Comments (4)
Current solution only enables IAM users which are service principals.
For AAD, #32 is what is currently being worked on and login will be supported through the CLI
from acr.
I am not sure what the value of #32 is. The ability to use AAD credentials to pull images from a registry seems like a entry level requirement. Without this, the overhead of creating service principals for every user that needs individual access controls is crazy. At DockerCon, I was told this feature was being worked on.
from acr.
@erichexter - #32 will enable to use IAM with AAD users on a registry users. Currently ACR is based on Basic auth. With the AAD implementation, we will integrate the device login scenario which should enable AAD users to be assigned to the registry resource and perform pull/push depending on the IAM permissions for that user on the registry.
Service Principals are managed with AAD and do not require 2FA and hence can be used in a non-interactive flow and is clearly targeting a headless scenario where as user login as you pointed out should be AAD. With AAD and 2FA the token flow is different and as per Dockers recommendation we will have to make this an oauth model and hence a change to ACR on the service side + client side is required.
from acr.
Managed registries are now in preview. We should be able to open issues under that for AAD.
Registries with your own storage account will be provided an option to migrate up before Managed registries goes GA.
from acr.
Related Issues (20)
- Manifests - Get API returns 404 for multi arch images
- Fail pulling image - manifest unknown
- Failing to pull image when Artifact streaming is enabled
- Dockerfile with extension is interpreted as YAML HOT 1
- Storage used per repository
- Pull Through Caching from Another Azure Container Registry HOT 2
- Add support of registry.k8s.io type in cache rules HOT 1
- Rest api for get tags doesn respect n parameter (pagesize) HOT 2
- Scope Security/ Vulnerability scan to certain image tags only
- Catalog API only works with scope map * HOT 2
- Allow configuration of CORS headers for API access from web clients HOT 1
- Use Entra security principals with scope maps HOT 4
- [Docker Hub] ACR Cache error: too many requests to source registry for cache rule HOT 55
- connectivity_challenge_error grcsharedacr
- Unable to login into azure acr HOT 2
- Unable to login to container registry shazdevops HOT 1
- Auth Endpoint seems to require account parameter which is not part of the API Spec
- Cache elastic images HOT 1
- ACR Build with public access disabled HOT 1
- ACR streaming: failed to open remote file as tar file error HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from acr.