Azure ACR Repo Access

We have a ACR running on Azure cloud with multiple Repos inside it, it was recently migrated. The challenge we have is we want to apply repo well Access controls on the ACR similar to Nexus, we'd want to integrate with Azure Active Directory. Can someone assist me with some information on this as I'm new to Active Directory

2 answers

  • answered 2019-02-05 06:33 Charles Xu

    I have no experience with Nexus, but if you want to know something about the Access control on ACR with Azure AD, I can provide some messages.

    To control the access on ACR, you can access the ACR with the different roles through the Azure Service Principal. Control the role type means to control the access with the permission. For more details, see Azure Container Registry authentication with service principals.

    Also, if you do not want to provide or manage registry credentials with the access control, you can use a managed identity for Azure resources to authenticate to an Azure container registry from another Azure resource. It also dependants on Azure Service Principal and can help you achieve what you want. For more details, see Use an Azure managed identity to authenticate to an Azure container registry.

  • answered 2019-02-05 06:33 4c74356b41

    These are the roles available in ACR:

    enter image description here

    this talks about authenticating as Azure AD users. basically you need to do this:

    az acr login --name <acrName>
    

    If you want SP auth, the article above talks about that one as well. for me docker login with SP credential "just works"