{ "description": "Generator information:\n- Generated from: /containerregistry/resource-manager/Microsoft.ContainerRegistry/stable/2021-09-01/containerregistry.json\n- ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerRegistry/registries/{registryName}", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "properties": { "adminUserEnabled": { "description": "AdminUserEnabled: The value that indicates whether the admin user is enabled.", "type": "boolean" }, "azureName": { "description": "AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it\ndoesn't have to be.", "maxLength": 50, "minLength": 5, "pattern": "^[a-zA-Z0-9]*$", "type": "string" }, "dataEndpointEnabled": { "description": "DataEndpointEnabled: Enable a single data endpoint per region for serving data.", "type": "boolean" }, "encryption": { "description": "Encryption: The encryption settings of container registry.", "properties": { "keyVaultProperties": { "description": "KeyVaultProperties: Key vault properties.", "properties": { "identity": { "description": "Identity: The client id of the identity which will be used to access key vault.", "type": "string" }, "keyIdentifier": { "description": "KeyIdentifier: Key vault uri to access the encryption key.", "type": "string" } }, "type": "object", "additionalProperties": false }, "status": { "description": "Status: Indicates whether or not the encryption is enabled for container registry.", "enum": [ "disabled", "enabled" ], "type": "string" } }, "type": "object", "additionalProperties": false }, "identity": { "description": "Identity: The identity of the container registry.", "properties": { "principalId": { "description": "PrincipalId: The principal ID of resource identity.", "type": "string" }, "tenantId": { "description": "TenantId: The tenant ID of resource.", "type": "string" }, "type": { "description": "Type: The identity type.", "enum": [ "None", "SystemAssigned", "SystemAssigned, UserAssigned", "UserAssigned" ], "type": "string" }, "userAssignedIdentities": { "description": "UserAssignedIdentities: The list of user identities associated with the resource. The user identity\ndictionary key references will be ARM resource ids in the form:\n'/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/\nproviders/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.", "items": { "description": "Information about the user assigned identity for the resource", "properties": { "reference": { "description": "ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID", "properties": { "armId": { "description": "ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}.\nThe /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level\nARMID is mutually exclusive with Group, Kind, Namespace and Name.", "pattern": "(?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$)", "type": "string" }, "group": { "description": "Group is the Kubernetes group of the resource.", "type": "string" }, "kind": { "description": "Kind is the Kubernetes kind of the resource.", "type": "string" }, "name": { "description": "Name is the Kubernetes name of the resource.", "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "location": { "description": "Location: The location of the resource. This cannot be changed after the resource is created.", "type": "string" }, "networkRuleBypassOptions": { "description": "NetworkRuleBypassOptions: Whether to allow trusted Azure services to access a network restricted registry.", "enum": [ "AzureServices", "None" ], "type": "string" }, "networkRuleSet": { "description": "NetworkRuleSet: The network rule set for a container registry.", "properties": { "defaultAction": { "description": "DefaultAction: The default action of allow or deny when no other rules match.", "enum": [ "Allow", "Deny" ], "type": "string" }, "ipRules": { "description": "IpRules: The IP ACL rules.", "items": { "description": "IP rule with specific IP or IP range in CIDR format.", "properties": { "action": { "description": "Action: The action of IP ACL rule.", "enum": [ "Allow" ], "type": "string" }, "value": { "description": "Value: Specifies the IP or IP range in CIDR format. Only IPV4 address is allowed.", "type": "string" } }, "required": [ "value" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "defaultAction" ], "type": "object", "additionalProperties": false }, "operatorSpec": { "description": "OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not\npassed directly to Azure", "properties": { "configMapExpressions": { "description": "ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).", "items": { "description": "DestinationExpression is a CEL expression and a destination to store the result in. The destination may\nbe a secret or a configmap. The value of the expression is stored at the specified location in\nthe destination.", "properties": { "key": { "description": "Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string\nthis is required to identify what key to write to. If the CEL expression in Value returns a map[string]string\nKey must not be set, instead the keys written will be determined dynamically based on the keys of the resulting\nmap[string]string.", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes configmap or secret to write to.\nThe configmap or secret will be created in the same namespace as the resource.", "type": "string" }, "value": { "description": "Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information\non CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/", "type": "string" } }, "required": [ "name", "value" ], "type": "object", "additionalProperties": false }, "type": "array" }, "secretExpressions": { "description": "SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).", "items": { "description": "DestinationExpression is a CEL expression and a destination to store the result in. The destination may\nbe a secret or a configmap. The value of the expression is stored at the specified location in\nthe destination.", "properties": { "key": { "description": "Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string\nthis is required to identify what key to write to. If the CEL expression in Value returns a map[string]string\nKey must not be set, instead the keys written will be determined dynamically based on the keys of the resulting\nmap[string]string.", "type": "string" }, "name": { "description": "Name is the name of the Kubernetes configmap or secret to write to.\nThe configmap or secret will be created in the same namespace as the resource.", "type": "string" }, "value": { "description": "Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information\non CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/", "type": "string" } }, "required": [ "name", "value" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "owner": { "description": "Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also\ncontrols the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a\nreference to a resources.azure.com/ResourceGroup resource", "properties": { "armId": { "pattern": "(?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$)", "type": "string" }, "name": { "description": "This is the name of the Kubernetes resource to reference.", "type": "string" } }, "type": "object", "additionalProperties": false }, "policies": { "description": "Policies: The policies for a container registry.", "properties": { "exportPolicy": { "description": "ExportPolicy: The export policy for a container registry.", "properties": { "status": { "description": "Status: The value that indicates whether the policy is enabled or not.", "enum": [ "disabled", "enabled" ], "type": "string" } }, "type": "object", "additionalProperties": false }, "quarantinePolicy": { "description": "QuarantinePolicy: The quarantine policy for a container registry.", "properties": { "status": { "description": "Status: The value that indicates whether the policy is enabled or not.", "enum": [ "disabled", "enabled" ], "type": "string" } }, "type": "object", "additionalProperties": false }, "retentionPolicy": { "description": "RetentionPolicy: The retention policy for a container registry.", "properties": { "days": { "description": "Days: The number of days to retain an untagged manifest after which it gets purged.", "type": "integer" }, "status": { "description": "Status: The value that indicates whether the policy is enabled or not.", "enum": [ "disabled", "enabled" ], "type": "string" } }, "type": "object", "additionalProperties": false }, "trustPolicy": { "description": "TrustPolicy: The content trust policy for a container registry.", "properties": { "status": { "description": "Status: The value that indicates whether the policy is enabled or not.", "enum": [ "disabled", "enabled" ], "type": "string" }, "type": { "description": "Type: The type of trust policy.", "enum": [ "Notary" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "publicNetworkAccess": { "description": "PublicNetworkAccess: Whether or not public network access is allowed for the container registry.", "enum": [ "Disabled", "Enabled" ], "type": "string" }, "sku": { "description": "Sku: The SKU of the container registry.", "properties": { "name": { "description": "Name: The SKU name of the container registry. Required for registry creation.", "enum": [ "Basic", "Classic", "Premium", "Standard" ], "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "tags": { "additionalProperties": { "type": "string" }, "description": "Tags: The tags of the resource.", "type": "object" }, "zoneRedundancy": { "description": "ZoneRedundancy: Whether or not zone redundancy is enabled for this container registry", "enum": [ "Disabled", "Enabled" ], "type": "string" } }, "required": [ "location", "owner", "sku" ], "type": "object", "additionalProperties": false }, "status": { "description": "An object that represents a container registry.", "properties": { "adminUserEnabled": { "description": "AdminUserEnabled: The value that indicates whether the admin user is enabled.", "type": "boolean" }, "conditions": { "description": "Conditions: The observed state of the resource", "items": { "description": "Condition defines an extension to status (an observation) of a resource", "properties": { "lastTransitionTime": { "description": "LastTransitionTime is the last time the condition transitioned from one status to another.", "format": "date-time", "type": "string" }, "message": { "description": "Message is a human readable message indicating details about the transition. This field may be empty.", "type": "string" }, "observedGeneration": { "description": "ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if\n.metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", "format": "int64", "type": "integer" }, "reason": { "description": "Reason for the condition's last transition.\nReasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty.", "type": "string" }, "severity": { "description": "Severity with which to treat failures of this type of condition.\nFor conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True\nFor conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False.\nThis is omitted in all cases when Status == Unknown", "type": "string" }, "status": { "description": "Status of the condition, one of True, False, or Unknown.", "type": "string" }, "type": { "description": "Type of condition.", "type": "string" } }, "required": [ "lastTransitionTime", "reason", "status", "type" ], "type": "object", "additionalProperties": false }, "type": "array" }, "creationDate": { "description": "CreationDate: The creation date of the container registry in ISO8601 format.", "type": "string" }, "dataEndpointEnabled": { "description": "DataEndpointEnabled: Enable a single data endpoint per region for serving data.", "type": "boolean" }, "dataEndpointHostNames": { "description": "DataEndpointHostNames: List of host names that will serve data when dataEndpointEnabled is true.", "items": { "type": "string" }, "type": "array" }, "encryption": { "description": "Encryption: The encryption settings of container registry.", "properties": { "keyVaultProperties": { "description": "KeyVaultProperties: Key vault properties.", "properties": { "identity": { "description": "Identity: The client id of the identity which will be used to access key vault.", "type": "string" }, "keyIdentifier": { "description": "KeyIdentifier: Key vault uri to access the encryption key.", "type": "string" }, "keyRotationEnabled": { "description": "KeyRotationEnabled: Auto key rotation status for a CMK enabled registry.", "type": "boolean" }, "lastKeyRotationTimestamp": { "description": "LastKeyRotationTimestamp: Timestamp of the last successful key rotation.", "type": "string" }, "versionedKeyIdentifier": { "description": "VersionedKeyIdentifier: The fully qualified key identifier that includes the version of the key that is actually used\nfor encryption.", "type": "string" } }, "type": "object", "additionalProperties": false }, "status": { "description": "Status: Indicates whether or not the encryption is enabled for container registry.", "type": "string" } }, "type": "object", "additionalProperties": false }, "id": { "description": "Id: The resource ID.", "type": "string" }, "identity": { "description": "Identity: The identity of the container registry.", "properties": { "principalId": { "description": "PrincipalId: The principal ID of resource identity.", "type": "string" }, "tenantId": { "description": "TenantId: The tenant ID of resource.", "type": "string" }, "type": { "description": "Type: The identity type.", "type": "string" }, "userAssignedIdentities": { "additionalProperties": { "properties": { "clientId": { "description": "ClientId: The client id of user assigned identity.", "type": "string" }, "principalId": { "description": "PrincipalId: The principal id of user assigned identity.", "type": "string" } }, "type": "object", "additionalProperties": false }, "description": "UserAssignedIdentities: The list of user identities associated with the resource. The user identity\ndictionary key references will be ARM resource ids in the form:\n'/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/\nproviders/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.", "type": "object" } }, "type": "object", "additionalProperties": false }, "location": { "description": "Location: The location of the resource. This cannot be changed after the resource is created.", "type": "string" }, "loginServer": { "description": "LoginServer: The URL that can be used to log into the container registry.", "type": "string" }, "name": { "description": "Name: The name of the resource.", "type": "string" }, "networkRuleBypassOptions": { "description": "NetworkRuleBypassOptions: Whether to allow trusted Azure services to access a network restricted registry.", "type": "string" }, "networkRuleSet": { "description": "NetworkRuleSet: The network rule set for a container registry.", "properties": { "defaultAction": { "description": "DefaultAction: The default action of allow or deny when no other rules match.", "type": "string" }, "ipRules": { "description": "IpRules: The IP ACL rules.", "items": { "description": "IP rule with specific IP or IP range in CIDR format.", "properties": { "action": { "description": "Action: The action of IP ACL rule.", "type": "string" }, "value": { "description": "Value: Specifies the IP or IP range in CIDR format. Only IPV4 address is allowed.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "policies": { "description": "Policies: The policies for a container registry.", "properties": { "exportPolicy": { "description": "ExportPolicy: The export policy for a container registry.", "properties": { "status": { "description": "Status: The value that indicates whether the policy is enabled or not.", "type": "string" } }, "type": "object", "additionalProperties": false }, "quarantinePolicy": { "description": "QuarantinePolicy: The quarantine policy for a container registry.", "properties": { "status": { "description": "Status: The value that indicates whether the policy is enabled or not.", "type": "string" } }, "type": "object", "additionalProperties": false }, "retentionPolicy": { "description": "RetentionPolicy: The retention policy for a container registry.", "properties": { "days": { "description": "Days: The number of days to retain an untagged manifest after which it gets purged.", "type": "integer" }, "lastUpdatedTime": { "description": "LastUpdatedTime: The timestamp when the policy was last updated.", "type": "string" }, "status": { "description": "Status: The value that indicates whether the policy is enabled or not.", "type": "string" } }, "type": "object", "additionalProperties": false }, "trustPolicy": { "description": "TrustPolicy: The content trust policy for a container registry.", "properties": { "status": { "description": "Status: The value that indicates whether the policy is enabled or not.", "type": "string" }, "type": { "description": "Type: The type of trust policy.", "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "privateEndpointConnections": { "description": "PrivateEndpointConnections: List of private endpoint connections for a container registry.", "items": { "description": "An object that represents a private endpoint connection for a container registry.", "properties": { "id": { "description": "Id: The resource ID.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "provisioningState": { "description": "ProvisioningState: The provisioning state of the container registry at the time the operation was called.", "type": "string" }, "publicNetworkAccess": { "description": "PublicNetworkAccess: Whether or not public network access is allowed for the container registry.", "type": "string" }, "sku": { "description": "Sku: The SKU of the container registry.", "properties": { "name": { "description": "Name: The SKU name of the container registry. Required for registry creation.", "type": "string" }, "tier": { "description": "Tier: The SKU tier based on the SKU name.", "type": "string" } }, "type": "object", "additionalProperties": false }, "status": { "description": "Status: The status of the container registry at the time the operation was called.", "properties": { "displayStatus": { "description": "DisplayStatus: The short label for the status.", "type": "string" }, "message": { "description": "Message: The detailed message for the status, including alerts and error messages.", "type": "string" }, "timestamp": { "description": "Timestamp: The timestamp when the status was changed to the current value.", "type": "string" } }, "type": "object", "additionalProperties": false }, "systemData": { "description": "SystemData: Metadata pertaining to creation and last modification of the resource.", "properties": { "createdAt": { "description": "CreatedAt: The timestamp of resource creation (UTC).", "type": "string" }, "createdBy": { "description": "CreatedBy: The identity that created the resource.", "type": "string" }, "createdByType": { "description": "CreatedByType: The type of identity that created the resource.", "type": "string" }, "lastModifiedAt": { "description": "LastModifiedAt: The timestamp of resource modification (UTC).", "type": "string" }, "lastModifiedBy": { "description": "LastModifiedBy: The identity that last modified the resource.", "type": "string" }, "lastModifiedByType": { "description": "LastModifiedByType: The type of identity that last modified the resource.", "type": "string" } }, "type": "object", "additionalProperties": false }, "tags": { "additionalProperties": { "type": "string" }, "description": "Tags: The tags of the resource.", "type": "object" }, "type": { "description": "Type: The type of the resource.", "type": "string" }, "zoneRedundancy": { "description": "ZoneRedundancy: Whether or not zone redundancy is enabled for this container registry", "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object" }