-
Notifications
You must be signed in to change notification settings - Fork 3.3k
Description
Describe the bug
az acr repository update --name --image --write-enable false will update repo level metadata when missing image tag, e.g. my intention is "<repoName>:<tagName>". But in some error cases, I only pass "<repoName>:", it will be translated to a repo level lock down, which is error prone. It is better we throw error in this case.
Related command
az acr repository show --name <acrName> --repository <repoName>
az acr repository update --name <acrName> --image "<repoName>:" --write-enable false
az acr repository show --name <acrName> --repository <repoName> # repo will be mis-configured as write-enable=false.
Errors
az acr repository show --name <acrName> --repository <repoName>
az acr repository update --name <acrName> --image "<repoName>:" --write-enable false
az acr repository show --name <acrName> --repository <repoName> # repo will be mis-configured as write-enable=false.
Issue script & Debug output
az acr repository update --name "<-- ACR HIDDEN -->" --image "<-- REPO HIDDEN -->:" --write-enabled false --debug
az : DEBUG: cli.knack.cli: Command arguments: ['acr', 'repository', 'update', '--name', '<-- ACR HIDDEN -->', '--image', '<-- REPO HIDDEN -->:', '--write-enabled', 'false', '--debug']
At line:1 char:1
- az acr repository update --name "<-- ACR HIDDEN -->" --image " ...
-
+ CategoryInfo : NotSpecified: (DEBUG: cli.knac...se', '--debug']:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError
DEBUG: cli.knack.cli: init debug log:
Cannot enable color.
DEBUG: cli.knack.cli: Event: Cli.PreExecute []
DEBUG: cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x01412A78>, <function OutputProducer.on_global_arguments at 0x01552668>, <function CLIQuery.on_global_arguments at 0x01572168>]
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
DEBUG: cli.azure.cli.core: Modules found from index for 'acr': ['azure.cli.command_modules.acr']
DEBUG: cli.azure.cli.core: Loading command modules:
DEBUG: cli.azure.cli.core: Name Load Time Groups Commands
DEBUG: cli.azure.cli.core: acr 0.783 36 149
DEBUG: cli.azure.cli.core: Total (1) 0.783 36 149
DEBUG: cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next']
DEBUG: cli.azure.cli.core: Loading extensions:
DEBUG: cli.azure.cli.core: Name Load Time Groups Commands Directory
DEBUG: cli.azure.cli.core: Total (0) 0.000 0 0
DEBUG: cli.azure.cli.core: Loaded 36 groups, 149 commands.
DEBUG: cli.azure.cli.core: Found a match in the command table.
DEBUG: cli.azure.cli.core: Raw command : acr repository update
DEBUG: cli.azure.cli.core: Command table: acr repository update
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x034B94D8>]
DEBUG: cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to 'C:\Users\Administrator.azure\commands\2025-07-28.15-36-16.acr_repository_update.39156.log'.
INFO: az_command_data_logger: command args: acr repository update --name {} --image {} --write-enabled {} --debug
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x034DD0C8>]
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x03526168>, <function register_cache_arguments..add_cache_arguments at 0x035260C8>, <function register_upcoming_breaking_change_info..upda
te_breaking_change_info at 0x035261B8>]
DEBUG: cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x015526B8>, <function CLIQuery.handle_query_parameter at 0x015721B8>, <function register_ids_argument..parse_ids_arguments at 0x03526118>]
DEBUG: cli.azure.cli.core.commands.client_factory: Getting management service client client_type=ResourceManagementClient
DEBUG: cli.azure.cli.core.auth.persistence: build_persistence: location='C:\Users\Administrator\.azure\msal_token_cache.bin', encrypt=True
DEBUG: cli.azure.cli.core.auth.binary_cache: load: C:\Users\Administrator.azure\msal_http_cache.bin
DEBUG: urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
DEBUG: msal.authority: Initializing with Entra authority: https://login.microsoftonline.com/<-- TENANT ID HIDDEN -->
DEBUG: msal.authority: openid_config("https://login.microsoftonline.com/<-- TENANT ID HIDDEN -->/v2.0/.well-known/openid-configuration") = {'token_endpoint': 'https://login.microsoftonline.com/<-- TENANT ID HIDDEN -->/oauth2/v2.0/token', 'token_endpoint_auth_meth
ods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/<-- TENANT ID HIDDEN -->/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwi
se'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd
011db47/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/<-- TENANT ID HIDDEN -->/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://
login.microsoftonline.com/<-- TENANT ID HIDDEN -->/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/<-- TENANT ID HIDDEN -->/oauth2/v2.0/logout', 'claims_supp
orted': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsofton
line.com/<-- TENANT ID HIDDEN -->/kerberos', 'tenant_region_scope': 'WW', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
DEBUG: msal.application: Broker enabled? True
DEBUG: cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={}
DEBUG: cli.azure.cli.core.auth.msal_credentials: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={}
DEBUG: msal.application: Cache hit an AT
DEBUG: msal.telemetry: Generate or reuse correlation_id: 74880b84-55b6-4bd2-8792-93b56a9dd56f
DEBUG: cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/<-- SUB HIDDEN -->/resources?$filter=resourceType%20eq%20%27Microsoft.ContainerRegistry%2Fregistries%27&api-version=2022-09-01'
DEBUG: cli.azure.cli.core.sdk.policies: Request method: 'GET'
DEBUG: cli.azure.cli.core.sdk.policies: Request headers:
DEBUG: cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
DEBUG: cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '8ad7aced-6b85-11f0-8731-e454e8df9e68'
DEBUG: cli.azure.cli.core.sdk.policies: 'CommandName': 'acr repository update'
DEBUG: cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--name --image --write-enabled --debug'
DEBUG: cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.69.0 (MSI) azsdk-python-core/1.31.0 Python/3.12.8 (Windows-11-10.0.26100-SP0)'
DEBUG: cli.azure.cli.core.sdk.policies: 'Authorization': ''
DEBUG: cli.azure.cli.core.sdk.policies: Request body:
DEBUG: cli.azure.cli.core.sdk.policies: This request has no body
DEBUG: urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
DEBUG: urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/<-- SUB HIDDEN -->/resources?$filter=resourceType%20eq%20%27Microsoft.ContainerRegistry%2Fregistries%27&api-version=2022-09-01 HTTP/1.1" 200 5821
DEBUG: cli.azure.cli.core.sdk.policies: Response status: 200
DEBUG: cli.azure.cli.core.sdk.policies: Response headers:
DEBUG: cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
DEBUG: cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
DEBUG: cli.azure.cli.core.sdk.policies: 'Content-Length': '5821'
DEBUG: cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
DEBUG: cli.azure.cli.core.sdk.policies: 'Expires': '-1'
DEBUG: cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-reads': '1099'
DEBUG: cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-global-reads': '16499'
DEBUG: cli.azure.cli.core.sdk.policies: 'x-ms-request-id': 'a548e3a5-ac32-47e0-a9dc-8e8b1c60f518'
DEBUG: cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': 'a548e3a5-ac32-47e0-a9dc-8e8b1c60f518'
DEBUG: cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'SOUTHEASTASIA:20250728T073617Z:a548e3a5-ac32-47e0-a9dc-8e8b1c60f518'
DEBUG: cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
DEBUG: cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
DEBUG: cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
DEBUG: cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: 5F40A0F4428F45C687B25F0D49CA2C15 Ref B: MAA201060514021 Ref C: 2025-07-28T07:36:17Z'
DEBUG: cli.azure.cli.core.sdk.policies: 'Date': 'Mon, 28 Jul 2025 07:36:16 GMT'
DEBUG: cli.azure.cli.core.sdk.policies: Response content:
DEBUG: cli.azure.cli.core.sdk.policies: <--- RESPONSE HIDDEN --->
DEBUG: cli.azure.cli.core.commands.client_factory: Getting management service client client_type=ContainerRegistryManagementClient
DEBUG: urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
DEBUG: msal.authority: Initializing with Entra authority: https://login.microsoftonline.com/<-- TENANT ID HIDDEN -->
DEBUG: msal.authority: openid_config("https://login.microsoftonline.com/<-- TENANT ID HIDDEN -->/v2.0/.well-known/openid-configuration") = {'token_endpoint': 'https://login.microsoftonline.com/<-- TENANT ID HIDDEN -->/oauth2/v2.0/token', 'token_endpoint_auth_meth
ods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/<-- TENANT ID HIDDEN -->/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwi
se'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd
011db47/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/<-- TENANT ID HIDDEN -->/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://
login.microsoftonline.com/<-- TENANT ID HIDDEN -->/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/<-- TENANT ID HIDDEN -->/oauth2/v2.0/logout', 'claims_supp
orted': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsofton
line.com/<-- TENANT ID HIDDEN -->/kerberos', 'tenant_region_scope': 'WW', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
DEBUG: msal.application: Broker enabled? True
DEBUG: cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={}
DEBUG: cli.azure.cli.core.auth.msal_credentials: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={}
DEBUG: msal.application: Cache hit an AT
DEBUG: msal.telemetry: Generate or reuse correlation_id: c117924e-913a-441a-a766-7c66f1a45d02
DEBUG: cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/<-- SUB HIDDEN -->/resourceGroups/devresources/providers/Microsoft.ContainerRegistry/registries/<-- ACR HIDDEN -->?api-version=2023-11-01-preview'
DEBUG: cli.azure.cli.core.sdk.policies: Request method: 'GET'
DEBUG: cli.azure.cli.core.sdk.policies: Request headers:
DEBUG: cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
DEBUG: cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '8ad7aced-6b85-11f0-8731-e454e8df9e68'
DEBUG: cli.azure.cli.core.sdk.policies: 'CommandName': 'acr repository update'
DEBUG: cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--name --image --write-enabled --debug'
DEBUG: cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.69.0 (MSI) azsdk-python-core/1.31.0 Python/3.12.8 (Windows-11-10.0.26100-SP0)'
DEBUG: cli.azure.cli.core.sdk.policies: 'Authorization': ''
DEBUG: cli.azure.cli.core.sdk.policies: Request body:
DEBUG: cli.azure.cli.core.sdk.policies: This request has no body
DEBUG: urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
DEBUG: urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/<-- SUB HIDDEN -->/resourceGroups/devresources/providers/Microsoft.ContainerRegistry/registries/<-- ACR HIDDEN -->?api-version=2023-11-01-preview HTTP/1.1" 200 1474
DEBUG: cli.azure.cli.core.sdk.policies: Response status: 200
DEBUG: cli.azure.cli.core.sdk.policies: Response headers:
DEBUG: cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
DEBUG: cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
DEBUG: cli.azure.cli.core.sdk.policies: 'Content-Length': '1474'
DEBUG: cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
DEBUG: cli.azure.cli.core.sdk.policies: 'Expires': '-1'
DEBUG: cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
DEBUG: cli.azure.cli.core.sdk.policies: 'api-supported-versions': '2023-11-01-preview'
DEBUG: cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-reads': '1099'
DEBUG: cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-global-reads': '16499'
DEBUG: cli.azure.cli.core.sdk.policies: 'x-ms-request-id': '46235e5e-310f-4cdc-8cca-cf1dba86f911'
DEBUG: cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': '46235e5e-310f-4cdc-8cca-cf1dba86f911'
DEBUG: cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'SOUTHEASTASIA:20250728T073619Z:46235e5e-310f-4cdc-8cca-cf1dba86f911'
DEBUG: cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
DEBUG: cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
DEBUG: cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: F1A787C9430E46FD924C4919B26B4132 Ref B: MAA201060515029 Ref C: 2025-07-28T07:36:18Z'
DEBUG: cli.azure.cli.core.sdk.policies: 'Date': 'Mon, 28 Jul 2025 07:36:18 GMT'
DEBUG: cli.azure.cli.core.sdk.policies: Response content:
DEBUG: cli.azure.cli.core.sdk.policies: {"sku":{"name":"Premium","tier":"Premium"},"type":"Microsoft.ContainerRegistry/registries","id":"/subscriptions/<-- SUB HIDDEN -->/resourceGroups/devresources/providers/Microsoft.ContainerRegistry/registries/<-- ACR HIDDEN -->","name":"<-- ACR HIDDEN -->","location":"eastus","tags":{},"systemData":{"createdBy":"<-- EMAIL HIDDEN -->","createdByType":"User","createdAt":"2024-05-22T03:14:47.721542+00:00","lastModifiedBy":"<-- EMAIL HIDDEN -->","lastModifiedByType":"User","lastModifiedAt":"2025-07-25T11:4
4:15.3971713+00:00"},"properties":{"loginServer":"<-- ACR HIDDEN -->.azurecr.io","creationDate":"2024-05-22T03:14:47.721542Z","provisioningState":"Succeeded","adminUserEnabled":false,"networkRuleSet":{"defaultAction":"Allow","ipRules":[]},"policies":{"quarantinePolicy":{"status":"
disabled"},"trustPolicy":{"type":"Notary","status":"disabled"},"retentionPolicy":{"days":7,"lastUpdatedTime":"2024-07-22T01:48:35.6253041+00:00","status":"disabled"},"exportPolicy":{"status":"enabled"},"azureADAuthenticationAsArmPolicy":{"status":"enabled"},"softDeletePolicy":{"retentio
nDays":1,"lastUpdatedTime":"2025-07-25T11:44:15.5860787+00:00","status":"enabled"}},"encryption":{"status":"disabled"},"dataEndpointEnabled":false,"dataEndpointHostNames":[],"privateEndpointConnections":[],"publicNetworkAccess":"Enabled","networkRuleBypassOptions":"AzureServices","zoneR
edundancy":"Disabled","anonymousPullEnabled":true,"metadataSearch":"Disabled"}}
DEBUG: cli.azure.cli.command_modules.acr._docker_utils: 2025-07-28 07:36:19.074133 Sending a HTTP Get request to https://<-- ACR HIDDEN -->.azurecr.io/v2/
DEBUG: urllib3.connectionpool: Starting new HTTPS connection (1): <-- ACR HIDDEN -->.azurecr.io:443
DEBUG: urllib3.connectionpool: https://<-- ACR HIDDEN -->.azurecr.io:443 "GET /v2/ HTTP/1.1" 401 149
INFO: cli.azure.cli.command_modules.acr._docker_utils: Attempting to retrieve AAD refresh token...
DEBUG: cli.azure.cli.core.commands.client_factory: Getting management service client client_type=ContainerRegistryManagementClient
DEBUG: urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
DEBUG: msal.authority: Initializing with Entra authority: https://login.microsoftonline.com/<-- TENANT ID HIDDEN -->
DEBUG: msal.authority: openid_config("https://login.microsoftonline.com/<-- TENANT ID HIDDEN -->/v2.0/.well-known/openid-configuration") = {'token_endpoint': 'https://login.microsoftonline.com/<-- TENANT ID HIDDEN -->/oauth2/v2.0/token', 'token_endpoint_auth_meth
ods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/<-- TENANT ID HIDDEN -->/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwi
se'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd
011db47/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/<-- TENANT ID HIDDEN -->/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://
login.microsoftonline.com/<-- TENANT ID HIDDEN -->/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/<-- TENANT ID HIDDEN -->/oauth2/v2.0/logout', 'claims_supp
orted': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsofton
line.com/<-- TENANT ID HIDDEN -->/kerberos', 'tenant_region_scope': 'WW', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
DEBUG: msal.application: Broker enabled? True
DEBUG: cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={}
DEBUG: cli.azure.cli.core.auth.msal_credentials: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={}
DEBUG: msal.application: Cache hit an AT
DEBUG: msal.telemetry: Generate or reuse correlation_id: 5b986c74-ed76-4592-9d29-972faad3f932
DEBUG: cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/<-- SUB HIDDEN -->/resourceGroups/devresources/providers/Microsoft.ContainerRegistry/registries/<-- ACR HIDDEN -->?api-version=2023-11-01-preview'
DEBUG: cli.azure.cli.core.sdk.policies: Request method: 'GET'
DEBUG: cli.azure.cli.core.sdk.policies: Request headers:
DEBUG: cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
DEBUG: cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '8ad7aced-6b85-11f0-8731-e454e8df9e68'
DEBUG: cli.azure.cli.core.sdk.policies: 'CommandName': 'acr repository update'
DEBUG: cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--name --image --write-enabled --debug'
DEBUG: cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.69.0 (MSI) azsdk-python-core/1.31.0 Python/3.12.8 (Windows-11-10.0.26100-SP0)'
DEBUG: cli.azure.cli.core.sdk.policies: 'Authorization': ''
DEBUG: cli.azure.cli.core.sdk.policies: Request body:
DEBUG: cli.azure.cli.core.sdk.policies: This request has no body
DEBUG: urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
DEBUG: urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/<-- SUB HIDDEN -->/resourceGroups/devresources/providers/Microsoft.ContainerRegistry/registries/<-- ACR HIDDEN -->?api-version=2023-11-01-preview HTTP/1.1" 200 1474
DEBUG: cli.azure.cli.core.sdk.policies: Response status: 200
DEBUG: cli.azure.cli.core.sdk.policies: Response headers:
DEBUG: cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
DEBUG: cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
DEBUG: cli.azure.cli.core.sdk.policies: 'Content-Length': '1474'
DEBUG: cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
DEBUG: cli.azure.cli.core.sdk.policies: 'Expires': '-1'
DEBUG: cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
DEBUG: cli.azure.cli.core.sdk.policies: 'api-supported-versions': '2023-11-01-preview'
DEBUG: cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-reads': '1099'
DEBUG: cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-global-reads': '16499'
DEBUG: cli.azure.cli.core.sdk.policies: 'x-ms-request-id': '95991536-f892-4fda-9b9b-bab144d695e4'
DEBUG: cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': '95991536-f892-4fda-9b9b-bab144d695e4'
DEBUG: cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'SOUTHEASTASIA:20250728T073621Z:95991536-f892-4fda-9b9b-bab144d695e4'
DEBUG: cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
DEBUG: cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
DEBUG: cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: C255D8E7C3F04966A56F32FEDC192FC0 Ref B: MAA201060513047 Ref C: 2025-07-28T07:36:20Z'
DEBUG: cli.azure.cli.core.sdk.policies: 'Date': 'Mon, 28 Jul 2025 07:36:20 GMT'
DEBUG: cli.azure.cli.core.sdk.policies: Response content:
DEBUG: cli.azure.cli.core.sdk.policies: {"sku":{"name":"Premium","tier":"Premium"},"type":"Microsoft.ContainerRegistry/registries","id":"/subscriptions/<-- SUB HIDDEN -->/resourceGroups/devresources/providers/Microsoft.ContainerRegistry/registries/<-- ACR HIDDEN -->","name":"<-- ACR HIDDEN -->","location":"eastus","tags":{},"systemData":{"createdBy":"<-- EMAIL HIDDEN -->","createdByType":"User","createdAt":"2024-05-22T03:14:47.721542+00:00","lastModifiedBy":"<-- EMAIL HIDDEN -->","lastModifiedByType":"User","lastModifiedAt":"2025-07-25T11:4
4:15.3971713+00:00"},"properties":{"loginServer":"<-- ACR HIDDEN -->.azurecr.io","creationDate":"2024-05-22T03:14:47.721542Z","provisioningState":"Succeeded","adminUserEnabled":false,"networkRuleSet":{"defaultAction":"Allow","ipRules":[]},"policies":{"quarantinePolicy":{"status":"
disabled"},"trustPolicy":{"type":"Notary","status":"disabled"},"retentionPolicy":{"days":7,"lastUpdatedTime":"2024-07-22T01:48:35.6253041+00:00","status":"disabled"},"exportPolicy":{"status":"enabled"},"azureADAuthenticationAsArmPolicy":{"status":"enabled"},"softDeletePolicy":{"retentio
nDays":1,"lastUpdatedTime":"2025-07-25T11:44:15.5860787+00:00","status":"enabled"}},"encryption":{"status":"disabled"},"dataEndpointEnabled":false,"dataEndpointHostNames":[],"privateEndpointConnections":[],"publicNetworkAccess":"Enabled","networkRuleBypassOptions":"AzureServices","zoneR
edundancy":"Disabled","anonymousPullEnabled":true,"metadataSearch":"Disabled"}}
DEBUG: cli.azure.cli.command_modules.acr._docker_utils: 2025-07-28 07:36:21.559786 Sending a HTTP Get request to https://<-- ACR HIDDEN -->.azurecr.io/v2/
DEBUG: urllib3.connectionpool: Starting new HTTPS connection (1): <-- ACR HIDDEN -->.azurecr.io:443
DEBUG: urllib3.connectionpool: https://<-- ACR HIDDEN -->.azurecr.io:443 "GET /v2/ HTTP/1.1" 401 149
DEBUG: urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
DEBUG: msal.authority: Initializing with Entra authority: https://login.microsoftonline.com/<-- TENANT ID HIDDEN -->
DEBUG: msal.authority: openid_config("https://login.microsoftonline.com/<-- TENANT ID HIDDEN -->/v2.0/.well-known/openid-configuration") = {'token_endpoint': 'https://login.microsoftonline.com/<-- TENANT ID HIDDEN -->/oauth2/v2.0/token', 'token_endpoint_auth_meth
ods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/<-- TENANT ID HIDDEN -->/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwi
se'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd
011db47/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/<-- TENANT ID HIDDEN -->/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://
login.microsoftonline.com/<-- TENANT ID HIDDEN -->/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/<-- TENANT ID HIDDEN -->/oauth2/v2.0/logout', 'claims_supp
orted': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsofton
line.com/<-- TENANT ID HIDDEN -->/kerberos', 'tenant_region_scope': 'WW', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
DEBUG: msal.application: Broker enabled? True
DEBUG: cli.azure.cli.core.auth.msal_credentials: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={}
DEBUG: msal.application: Cache hit an AT
DEBUG: msal.telemetry: Generate or reuse correlation_id: f70e7660-8323-4761-95a5-8ab4b65eb25c
DEBUG: cli.azure.cli.command_modules.acr._docker_utils: 2025-07-28 07:36:22.520018 Sending a HTTP Post request to https://<-- ACR HIDDEN -->.azurecr.io/oauth2/exchange
DEBUG: urllib3.connectionpool: Starting new HTTPS connection (1): <-- ACR HIDDEN -->.azurecr.io:443
DEBUG: urllib3.connectionpool: https://<-- ACR HIDDEN -->.azurecr.io:443 "POST /oauth2/exchange HTTP/1.1" 200 None
DEBUG: cli.azure.cli.command_modules.acr._docker_utils: 2025-07-28 07:36:23.437877 Sending a HTTP Post request to https://<-- ACR HIDDEN -->.azurecr.io/oauth2/token
DEBUG: urllib3.connectionpool: Starting new HTTPS connection (1): <-- ACR HIDDEN -->.azurecr.io:443
DEBUG: urllib3.connectionpool: https://<-- ACR HIDDEN -->.azurecr.io:443 "POST /oauth2/token HTTP/1.1" 200 None
DEBUG: cli.azure.cli.command_modules.acr._docker_utils: 2025-07-28 07:36:24.346661 Sending a HTTP patch request to https://<-- ACR HIDDEN -->.azurecr.io/acr/v1/<-- REPO HIDDEN -->
DEBUG: urllib3.connectionpool: Starting new HTTPS connection (1): <-- ACR HIDDEN -->.azurecr.io:443
DEBUG: urllib3.connectionpool: https://<-- ACR HIDDEN -->.azurecr.io:443 "PATCH /acr/v1/<-- REPO HIDDEN --> HTTP/1.1" 200 312
DEBUG: msrest.http_logger: Request URL: 'https://<-- ACR HIDDEN -->.azurecr.io/acr/v1/<-- REPO HIDDEN -->'
DEBUG: msrest.http_logger: Request method: 'PATCH'
DEBUG: msrest.http_logger: Request headers:
DEBUG: msrest.http_logger: 'User-Agent': 'python-requests/2.32.3'
DEBUG: msrest.http_logger: 'Accept-Encoding': 'gzip, deflate'
DEBUG: msrest.http_logger: 'Accept': '/'
DEBUG: msrest.http_logger: 'Connection': 'keep-alive'
DEBUG: msrest.http_logger: 'Authorization': ''
DEBUG: msrest.http_logger: 'Content-Length': '23'
DEBUG: msrest.http_logger: 'Content-Type': 'application/json'
DEBUG: msrest.http_logger: Request body:
DEBUG: msrest.http_logger: b'{"writeEnabled": false}'
DEBUG: msrest.http_logger: Response status: 200
DEBUG: msrest.http_logger: Response headers:
DEBUG: msrest.http_logger: 'Server': 'AzureContainerRegistry'
DEBUG: msrest.http_logger: 'Date': 'Mon, 28 Jul 2025 07:36:26 GMT'
DEBUG: msrest.http_logger: 'Content-Type': 'application/json; charset=utf-8'
DEBUG: msrest.http_logger: 'Content-Length': '312'
DEBUG: msrest.http_logger: 'Connection': 'keep-alive'
DEBUG: msrest.http_logger: 'Access-Control-Expose-Headers': 'Docker-Content-Digest, WWW-Authenticate, Link, X-Ms-Correlation-Request-Id'
DEBUG: msrest.http_logger: 'Docker-Distribution-Api-Version': 'registry/2.0'
DEBUG: msrest.http_logger: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains'
DEBUG: msrest.http_logger: 'X-Content-Type-Options': 'nosniff'
DEBUG: msrest.http_logger: 'X-Ms-Correlation-Request-Id': '41ebf57d-7825-42c6-834a-3b743c934de2'
DEBUG: msrest.http_logger: Response content:
DEBUG: msrest.http_logger: {"registry":"<-- ACR HIDDEN -->.azurecr.io","imageName":"<-- REPO HIDDEN -->","createdTime":"2024-05-22T07:05:00.8016988Z","lastUpdateTime":"2025-07-28T07:03:39.3585304Z","manifestCount":197,"tagCount":196,"changeableAttributes":{"deleteEnabled":true,"writeEna
bled":false,"readEnabled":true,"listEnabled":true}}
DEBUG: cli.knack.cli: Event: CommandInvoker.OnTransformResult [<function _resource_group_transform at 0x034EED48>, <function x509_from_base64_to_hex_transform at 0x034EED98>]
DEBUG: cli.knack.cli: Event: CommandInvoker.OnFilterResult []
DEBUG: cli.knack.cli: Event: Cli.SuccessfulExecute []
DEBUG: cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x034B9618>]
INFO: az_command_data_logger: exit code: 0
INFO: cli.main: Command ran in 11.800 seconds (init: 0.521, invoke: 11.279)
INFO: telemetry.main: Begin splitting cli events and extra events, total events: 1
INFO: telemetry.client: Accumulated 0 events. Flush the clients.
INFO: telemetry.main: Finish splitting cli events and extra events, cli events: 1
INFO: telemetry.save: Save telemetry record of length 3747 in cache file under C:\Users\Administrator.azure\telemetry\20250728153626662
INFO: telemetry.main: Begin creating telemetry upload process.
INFO: telemetry.process: Creating upload process: "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\python.exe C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\Lib\site-packages\azure\cli\telemetry_init.pyc C:\Users\Administrator.azure C:\Users\Administrator.azure\telemetry\202507
28153626662"
INFO: telemetry.process: Return from creating process 27324
INFO: telemetry.main: Finish creating telemetry upload process.
{
"changeableAttributes": {
"deleteEnabled": true,
"listEnabled": true,
"readEnabled": true,
"writeEnabled": false
},
"createdTime": "2024-05-22T07:05:00.8016988Z",
"imageName": "<-- REPO HIDDEN -->",
"lastUpdateTime": "2025-07-28T07:03:39.3585304Z",
"manifestCount": 197,
"registry": "<-- ACR HIDDEN -->.azurecr.io",
"tagCount": 196
}
Expected behavior
az acr repository update --name <acrName> --image "<repoName>:" --write-enable false when image tag is invalid, we need to throw errors instead of translating to repo level setting.
Environment Summary
azure-cli 2.69.0 *
core 2.69.0 *
telemetry 1.1.0
Extensions:
azure-devops 1.0.1
bastion 0.2.4
connectedk8s 1.10.6
customlocation 0.1.3
k8s-extension 1.6.1
Dependencies:
msal 1.31.2b1
azure-mgmt-resource 23.1.1
Additional context
No response