Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Container Registry

Have feedback for the Azure Container Registry? Submit your idea or vote up an idea submitted by others. All of the feedback you share here will be monitored and reviewed by the Azure Container Registry team. Remember that this site is only for feature suggestions and ideas. If you have technical questions or issues, please submit them to our GitHub issues page or on StackOverflow

  1. Folder based filtering of Github triggers

    Triggers setup that specify a folder in a Github repo should only trigger the ACR task on changes to files within the specified folder.

    Is it possible to only trigger on a push for the contents of the folder? Otherwise it looks like we can only have one task per repo to avoid triggerring for all pushed conents.

    In the example below I'd expect that a Task run only to occur when the contents of "Folder" is changed.

    az acr task create -t hello-world:{{.Run.ID}} -n hello-world -r MyRegistry -c https://msazure.visualstudio.com/DefaultCollection/Project/_git/Repo#Branch:Folder -f Dockerfile --git-access-token <Personal Access Token> --platform linux/arm/v7

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Docker Push Fails when ACR name is in Capital

    Azure Container Registry fails to push a docker image when uppercase is used. All the characters are to be lowercase, add support for the names to include uppercase characters.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Give the _repositories_pull & _repositories_push metadata access

    Currently, the tokens (which are in preview) come with three predefined system tokens. However the pull and push tokens do not allow access to the metadata of the registry or repositories.
    My suggestion would be to either allow reading of metadata on these predefined system tokens, or allow us to give a token access to ALL repositories in a registry, so we can do this ourselves with a self defined scope map.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Filter to purge images not used/pulled in last n days.

    The option of purging older than n days does not satisfy our needs. We have many images as result of Build process but not all end up being used.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow to configure repositories allowing an anonymous access

    We want to use ACR to host our corporate images and also public images from gcr and Docker hub.
    Some Helm charts allow to change URL of image repository to install but not to provide credentials to authenticate to the alternate repository. So it will be nice if some repositories of our ACR could be defined to authorize an anonymous access (by default repositories stay private).
    It would be great if anonymous repositories could be defined using some rules scoping several repositories : for example patterns like library/**.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Security Center show alerts and recommendations on deleted ACR resources

    Security Centre continues to show alerts and recommendations for Azure Container Registry resources with identified vulnerabilities even after the resources are deleted. Security Centre should not be showing alerts for the ACR resources that are deleted.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Increase the limit for Webhooks in ACR

    The Webhook limits for both Basic and Standard service tiers are way too low, and also do not scale well with the increase in price.

    Most solutions are composed of multiple images, we are forced to purchase "Standard" even for small apps.

    I mean, what is the computational cost of an actual Webhook call? It should have a high limit and charge by actual function calls.

    Current prices:
    Basic $5 = 2 Webhooks
    Standard $20 = 10 Webhooks
    Premium $50 = 500 Webhooks

    I would suggest at minimum that it should scale down based on the Premium, 5, 20 and…

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. ACR - Key rotation with notary cli fails with authorization error (401)

    In case of key compromise, DCT supports key rotation via notary cli:
    $ notary -s https://notary.docker.io -d ~/.docker/trust key rotate prash1990/helloworld targets
    Enter passphrase for new targets key with ID 3cc535f:
    Repeat passphrase for new targets key with ID 3cc535f:
    Enter username: prash1990
    Enter password:
    Enter passphrase for root key with ID e8f29fb:
    Successfully rotated targets key for repository prash1990/helloworld

    But when similar opration is not supported by ACR:
    $ notary -s https://pradockerdemo.azurecr.io -d ~/.docker/trust key rotate pradockerdemo.azurecr.io/helloworld targets
    Enter passphrase for new targets key with ID dfa5606:
    Repeat passphrase for new targets key with ID dfa5606:
    Enter username: admin …

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow token scope to be at the namespace level

    Please allow a token scope to be configured at the namespace level as opposed to the repository level.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow access at repository level in generic/masked manner.

    New feature https://feedback.azure.com/forums/903958-azure-container-registry/suggestions/31655977-configure-permissions-at-a-repository-level is wonderful. But access is given in a very detailed manner.

    Please add a generic/masked manner as


    • image -> registry-url/group-repo/image:tag

    • access level -> registry-url/group-repo/*

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Support GitHub Enterprise for ACR Task triggers

    Currently Azure Container Registry does not support commit or pull request triggers in GitHub Enterprise repositories.

    I have several clients that use GitHub Enterprise that cannot make use of the ACR Task commit or PR triggers. Please add the support for GitHub Enterprise.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. Need built-in role for `az acr build`

    Need a ACR's remote build capability role that is similar to Contributor role but without Delete Registry and Manage Policies permissions.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. ACR - proxy cache for external docker registries

    We would like to use ACR for hosting images created on public cloud, but also as a single endpoint registry for pulling images that are hosted on-prem or from external registries like dockerhub, gcr. Other OSS registry products like Nexus OSS provide this feature to act like a proxy or ‘pull-through cache’ for Docker Registries and helm repositories. This proxy should also support token based authentication to integrate with registries that require auth.

    This would be useful for enterprises moving from on-prem to cloud to have a means to expose on-prem hosted images on cloud.

    174 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    13 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow push from Azure DevOps Hosted agents in locked down environments

    We have a locked down environment where we are planning to use Azure DevOps pipelines for application deployment and it would be very useful if in some way It was possible to identify DevOps hosted pipeline agent(s) as Azure Service when restricting network access to an ACR instance.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. Ability to copy full path of Container Registry in Azure Portal

    Need ability to copy full path of Container Registry in Azure Portal.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. acr service principle instead of plain username/pass, a service role, so that the calling service never has to use username pass again.

    acr service principle instead of plain username/pass (currently), a service role, so that the calling service never has to use username pass again.
    So if AKS needs to pull from ACR, define something in AD so that a specific service has a specific role (pull or push and pull) to another specific service.

    Reason: Username and Password is soo 20 years ago.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. ACR should include trial license for the advertised Twistlock or Aqua Security

    Azure Container Registry advertises Twistlock and Aqua Security on the 'Overview' page, but it's hard to get trial licences.
    It would be a great feature to include a trial license for those two products, and make the path to using the two products much smoother.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Support docker search on Azure Container Registry

    Support docker search on Azure Container Registry

    I want to use "docker search" cmdlet for ACR in addition to docker pull and docker push operations.
    Currently, "docker search" returns 404 when I request to ACR Endpoint.

    $ docker login .azurecr.io
    $ docker search
    .azurecr.io/***
    Error response from daemon: Unexpected status code 404

    21 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Support Per-Repository Permissions in Azure Container Registry

    The granularity of Azure Container Registry's permissions is currently at the Registry level. If a service principal has write access, it can write to any repository in the registry. This becomes cumbersome when more specificity is needed to limit certain users to certain repositories.

    A common example is a CI/CD pipeline: If I support a dev/test Docker repository that is constantly being pushed by a build server, that service principal can write to the any repository in the registry. It is unwise to use the same Container Registry to house the output of production builds, especially if there is a…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Azure Container Registry

Categories

Feedback and Knowledge Base