Microsoft.ContainerRegistry registries 2023-01-01-preview
Bicep resource definition
The registries resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ContainerRegistry/registries resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.ContainerRegistry/registries@2023-01-01-preview' = {
name: 'string'
location: 'string'
tags: {
tagName1: 'tagValue1'
tagName2: 'tagValue2'
}
sku: {
name: 'string'
}
identity: {
principalId: 'string'
tenantId: 'string'
type: 'string'
userAssignedIdentities: {}
}
properties: {
adminUserEnabled: bool
anonymousPullEnabled: bool
dataEndpointEnabled: bool
encryption: {
keyVaultProperties: {
identity: 'string'
keyIdentifier: 'string'
}
status: 'string'
}
networkRuleBypassOptions: 'string'
networkRuleSet: {
defaultAction: 'string'
ipRules: [
{
action: 'Allow'
value: 'string'
}
]
}
policies: {
azureADAuthenticationAsArmPolicy: {
status: 'string'
}
exportPolicy: {
status: 'string'
}
quarantinePolicy: {
status: 'string'
}
retentionPolicy: {
days: int
status: 'string'
}
softDeletePolicy: {
retentionDays: int
status: 'string'
}
trustPolicy: {
status: 'string'
type: 'Notary'
}
}
publicNetworkAccess: 'string'
zoneRedundancy: 'string'
}
}
Property values
registries
Name | Description | Value |
---|---|---|
name | The resource name | string (required) Character limit: 5-50 Valid characters: Alphanumerics. Resource name must be unique across Azure. |
location | The location of the resource. This cannot be changed after the resource is created. | string (required) |
tags | The tags of the resource. | Dictionary of tag names and values. See Tags in templates |
sku | The SKU of the container registry. | Sku (required) |
identity | The identity of the container registry. | IdentityProperties |
properties | The properties of the container registry. | RegistryProperties |
IdentityProperties
Name | Description | Value |
---|---|---|
principalId | The principal ID of resource identity. | string |
tenantId | The tenant ID of resource. | string |
type | The identity type. | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' |
userAssignedIdentities | The list of user identities associated with the resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/ providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. |
object |
RegistryProperties
Name | Description | Value |
---|---|---|
adminUserEnabled | The value that indicates whether the admin user is enabled. | bool |
anonymousPullEnabled | Enables registry-wide pull from unauthenticated clients. | bool |
dataEndpointEnabled | Enable a single data endpoint per region for serving data. | bool |
encryption | The encryption settings of container registry. | EncryptionProperty |
networkRuleBypassOptions | Whether to allow trusted Azure services to access a network restricted registry. | 'AzureServices' 'None' |
networkRuleSet | The network rule set for a container registry. | NetworkRuleSet |
policies | The policies for a container registry. | Policies |
publicNetworkAccess | Whether or not public network access is allowed for the container registry. | 'Disabled' 'Enabled' |
zoneRedundancy | Whether or not zone redundancy is enabled for this container registry | 'Disabled' 'Enabled' |
EncryptionProperty
Name | Description | Value |
---|---|---|
keyVaultProperties | Key vault properties. | KeyVaultProperties |
status | Indicates whether or not the encryption is enabled for container registry. | 'disabled' 'enabled' |
KeyVaultProperties
Name | Description | Value |
---|---|---|
identity | The client id of the identity which will be used to access key vault. | string |
keyIdentifier | Key vault uri to access the encryption key. | string |
NetworkRuleSet
Name | Description | Value |
---|---|---|
defaultAction | The default action of allow or deny when no other rules match. | 'Allow' 'Deny' (required) |
ipRules | The IP ACL rules. | IPRule[] |
IPRule
Name | Description | Value |
---|---|---|
action | The action of IP ACL rule. | 'Allow' |
value | Specifies the IP or IP range in CIDR format. Only IPV4 address is allowed. | string (required) |
Policies
Name | Description | Value |
---|---|---|
azureADAuthenticationAsArmPolicy | The policy for using ARM audience token for a container registry. | AzureADAuthenticationAsArmPolicy |
exportPolicy | The export policy for a container registry. | ExportPolicy |
quarantinePolicy | The quarantine policy for a container registry. | QuarantinePolicy |
retentionPolicy | The retention policy for a container registry. | RetentionPolicy |
softDeletePolicy | The soft delete policy for a container registry. | SoftDeletePolicy |
trustPolicy | The content trust policy for a container registry. | TrustPolicy |
AzureADAuthenticationAsArmPolicy
Name | Description | Value |
---|---|---|
status | The value that indicates whether the policy is enabled or not. | 'disabled' 'enabled' |
ExportPolicy
Name | Description | Value |
---|---|---|
status | The value that indicates whether the policy is enabled or not. | 'disabled' 'enabled' |
QuarantinePolicy
Name | Description | Value |
---|---|---|
status | The value that indicates whether the policy is enabled or not. | 'disabled' 'enabled' |
RetentionPolicy
Name | Description | Value |
---|---|---|
days | The number of days to retain an untagged manifest after which it gets purged. | int |
status | The value that indicates whether the policy is enabled or not. | 'disabled' 'enabled' |
SoftDeletePolicy
Name | Description | Value |
---|---|---|
retentionDays | The number of days after which a soft-deleted item is permanently deleted. | int |
status | The value that indicates whether the policy is enabled or not. | 'disabled' 'enabled' |
TrustPolicy
Name | Description | Value |
---|---|---|
status | The value that indicates whether the policy is enabled or not. | 'disabled' 'enabled' |
type | The type of trust policy. | 'Notary' |
Sku
Name | Description | Value |
---|---|---|
name | The SKU name of the container registry. Required for registry creation. | 'Basic' 'Classic' 'Premium' 'Standard' (required) |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
CI/CD using Jenkins on Azure Container Service (AKS) |
Containers make it very easy for you to continuously build and deploy your applications. By orchestrating deployment of those containers using Kubernetes in Azure Container Service, you can achieve replicable, manageable clusters of containers. By setting up a continuous build to produce your container images and orchestration, you can increase the speed and reliability of your deployment. |
AKS Cluster with a NAT Gateway and an Application Gateway |
This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections. |
Create a Private AKS Cluster with a Public DNS Zone |
This sample shows how to a deploy a private AKS cluster with a Public DNS Zone. |
Creates a Container App and Environment with Registry |
Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs. |
Creates a Dapr pub-sub servicebus app using Container Apps |
Create a Dapr pub-sub servicebus app using Container Apps. |
Simple Azure Container Registry Template |
A template for creating a new Azure Container Registry. |
Azure Container Registry with Geo-replication Template |
A template for creating a new Azure Container Registry with geo-replication |
Azure Container Registry with Policies and Diagnostics |
Azure Container Registry with Policies and Diagnostics (bicep) |
Azure AI Studio basic setup |
This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
Azure AI Studio basic setup |
This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
Azure AI Studio with Microsoft Entra ID Authentication |
This set of templates demonstrates how to set up Azure AI Studio with Microsoft Entra ID authentication for dependent resources, such as Azure AI Services and Azure Storage. |
Azure Machine Learning end-to-end secure setup |
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
Azure Machine Learning end-to-end secure setup (legacy) |
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
Create an AKS compute target with a Private IP address |
This template creates an AKS compute target in given Azure Machine Learning service workspace with a private IP address. |
Create an Azure Machine Learning service workspace |
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the minimal set of resources you require to get started with Azure Machine Learning. |
Create an Azure Machine Learning service workspace (CMK) |
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. The example shows how to configure Azure Machine Learning for encryption with a customer-managed encryption key. |
Create an Azure Machine Learning service workspace (CMK) |
This deployment template specifies how to create an Azure Machine Learning workspace with service-side encryption using your encryption keys. |
Create an Azure Machine Learning service workspace (vnet) |
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
Create an Azure Machine Learning service workspace (legacy) |
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
AKS cluster with the Application Gateway Ingress Controller |
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault |
Build container images with ACR Tasks |
This template uses DeploymentScript to orchestrate ACR to build your container image from code repo. |
Import Container Images into ACR |
This template leverages the Import ACR module from the bicep registry to import public container images into an Azure Container Registry. |
ARM template resource definition
The registries resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ContainerRegistry/registries resource, add the following JSON to your template.
{
"type": "Microsoft.ContainerRegistry/registries",
"apiVersion": "2023-01-01-preview",
"name": "string",
"location": "string",
"tags": {
"tagName1": "tagValue1",
"tagName2": "tagValue2"
},
"sku": {
"name": "string"
},
"identity": {
"principalId": "string",
"tenantId": "string",
"type": "string",
"userAssignedIdentities": {}
},
"properties": {
"adminUserEnabled": "bool",
"anonymousPullEnabled": "bool",
"dataEndpointEnabled": "bool",
"encryption": {
"keyVaultProperties": {
"identity": "string",
"keyIdentifier": "string"
},
"status": "string"
},
"networkRuleBypassOptions": "string",
"networkRuleSet": {
"defaultAction": "string",
"ipRules": [
{
"action": "Allow",
"value": "string"
}
]
},
"policies": {
"azureADAuthenticationAsArmPolicy": {
"status": "string"
},
"exportPolicy": {
"status": "string"
},
"quarantinePolicy": {
"status": "string"
},
"retentionPolicy": {
"days": "int",
"status": "string"
},
"softDeletePolicy": {
"retentionDays": "int",
"status": "string"
},
"trustPolicy": {
"status": "string",
"type": "Notary"
}
},
"publicNetworkAccess": "string",
"zoneRedundancy": "string"
}
}
Property values
registries
Name | Description | Value |
---|---|---|
type | The resource type | 'Microsoft.ContainerRegistry/registries' |
apiVersion | The resource api version | '2023-01-01-preview' |
name | The resource name | string (required) Character limit: 5-50 Valid characters: Alphanumerics. Resource name must be unique across Azure. |
location | The location of the resource. This cannot be changed after the resource is created. | string (required) |
tags | The tags of the resource. | Dictionary of tag names and values. See Tags in templates |
sku | The SKU of the container registry. | Sku (required) |
identity | The identity of the container registry. | IdentityProperties |
properties | The properties of the container registry. | RegistryProperties |
IdentityProperties
Name | Description | Value |
---|---|---|
principalId | The principal ID of resource identity. | string |
tenantId | The tenant ID of resource. | string |
type | The identity type. | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' |
userAssignedIdentities | The list of user identities associated with the resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/ providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. |
object |
RegistryProperties
Name | Description | Value |
---|---|---|
adminUserEnabled | The value that indicates whether the admin user is enabled. | bool |
anonymousPullEnabled | Enables registry-wide pull from unauthenticated clients. | bool |
dataEndpointEnabled | Enable a single data endpoint per region for serving data. | bool |
encryption | The encryption settings of container registry. | EncryptionProperty |
networkRuleBypassOptions | Whether to allow trusted Azure services to access a network restricted registry. | 'AzureServices' 'None' |
networkRuleSet | The network rule set for a container registry. | NetworkRuleSet |
policies | The policies for a container registry. | Policies |
publicNetworkAccess | Whether or not public network access is allowed for the container registry. | 'Disabled' 'Enabled' |
zoneRedundancy | Whether or not zone redundancy is enabled for this container registry | 'Disabled' 'Enabled' |
EncryptionProperty
Name | Description | Value |
---|---|---|
keyVaultProperties | Key vault properties. | KeyVaultProperties |
status | Indicates whether or not the encryption is enabled for container registry. | 'disabled' 'enabled' |
KeyVaultProperties
Name | Description | Value |
---|---|---|
identity | The client id of the identity which will be used to access key vault. | string |
keyIdentifier | Key vault uri to access the encryption key. | string |
NetworkRuleSet
Name | Description | Value |
---|---|---|
defaultAction | The default action of allow or deny when no other rules match. | 'Allow' 'Deny' (required) |
ipRules | The IP ACL rules. | IPRule[] |
IPRule
Name | Description | Value |
---|---|---|
action | The action of IP ACL rule. | 'Allow' |
value | Specifies the IP or IP range in CIDR format. Only IPV4 address is allowed. | string (required) |
Policies
Name | Description | Value |
---|---|---|
azureADAuthenticationAsArmPolicy | The policy for using ARM audience token for a container registry. | AzureADAuthenticationAsArmPolicy |
exportPolicy | The export policy for a container registry. | ExportPolicy |
quarantinePolicy | The quarantine policy for a container registry. | QuarantinePolicy |
retentionPolicy | The retention policy for a container registry. | RetentionPolicy |
softDeletePolicy | The soft delete policy for a container registry. | SoftDeletePolicy |
trustPolicy | The content trust policy for a container registry. | TrustPolicy |
AzureADAuthenticationAsArmPolicy
Name | Description | Value |
---|---|---|
status | The value that indicates whether the policy is enabled or not. | 'disabled' 'enabled' |
ExportPolicy
Name | Description | Value |
---|---|---|
status | The value that indicates whether the policy is enabled or not. | 'disabled' 'enabled' |
QuarantinePolicy
Name | Description | Value |
---|---|---|
status | The value that indicates whether the policy is enabled or not. | 'disabled' 'enabled' |
RetentionPolicy
Name | Description | Value |
---|---|---|
days | The number of days to retain an untagged manifest after which it gets purged. | int |
status | The value that indicates whether the policy is enabled or not. | 'disabled' 'enabled' |
SoftDeletePolicy
Name | Description | Value |
---|---|---|
retentionDays | The number of days after which a soft-deleted item is permanently deleted. | int |
status | The value that indicates whether the policy is enabled or not. | 'disabled' 'enabled' |
TrustPolicy
Name | Description | Value |
---|---|---|
status | The value that indicates whether the policy is enabled or not. | 'disabled' 'enabled' |
type | The type of trust policy. | 'Notary' |
Sku
Name | Description | Value |
---|---|---|
name | The SKU name of the container registry. Required for registry creation. | 'Basic' 'Classic' 'Premium' 'Standard' (required) |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
CI/CD using Jenkins on Azure Container Service (AKS) |
Containers make it very easy for you to continuously build and deploy your applications. By orchestrating deployment of those containers using Kubernetes in Azure Container Service, you can achieve replicable, manageable clusters of containers. By setting up a continuous build to produce your container images and orchestration, you can increase the speed and reliability of your deployment. |
AKS Cluster with a NAT Gateway and an Application Gateway |
This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections. |
Create a Private AKS Cluster with a Public DNS Zone |
This sample shows how to a deploy a private AKS cluster with a Public DNS Zone. |
Creates a Container App and Environment with Registry |
Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs. |
Creates a Dapr pub-sub servicebus app using Container Apps |
Create a Dapr pub-sub servicebus app using Container Apps. |
Simple Azure Container Registry Template |
A template for creating a new Azure Container Registry. |
Azure Container Registry with Geo-replication Template |
A template for creating a new Azure Container Registry with geo-replication |
Azure Container Registry with Policies and Diagnostics |
Azure Container Registry with Policies and Diagnostics (bicep) |
Azure AI Studio basic setup |
This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
Azure AI Studio basic setup |
This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
Azure AI Studio with Microsoft Entra ID Authentication |
This set of templates demonstrates how to set up Azure AI Studio with Microsoft Entra ID authentication for dependent resources, such as Azure AI Services and Azure Storage. |
Azure Machine Learning end-to-end secure setup |
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
Azure Machine Learning end-to-end secure setup (legacy) |
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
Create an AKS compute target with a Private IP address |
This template creates an AKS compute target in given Azure Machine Learning service workspace with a private IP address. |
Create an Azure Machine Learning service workspace |
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the minimal set of resources you require to get started with Azure Machine Learning. |
Create an Azure Machine Learning service workspace (CMK) |
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. The example shows how to configure Azure Machine Learning for encryption with a customer-managed encryption key. |
Create an Azure Machine Learning service workspace (CMK) |
This deployment template specifies how to create an Azure Machine Learning workspace with service-side encryption using your encryption keys. |
Create an Azure Machine Learning service workspace (vnet) |
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
Create an Azure Machine Learning service workspace (legacy) |
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
AKS cluster with the Application Gateway Ingress Controller |
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault |
Build container images with ACR Tasks |
This template uses DeploymentScript to orchestrate ACR to build your container image from code repo. |
Import Container Images into ACR |
This template leverages the Import ACR module from the bicep registry to import public container images into an Azure Container Registry. |
Terraform (AzAPI provider) resource definition
The registries resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ContainerRegistry/registries resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.ContainerRegistry/registries@2023-01-01-preview"
name = "string"
location = "string"
parent_id = "string"
tags = {
tagName1 = "tagValue1"
tagName2 = "tagValue2"
}
identity {
type = "string"
identity_ids = []
}
body = jsonencode({
properties = {
adminUserEnabled = bool
anonymousPullEnabled = bool
dataEndpointEnabled = bool
encryption = {
keyVaultProperties = {
identity = "string"
keyIdentifier = "string"
}
status = "string"
}
networkRuleBypassOptions = "string"
networkRuleSet = {
defaultAction = "string"
ipRules = [
{
action = "Allow"
value = "string"
}
]
}
policies = {
azureADAuthenticationAsArmPolicy = {
status = "string"
}
exportPolicy = {
status = "string"
}
quarantinePolicy = {
status = "string"
}
retentionPolicy = {
days = int
status = "string"
}
softDeletePolicy = {
retentionDays = int
status = "string"
}
trustPolicy = {
status = "string"
type = "Notary"
}
}
publicNetworkAccess = "string"
zoneRedundancy = "string"
}
sku = {
name = "string"
}
})
}
Property values
registries
Name | Description | Value |
---|---|---|
type | The resource type | "Microsoft.ContainerRegistry/registries@2023-01-01-preview" |
name | The resource name | string (required) Character limit: 5-50 Valid characters: Alphanumerics. Resource name must be unique across Azure. |
location | The location of the resource. This cannot be changed after the resource is created. | string (required) |
parent_id | To deploy to a resource group, use the ID of that resource group. | string (required) |
tags | The tags of the resource. | Dictionary of tag names and values. |
sku | The SKU of the container registry. | Sku (required) |
identity | The identity of the container registry. | IdentityProperties |
properties | The properties of the container registry. | RegistryProperties |
IdentityProperties
Name | Description | Value |
---|---|---|
type | The identity type. | "SystemAssigned" "SystemAssigned, UserAssigned" "UserAssigned" |
identity_ids | The list of user identities associated with the resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/ providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. |
Array of user identity IDs. |
RegistryProperties
Name | Description | Value |
---|---|---|
adminUserEnabled | The value that indicates whether the admin user is enabled. | bool |
anonymousPullEnabled | Enables registry-wide pull from unauthenticated clients. | bool |
dataEndpointEnabled | Enable a single data endpoint per region for serving data. | bool |
encryption | The encryption settings of container registry. | EncryptionProperty |
networkRuleBypassOptions | Whether to allow trusted Azure services to access a network restricted registry. | "AzureServices" "None" |
networkRuleSet | The network rule set for a container registry. | NetworkRuleSet |
policies | The policies for a container registry. | Policies |
publicNetworkAccess | Whether or not public network access is allowed for the container registry. | "Disabled" "Enabled" |
zoneRedundancy | Whether or not zone redundancy is enabled for this container registry | "Disabled" "Enabled" |
EncryptionProperty
Name | Description | Value |
---|---|---|
keyVaultProperties | Key vault properties. | KeyVaultProperties |
status | Indicates whether or not the encryption is enabled for container registry. | "disabled" "enabled" |
KeyVaultProperties
Name | Description | Value |
---|---|---|
identity | The client id of the identity which will be used to access key vault. | string |
keyIdentifier | Key vault uri to access the encryption key. | string |
NetworkRuleSet
Name | Description | Value |
---|---|---|
defaultAction | The default action of allow or deny when no other rules match. | "Allow" "Deny" (required) |
ipRules | The IP ACL rules. | IPRule[] |
IPRule
Name | Description | Value |
---|---|---|
action | The action of IP ACL rule. | "Allow" |
value | Specifies the IP or IP range in CIDR format. Only IPV4 address is allowed. | string (required) |
Policies
Name | Description | Value |
---|---|---|
azureADAuthenticationAsArmPolicy | The policy for using ARM audience token for a container registry. | AzureADAuthenticationAsArmPolicy |
exportPolicy | The export policy for a container registry. | ExportPolicy |
quarantinePolicy | The quarantine policy for a container registry. | QuarantinePolicy |
retentionPolicy | The retention policy for a container registry. | RetentionPolicy |
softDeletePolicy | The soft delete policy for a container registry. | SoftDeletePolicy |
trustPolicy | The content trust policy for a container registry. | TrustPolicy |
AzureADAuthenticationAsArmPolicy
Name | Description | Value |
---|---|---|
status | The value that indicates whether the policy is enabled or not. | "disabled" "enabled" |
ExportPolicy
Name | Description | Value |
---|---|---|
status | The value that indicates whether the policy is enabled or not. | "disabled" "enabled" |
QuarantinePolicy
Name | Description | Value |
---|---|---|
status | The value that indicates whether the policy is enabled or not. | "disabled" "enabled" |
RetentionPolicy
Name | Description | Value |
---|---|---|
days | The number of days to retain an untagged manifest after which it gets purged. | int |
status | The value that indicates whether the policy is enabled or not. | "disabled" "enabled" |
SoftDeletePolicy
Name | Description | Value |
---|---|---|
retentionDays | The number of days after which a soft-deleted item is permanently deleted. | int |
status | The value that indicates whether the policy is enabled or not. | "disabled" "enabled" |
TrustPolicy
Name | Description | Value |
---|---|---|
status | The value that indicates whether the policy is enabled or not. | "disabled" "enabled" |
type | The type of trust policy. | "Notary" |
Sku
Name | Description | Value |
---|---|---|
name | The SKU name of the container registry. Required for registry creation. | "Basic" "Classic" "Premium" "Standard" (required) |