Azure Container Registry `docker login` does not work

Question

On attempt to login to Azure Container Registry with docker login command using Active Directory credentials I have faced the issue:

Error response from daemon: Get https://myregistry.azurecr.io/v2/: unauthorized: authentication required

It's maybe obvious thing, that there is a problem with permissions, but I could not find correct way to reach the goal.

Please note that:

az acr login --name myregistry works perfectly fine, and after that I was able to upload my image, but due to specific situation, I need a solution for docker login command and auth with AD credentials.

I tried to provide required permissons acrpull/acrpush/acrdelete to user using the following doc:

https://docs.microsoft.com/en-us/azure/container-registry/container-registry-auth-service-principal

but with no luck - the same output.

Is there any way to login to ACR with AD credentials using docker login?

Answer 1

The document that you following is the right way to create a service principal for container registry to auth. You need to assign the right role to the service principal. The role describes in the script:

# Default permissions are for docker pull access. Modify the '--role'
# argument value as desired:
# acrpull:     pull only
# acrpush:     push and pull
# owner:       push, pull, and assign roles

When the service principal is ready. You can log in with the command docker login with the variables in the script like below:

docker login $ACR_NAME.azurecr.io -u $SP_APP_ID -p $SP_PASSWD

Then it works like this: