exec.azurerm.containerregistry.registry

Azure Resource Manager (ARM) Container Registry Execution Module

New in version 3.0.0.

maintainer:

<devops@eitr.tech>
configuration:

This module requires Azure Resource Manager credentials to be passed as keyword arguments to every function or via acct in order to work properly.

Required provider parameters:

if using username and password:
  • subscription_id
  • username
  • password
if using a service principal:
  • subscription_id
  • tenant
  • client_id
  • secret

Optional provider parameters:

cloud_environment: Used to point the cloud driver to different API endpoints, such as Azure GovCloud. Possible values:

  • AZURE_PUBLIC_CLOUD (default)
  • AZURE_CHINA_CLOUD
  • AZURE_US_GOV_CLOUD
  • AZURE_GERMAN_CLOUD
idem_azurerm.exec.azurerm.containerregistry.registry.check_name_availability(hub, ctx, name, **kwargs)

New in version 3.0.0.

Checks whether the container registry name is available for use. The name must contain only alphanumeric characters, be globally unique, and between 5 and 50 characters in length.

Parameters:name – The name of the container registry.

CLI Example:

azurerm.containerregistry.registry.check_name_availability testrepo
idem_azurerm.exec.azurerm.containerregistry.registry.create_or_update(hub, ctx, name, resource_group, sku='Basic', admin_user_enabled=False, default_action=None, virtual_network_rules=None, ip_rules=None, trust_policy=None, quarantine_policy=None, retention_policy=None, retention_days=None, tags=None, **kwargs)

New in version 3.0.0.

Creates or updates a container registry with the specified parameters.

Parameters:
  • name – The name of the container registry.
  • resource_group – The name of the resource group to which the container registry belongs.
  • sku – The SKU name of the container registry. Required for registry creation. Possible values include: ‘Basic’, ‘Standard’, ‘Premium’
  • admin_user_enabled – This value indicates whether the admin user is enabled.
  • default_action – The default action of allow or deny when no other rules match. Possible values include: ‘Allow’, ‘Deny’. Only available for the ‘Premium’ tier.
  • virtual_network_rules – A list of virtual network rule dictionaries where one key is the “action” of the rule (Allow/Deny) and the other key is the “virtual_network_resource_id” which is the full resource ID path of a subnet. Only available for the ‘Premium’ tier.
  • ip_rules – A list of IP rule dictionaries where one key is the “action” of the rule (Allow/Deny) and the other key is the “ip_address_or_range” which specifies the IP or IP range in CIDR format. Only IPV4 addresses are allowed. Only available for the ‘Premium’ tier.
  • trust_policy – Accepts boolean True/False or string “enabled”/”disabled” to configure. Image publishers can sign their container images and image consumers can verify their integrity. Container Registry supports both by implementing Docker’s content trust model. Only available for the ‘Premium’ tier.
  • quarantine_policy – Accepts boolean True/False or string “enabled”/”disabled” to configure. To assure a registry only contains images that have been vulnerability scanned, ACR introduces the Quarantine pattern. When a registries policy is set to Quarantine Enabled, all images pushed to that registry are put in quarantine by default. Only after the image has been verifed, and the quarantine flag removed may a subsequent pull be completed. Only available for the ‘Premium’ tier.
  • retention_policy – Accepts boolean True/False or string “enabled”/”disabled” to configure. Indicates whether retention policy is enabled. Only available for the ‘Premium’ tier.
  • retention_days – The number of days to retain an untagged manifest after which it gets purged (Range: 0 to 365). Value “0” will delete untagged manifests immediately. Only available for the ‘Premium’ tier.
  • tags – The tags of the resource.

CLI Example:

azurerm.containerregistry.registry.create_or_update testrepo testgroup
idem_azurerm.exec.azurerm.containerregistry.registry.delete(hub, ctx, name, resource_group, **kwargs)

New in version 3.0.0.

Deletes a container registry.

Parameters:
  • name – The name of the container registry.
  • resource_group – The name of the resource group to which the container registry belongs.

CLI Example:

azurerm.containerregistry.registry.delete testrepo testgroup
idem_azurerm.exec.azurerm.containerregistry.registry.get(hub, ctx, name, resource_group, **kwargs)

New in version 3.0.0.

Gets the properties of the specified container registry.

Parameters:
  • name – The name of the container registry.
  • resource_group – The name of the resource group to which the container registry belongs.

CLI Example:

azurerm.containerregistry.registry.get testrepo testgroup
idem_azurerm.exec.azurerm.containerregistry.registry.get_build_source_upload_url(hub, ctx, name, resource_group, **kwargs)

New in version 3.0.0.

Get the upload location for the user to be able to upload the source.

Parameters:
  • name – The name of the container registry.
  • resource_group – The name of the resource group to which the container registry belongs.

CLI Example:

azurerm.containerregistry.registry.get_build_source_upload_url testrepo testgroup
idem_azurerm.exec.azurerm.containerregistry.registry.import_image(hub, ctx, name, resource_group, source_image, source_resource_id=None, source_registry_uri=None, source_username=None, source_password=None, target_tags=None, untagged_target_repositories=None, mode=None, **kwargs)

New in version 3.0.0.

Copies an image to this container registry from the specified container registry.

Parameters:
  • name – The name of the container registry.
  • resource_group – The name of the resource group to which the container registry belongs.
  • source_image – Repository name of the source image. Specify an image by repository (‘hello-world’). This will use the ‘latest’ tag. Specify an image by tag (‘hello-world:latest’). Specify an image by sha256-based manifest digest (‘hello-world@sha256:abc123’).
  • source_resource_id – The resource identifier of the source Azure Container Registry.
  • source_registry_uri – The address of the source registry (e.g. ‘docker.io’).
  • source_username – The username to authenticate with the source registry.
  • source_password – The password used to authenticate with the source registry.
  • target_tags – List of strings of the form repo[:tag]. When tag is omitted the source will be used (or ‘latest’ if source tag is also omitted).
  • untagged_target_repositories – List of strings of repository names to do a manifest only copy. No tag will be created.
  • mode – When Force, any existing target tags will be overwritten. When NoForce, any existing target tags will fail the operation before any copying begins. Possible values include: ‘NoForce’, ‘Force’. Default value: ‘NoForce’.

CLI Example:

azurerm.containerregistry.registry.import_image testrepo testgroup library/hello-world:latest
                                                source_registry_uri=docker.io
idem_azurerm.exec.azurerm.containerregistry.registry.list_(hub, ctx, resource_group=None, **kwargs)

New in version 3.0.0.

Lists all the container registries under the specified subscription or resource group.

Parameters:resource_group – The name of the resource group to which the container registry belongs.

CLI Example:

azurerm.containerregistry.registry.list
idem_azurerm.exec.azurerm.containerregistry.registry.list_credentials(hub, ctx, name, resource_group, **kwargs)

New in version 3.0.0.

Lists the login credentials for the specified container registry.

Parameters:
  • name – The name of the container registry.
  • resource_group – The name of the resource group to which the container registry belongs.

CLI Example:

azurerm.containerregistry.registry.list_credentials testrepo testgroup
idem_azurerm.exec.azurerm.containerregistry.registry.list_usages(hub, ctx, name, resource_group, **kwargs)

New in version 3.0.0.

Lists the quota usages for the specified container registry.

Parameters:
  • name – The name of the container registry.
  • resource_group – The name of the resource group to which the container registry belongs.

CLI Example:

azurerm.containerregistry.registry.list_usages testrepo testgroup
idem_azurerm.exec.azurerm.containerregistry.registry.regenerate_credential(hub, ctx, name, resource_group, credential='password', **kwargs)

New in version 3.0.0.

Regenerates one of the login credentials for the specified container registry.

Parameters:
  • name – The name of the container registry.
  • resource_group – The name of the resource group to which the container registry belongs.
  • credential – Specifies name of the password which should be regenerated. Possible values include: ‘password’, ‘password2’.

CLI Example:

azurerm.containerregistry.registry.regenerate_credential testrepo testgroup credential=password2
idem_azurerm.exec.azurerm.containerregistry.registry.schedule_run(hub, ctx, name, resource_group, run_type, is_archive_enabled=None, task_name=None, task_file_path=None, values_file_path=None, encoded_task_content=None, encoded_values_content=None, image_names=None, is_push_enabled=None, no_cache=None, target=None, values_dict=None, timeout=None, platform_os=None, platform_arch=None, platform_variant=None, agent_num_cores=None, source_location=None, credential_login_mode=None, credential_login_server=None, username=None, password=None, **kwargs)

New in version 3.0.0.

Schedules a new run based on the request parameters and add it to the run queue.

Parameters:
  • name – The name of the container registry.
  • resource_group – The name of the resource group to which the container registry belongs.
  • run_type – The type of run to be scheduled. Must be FileTaskRun, TaskRun, EncodedTaskRun, or DockerBuild.
  • is_archive_enabled – The value that indicates whether archiving is enabled for the run or not.
  • task_name – (TaskRun REQUIRED) The name of task against which run has to be queued.
  • task_file_path – (FileTaskRun, DockerBuild REQUIRED) The template/definition file (or Dockerfile) path relative to the source.
  • values_file_path – (FileTaskRun) The values/parameters file path relative to the source.
  • encoded_task_content – (EncodedTaskRun REQUIRED) Base64 encoded value of the template/definition file content.
  • encoded_values_content – (DockerBuild) Base64 encoded value of the parameters/values file content.
  • image_names – (DockerBuild) A list of strings containing the fully qualified image names including the repository and tag.
  • is_push_enabled – (DockerBuild) The value of this property indicates whether the image built should be pushed to the registry or not. SDK default value: True.
  • no_cache – (DockerBuild) The value of this property indicates whether the image cache is enabled or not. SDK default value: False.
  • target – (DockerBuild) The name of the target build stage for the docker build.
  • values_dict – The collection of overridable values or arguments that can be passed when running a task. This is a list of dictionaries containing the following keys: ‘name’, ‘value’, and ‘is_secret’.
  • timeout – (FileTaskRun, DockerBuild, EncodedTaskRun) Run timeout in seconds. SDK default value: 3600.
  • platform_os – (FileTaskRun, DockerBuild, EncodedTaskRun REQUIRED) The platform OS property against which the run has to happen. Accepts ‘Windows’ or ‘Linux’.
  • platform_arch – (FileTaskRun, DockerBuild, EncodedTaskRun REQUIRED) The platform architecture property against which the run has to happen. Accepts ‘amd64’, ‘x86’, or ‘arm’.
  • platform_variant – (FileTaskRun, DockerBuild, EncodedTaskRun REQUIRED) The platform CPU variant property against which the run has to happen. Accepts ‘v6’, ‘v7’, or ‘v8’.
  • agent_num_cores – (FileTaskRun, DockerBuild, EncodedTaskRun) The CPU configuration in terms of number of cores required for the run.
  • source_location – (FileTaskRun, DockerBuild, EncodedTaskRun) The URL(absolute or relative) of the source context. It can be an URL to a tar or git repository. If it is relative URL, the relative path should be obtained from calling get_build_source_upload_url.
  • credential_login_mode – (FileTaskRun, DockerBuild, EncodedTaskRun) The authentication mode which determines the source registry login scope. The credentials for the source registry will be generated using the given scope. These credentials will be used to login to the source registry during the run. Possible values include: ‘None’, ‘Default’.
  • credential_login_server – (FileTaskRun, DockerBuild, EncodedTaskRun) Describes the registry login server (myregistry.azurecr.io) for accessing other custom registries.
  • username – (FileTaskRun, DockerBuild, EncodedTaskRun) Username for accessing the registry defined in credential_login_server.
  • password – (FileTaskRun, DockerBuild, EncodedTaskRun) Password for accessing the registry defined in credential_login_server.

CLI Example:

azurerm.containerregistry.registry.schedule_run testrepo testgroup TaskRun task_name=testtask