doc: Add a note to state the limitations in CMK-encrypted registry #35
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add a note to illustrate the limitations in CMK-encrypted registry
|
@FeynmanZhou : Thanks for your contribution! The author(s) have been notified to review your proposed change. |
|
Learn Build status updates of commit 7e75ba3: ✅ Validation status: passed
For more details, please refer to the build report. For any questions, please:
|
|
Learn Build status updates of commit 84d6dde: ✅ Validation status: passed
For more details, please refer to the build report. For any questions, please:
|
|
Can you review the proposed changes? Important: When the changes are ready for publication, adding a #label:"aq-pr-triaged" |
FeynmanZhou
changed the title
shizhMSFT
reviewed
Dec 19, 2024
| @@ -227,6 +227,9 @@ Storing individual (subject) OCI Artifacts are covered in [Push and pull OCI art | |||
|
|
|||
| To store a graph of artifacts, a reference to a `subject` artifact is defined using the [OCI image manifest][oci-image-manifest], which is part of the [prerelease OCI 1.1 Distribution specification][oci-1_1-spec]. | |||
|
|
|||
| > [!NOTE] | |||
| > ORAS uses the OCI Referrers API](https://github.com/opencontainers/distribution-spec/blob/main/spec.md#listing-referrers) to store the attached referrer artifacts in the registry by default. The OCI Referrers API is supported by most of the ACR features except the CMK-encrypted registry. ORAS will fall back to use [OCI Referrers Tag Schema](https://github.com/opencontainers/distribution-spec/blob/main/spec.md#referrers-tag-schema) to store the attached referrers in the CMK-encrypted registry. | |||
There was a problem hiding this comment.
Always used versioned tag or commit for the link instead of the main branch.
| @@ -274,6 +274,9 @@ The following steps show how to create a self-signed certificate for testing pur | |||
| | Workload identity credential | `workloadid` | | |||
| | Managed identity credential | `managedid` | | |||
| | Azure CLI credential | `azurecli` | | |||
|
|
|||
| > [!NOTE] | |||
| > Notation uses [OCI Referrers Tag Schema](https://github.com/opencontainers/distribution-spec/blob/main/spec.md#referrers-tag-schema) to store the signature in ACR by default. You can also enable [OCI Referrers API](https://github.com/opencontainers/distribution-spec/blob/main/spec.md#listing-referrers) by using the flag `--force-referrers-tag false` if needed. The OCI Referrers API is supported by most of the ACR features except the CMK-encrypted registry. | |||
|
This pull request has been inactive for at least 14 days. If you are finished with your changes, don't forget to sign off. See the contributor guide for instructions. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add a note to illustrate the limitations of Referrers API support in CMK-encrypted registry. Related issue: Azure/acr#784