway permissions. Use the format "--gateway GATEWAY [ACTION1 ACTION2 ...]" per flag. Valid actions are {'config/read', 'config/write', 'message/write', 'message/read'}.

--repository

Repository permissions. Use the format "--repository REPO [ACTION1 ACTION2 ...]" per flag. Valid actions are {'content/write', 'content/delete', 'metadata/write', 'metadata/read', 'content/read'}.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az acr scope-map delete

Delete a scope map for an Azure Container Registry.

az acr scope-map delete --name
                        --registry
                        [--resource-group]
                        [--yes]

Examples

Delete the scope map 'MyScopeMap'.

az acr scope-map delete -n MyScopeMap -r MyRegistry

Required Parameters

--name -n

The name of the scope map.

--registry -r

The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--yes -y

Do not prompt for confirmation.

az acr scope-map list

List all scope maps for an Azure Container Registry.

az acr scope-map list --registry
                      [--resource-group]

Examples

List scope maps under the registry 'MyRegistry'.

az acr scope-map list -r MyRegistry

Required Parameters

--registry -r

The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az acr scope-map show

Show details and attributes of a scope map for an Azure Container Registry.

az acr scope-map show --name
                      --registry
                      [--resource-group]

Examples

Get information for the scope map 'MyScopeMap'.

az acr scope-map show -n MyScopeMap -r MyRegistry

Required Parameters

--name -n

The name of the scope map.

--registry -r

The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az acr scope-map update

Update a scope map for an Azure Container Registry.

az acr scope-map update --name
                        --registry
                        [--add-gateway]
                        [--add-repository]
                        [--description]
                        [--remove-gateway]
                        [--remove-repository]
                        [--resource-group]

Examples

Update the scope map 'MyScopeMap' removing metadata/read and content/read actions for `hello-world` repository, and message/write action for `connectedRegistry`.

az acr scope-map update -n MyScopeMap -r MyRegistry --remove-repo hello-world metadata/read content/read --remove-gateway connectedRegistry message/write

Required Parameters

--name -n

The name of the scope map.

--registry -r

The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.

Optional Parameters

--add-gateway

Gateway permissions to be added. Use the format "--add-gateway GATEWAY [ACTION1 ACTION2 ...]" per flag. Valid actions are {'config/read', 'config/write', 'message/write', 'message/read'}.

--add-repository

Repository permissions to be added. Use the format "--add-repository REPO [ACTION1 ACTION2 ...]" per flag. Valid actions are {'content/write', 'content/delete', 'metadata/write', 'metadata/read', 'content/read'}.

--description

Description for the scope map. Maximum 256 characters are allowed.

--remove-gateway

Gateway permissions to be removed. Use the format "--remove-gateway GATEWAY [ACTION1 ACTION2 ...]" per flag. Valid actions are {'config/read', 'config/write', 'message/write', 'message/read'}.

--remove-repository

Repository permissions to be removed. Use the format "--remove-repository REPO [ACTION1 ACTION2 ...]" per flag. Valid actions are {'content/write', 'content/delete', 'metadata/write', 'metadata/read', 'content/read'}.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.