diff --git a/modules/Microsoft.ContainerRegistry/registries/deploy.bicep b/modules/Microsoft.ContainerRegistry/registries/deploy.bicep index 6cde372515..be56754643 100644 --- a/modules/Microsoft.ContainerRegistry/registries/deploy.bicep +++ b/modules/Microsoft.ContainerRegistry/registries/deploy.bicep @@ -170,6 +170,9 @@ param diagnosticEventHubName string = '' @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' +@description('Optional. Enables registry-wide pull from unauthenticated clients. It\'s in preview and available in the Standard and Premium service tiers.') +param anonymousPullEnabled bool = false + @description('Optional. The resource ID of a key vault to reference a customer managed key for encryption from. Note, CMK requires the \'acrSku\' to be \'Premium\'.') param cMKKeyVaultResourceId string = '' @@ -241,6 +244,7 @@ resource registry 'Microsoft.ContainerRegistry/registries@2022-02-01-preview' = name: acrSku } properties: { + anonymousPullEnabled: anonymousPullEnabled adminUserEnabled: acrAdminUserEnabled encryption: !empty(cMKKeyName) ? { status: 'enabled' diff --git a/modules/Microsoft.ContainerRegistry/registries/readme.md b/modules/Microsoft.ContainerRegistry/registries/readme.md index 83d7b2160d..8b6bebaecb 100644 --- a/modules/Microsoft.ContainerRegistry/registries/readme.md +++ b/modules/Microsoft.ContainerRegistry/registries/readme.md @@ -43,6 +43,7 @@ Azure Container Registry is a managed, private Docker registry service based on | :-- | :-- | :-- | :-- | :-- | | `acrAdminUserEnabled` | bool | `False` | | Enable admin user that have push / pull permission to the registry. | | `acrSku` | string | `'Basic'` | `[Basic, Premium, Standard]` | Tier of your Azure container registry. | +| `anonymousPullEnabled` | bool | `False` | | Enables registry-wide pull from unauthenticated clients. It's in preview and available in the Standard and Premium service tiers. | | `azureADAuthenticationAsArmPolicyStatus` | string | `'enabled'` | `[disabled, enabled]` | The value that indicates whether the policy for using ARM audience token for a container registr is enabled or not. Default is enabled. | | `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. Note, CMK requires the 'acrSku' to be 'Premium'. | | `cMKKeyVaultResourceId` | string | `''` | | The resource ID of a key vault to reference a customer managed key for encryption from. Note, CMK requires the 'acrSku' to be 'Premium'. |