Cannot list registry with metadata/read and content/read permissions

[hayk99]

Describe the bug I am doing a couple of tests with Azure Registry Container. My goal is to be able to list the whole registry with a token that has a scope map with the following setup.

After creating this token I tried to list all the registry by triggering a get to the/_catalog and got this error

GET https://testregistryscanner.azurecr.io/v2/_catalog?n=1000: UNAUTHORIZED: authentication required, visit https://aka.ms/acr/authorization for more information.; [map[Action:* Name:catalog Type:registry]]

This workflow does not throw the above error if I use _repositories_admin (azure manged) scope map.

To Reproduce

Steps to reproduce the behavior:

1. Create a scope map and assign it to a token with the following setup

A small note regarding the scope map creation: it will be great to have wildcards like "*" so the user can specify the permission to the whole registry instead of going one repository by one (imaging large registries).

2. Use the token to authenticate against the API

Expected behavior It would be great to be able to list the whole registry with metada/readand content/read permissions.

Screenshots If applicable, add screenshots to help explain your problem.

Any relevant environment information

• OS: MacOS
• SDK version
• Docker version 20.10.16
• Registry and image names

Additional context Trying to fetch repositories using the docker v2 API

If any information is a concern to post here, you can create a support ticket or send an email to acrsup@microsoft.com.

[terencet-dev]

Hi @hayk99,

Please open a support ticket with our team to investigate as this board is primarily used to provide roadmap updates. If you don’t have any additional questions here, this issue will close in 7 days. Thanks!

[hayk99]

Thank you!

[terencet-dev]

Closing as this issue is now inactive for over 7 days. Thanks!