-
Notifications
You must be signed in to change notification settings - Fork 107
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When Admin user is not enabled Repositories are not searchable. #40
Comments
Service principal credentials are not retrievable so there is no way to authenticate with the registry in the portal if admin user is not enabled, thus you were seeing the message.
If you only use service principal to authenticate, one way to list images is to use the Azure CLI:
And enter your service principal app id and password in the prompt. Or provide them as command arguments:
|
The question has been answered. But this is a usability issue. It really makes no sense that I can log in to the azure portal as a user that has 'owner' access rights to the ACR instance, but I can't list that registry's images. I live in a world that is very sensitive to security issues. By not allowing AD User Principals to list the registry images you have limited our ability to audit who did what. We aren't going to create a different service principal for every user - that defeats the whole point of a service principal. For ACR this is a minor issue because no data will ever get saved in these images. It is just confusing because ACR doesn't behave like other Azure services. |
@markarnott - AAD integration #32 is something we are definitely implementing. We understand the issues related to SP creation and maintaining them from a security perspective and once AAD is integrated with ACR, you should be able to managed users directly on the registry resource as you would with any other Azure resource. |
This is now available on the portal. |
We setup a registry and configured service principals to push and pull images, but we cannot find a way to list what images are in the repository.
When attempting to view repositories in the azure portal we see this message:
Admin user is not enabled. Enable admin user in Access keys blade to view repositories.
We tried from the docker CLI like this.
docker login reg.azurecr.io
docker search reg.azurecr.io
and we always receive this message:
Error response from daemon: Unexpected status code 404
Your blog post on ACR user accounts indicates that the Admin User is a temporary approach that will go away in the future. Are we correct in assuming that enabling the Admin User is currently the only way to view what images are in the registry?
The text was updated successfully, but these errors were encountered: