az acr scope-map
Manage scope access maps for Azure Container Registries.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az acr scope-map create |
Create a scope map for an Azure Container Registry. |
Core | GA |
| az acr scope-map delete |
Delete a scope map for an Azure Container Registry. |
Core | GA |
| az acr scope-map list |
List all scope maps for an Azure Container Registry. |
Core | GA |
| az acr scope-map show |
Show details and attributes of a scope map for an Azure Container Registry. |
Core | GA |
| az acr scope-map update |
Update a scope map for an Azure Container Registry. |
Core | GA |
az acr scope-map create
Create a scope map for an Azure Container Registry.
az acr scope-map create --name
--registry
[--description]
[--gateway]
[--repository]
[--resource-group]Examples
Create a scope map that allows content/write and metadata/read actions for `hello-world` repository, and content/read action for `hello-world-again`.
az acr scope-map create -n MyScopeMap -r myregistry --repository hello-world content/write metadata/read --repository hello-world-again content/read --description "Sample scope map."Create a scope map that allows all repository actions for `test`, and all gateway actions for `connectedRegistry`.
az acr scope-map create -n MyScopeMap -r myregistry --description "Sample scope map."
--repository test content/delete content/read content/write metadata/read metadata/write
--gateway connectedRegistry config/read config/write message/read message/writeRequired Parameters
The name of the scope map.
The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.
Optional Parameters
Description for the scope map. Maximum 256 characters are allowed.
Gateway permissions. Use the format "--gateway GATEWAY [ACTION1 ACTION2 ...]" per flag. Valid actions are ['config/read', 'config/write', 'message/read', 'message/write'].
Repository permissions. Use the format "--repository REPO [ACTION1 ACTION2 ...]" per flag. Valid actions are ['content/delete', 'content/read', 'content/write', 'metadata/read', 'metadata/write'].
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az acr scope-map delete
Delete a scope map for an Azure Container Registry.
az acr scope-map delete --name
--registry
[--resource-group]
[--yes]Examples
Delete the scope map 'MyScopeMap'.
az acr scope-map delete -n MyScopeMap -r myregistryRequired Parameters
The name of the scope map.
The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.
Optional Parameters
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Do not prompt for confirmation.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az acr scope-map list
List all scope maps for an Azure Container Registry.
az acr scope-map list --registry
[--resource-group]Examples
List scope maps under the registry 'myregistry'.
az acr scope-map list -r myregistryRequired Parameters
The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.
Optional Parameters
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az acr scope-map show
Show details and attributes of a scope map for an Azure Container Registry.
az acr scope-map show --name
--registry
[--resource-group]Examples
Get information for the scope map 'MyScopeMap'.
az acr scope-map show -n MyScopeMap -r myregistryRequired Parameters
The name of the scope map.
The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.
Optional Parameters
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az acr scope-map update
Update a scope map for an Azure Container Registry.
az acr scope-map update --name
--registry
[--add-gateway]
[--add-repository]
[--description]
[--remove-gateway]
[--remove-repository]
[--resource-group]Examples
Update the scope map 'MyScopeMap' removing metadata/read and content/read actions for `hello-world` repository, and message/write action for `connectedRegistry`.
az acr scope-map update -n MyScopeMap -r myregistry --remove-repo hello-world metadata/read content/read --remove-gateway connectedRegistry message/writeRequired Parameters
The name of the scope map.
The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.
Optional Parameters
Gateway permissions to be added. Use the format "--add-gateway GATEWAY [ACTION1 ACTION2 ...]" per flag. Valid actions are ['config/read', 'config/write', 'message/read', 'message/write'].
Repository permissions to be added. Use the format "--add-repository REPO [ACTION1 ACTION2 ...]" per flag. Valid actions are ['content/delete', 'content/read', 'content/write', 'metadata/read', 'metadata/write'].
Description for the scope map. Maximum 256 characters are allowed.
Gateway permissions to be removed. Use the format "--remove-gateway GATEWAY [ACTION1 ACTION2 ...]" per flag. Valid actions are ['config/read', 'config/write', 'message/read', 'message/write'].
Repository permissions to be removed. Use the format "--remove-repository REPO [ACTION1 ACTION2 ...]" per flag. Valid actions are ['content/delete', 'content/read', 'content/write', 'metadata/read', 'metadata/write'].
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for