Merge pull request #229537 from tejaswikolli-web/cli

v-dirichards · web-flow · commit 7fe5aaab509d · 2023-03-14T14:29:54.000-05:00
edits for azure cli- cache
diff --git a/articles/container-registry/TOC.yml b/articles/container-registry/TOC.yml
@@ -54,10 +54,14 @@
       items:
       - name: Caching for ACR - Overview
         href: tutorial-registry-cache.md
-      - name: Enable Caching for ACR- Azure portal
+      - name: Enable Caching for ACR - Azure portal
         href: tutorial-enable-registry-cache.md
-      - name: Enable Caching for ACR with authentication- Azure portal
+      - name: Enable Caching for ACR with authentication - Azure portal
         href: tutorial-enable-registry-cache-auth.md
+      - name: Enable Caching for ACR - Azure CLI
+        href: tutorial-enable-registry-cache-cli.md
+      - name: Enable Caching for ACR with authentication - Azure CLI
+        href: tutorial-enable-registry-cache-auth-cli.md
       - name: Troubleshoot 
         href: tutorial-troubleshoot-registry-cache.md
   - name: Samples
diff --git a/articles/container-registry/container-registry-support-policies.md b/articles/container-registry/container-registry-support-policies.md
@@ -8,7 +8,7 @@ ms.date: 10/11/2022
 #Customer intent: As a developer, I want to understand what ACR components I need to manage, what components are managed by Microsoft.
 ---
 
-# Support policies for Azure Container Registry(ACR)
+# Support policies for Azure Container Registry (ACR)
 
 This article provides details about Azure Container Registry (ACR) support policies, supported features, and limitations.
 
diff --git a/articles/container-registry/tutorial-enable-registry-cache-auth-cli.md b/articles/container-registry/tutorial-enable-registry-cache-auth-cli.md
@@ -0,0 +1,167 @@
+---
+title: Enable Caching for ACR with authentication - Azure CLI
+description: Learn how to enable Caching for ACR with authentication using Azure CLI.
+ms.topic: tutorial
+ms.date: 04/19/2022
+ms.author: tejaswikolli
+---
+
+# Enable Caching for ACR (Preview) with authentication - Azure CLI
+
+This article is part five of a six-part tutorial series. [Part one](tutorial-registry-cache.md) provides an overview of Caching for ACR, its features, benefits, and preview limitations. In [part two](tutorial-enable-registry-cache.md), you learn how to enable Caching for ACR feature by using the Azure portal. In [part three](tutorial-enable-registry-cache-cli.md), you learn how to enable Caching for ACR feature by using the Azure CLI. In [part four](tutorial-enable-registry-cache-auth.md), you learn how to enable Caching for ACR feature with authentication by using Azure portal. 
+
+This article walks you through the steps of enabling Caching for ACR with authentication by using the Azure CLI. You have to use the Credential set to make an authenticated pull or to access a private repository.
+
+## Prerequisites
+
+* You can use the [Azure Cloud Shell][Azure Cloud Shell] or a local installation of the Azure CLI to run the command examples in this article. If you'd like to use it locally, version 2.0.74 or later is required. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI][Install Azure CLI].
+* You have an existing Key Vault to store credentials. Learn more about [creating and storing credentials in a Key Vault.][create-and-store-keyvault-credentials]
+* You can set and retrieve secrets from your Key Vault. Learn more about [set and retrieve a secret from Key Vault.][set-and-retrieve-a-secret]
+
+## Configure Caching for ACR (preview) with authentication - Azure CLI
+
+### Create a Credential Set - Azure CLI
+
+Before configuring a Credential Set, you have to create and store secrets in the Azure KeyVault and retrieve the secrets from the Key Vault. Learn more about [creating and storing credentials in a Key Vault.][create-and-store-keyvault-credentials] and to [set and retrieve a secret from Key Vault.][set-and-retrieve-a-secret].
+
+1. Run [az acr credential set create][az-acr-credential-set-create] command to create a credential set. 
+
+    - For example, To create a credential set for a given `MyRegistry` Azure Container Registry.
+
+    ```azurecli-interactive
+    az acr credential-set create 
+    -r MyRegistry \
+    -n MyRule \
+    -l docker.io \ 
+    -u https://MyKeyvault.vault.azure.net/secrets/usernamesecret \
+    -p https://MyKeyvault.vault.azure.net/secrets/passwordsecret
+    ```
+
+2. Run [az acr credential set update][az-acr-credential-set-update] to update the username or password KV secret ID on a credential set.
+
+    - For example, to update the username or password KV secret ID on a credential set a given `MyRegistry` Azure Container Registry.
+
+    ```azurecli-interactive
+    az acr credential-set update -r MyRegistry -n MyRule -p https://MyKeyvault.vault.azure.net/secrets/newsecretname
+    ```
+
+3. Run [az-acr-credential-set-show][az-acr-credential-set-show] to show a credential set. 
+
+    - For example, to show a credential set for a given `MyRegistry` Azure Container Registry.
+
+    ```azurecli-interactive
+    az acr credential-set show -r MyRegistry -n MyCredSet
+    ```
+
+### Create a cache rule with a Credential Set - Azure CLI
+
+1. Run [az acr cache create][az-acr-cache-create] command to create a cache rule.
+
+    - For example, to create a cache rule with a credential set for a given `MyRegistry` Azure Container Registry.
+
+    ```azurecli-interactive
+    az acr cache create -r MyRegistry -n MyRule -s docker.io/library/ubuntu -t ubuntu -c MyCredSet
+    ```
+
+2. Run [az acr cache update][az-acr-cache-update] command to update the credential set on a cache rule.
+
+    - For example, to update the credential set on a cache rule for a given `MyRegistry` Azure Container Registry.
+
+    ```azurecli-interactive
+    az acr cache update -r MyRegistry -n MyRule -c NewCredSet
+    ```
+
+    - For example, to remove a credential set from an existing cache rule for a given `MyRegistry` Azure Container Registry.
+
+    ```azurecli-interactive
+    az acr cache update -r MyRegistry -n MyRule --remove-cred-set
+    ```
+
+3. Run [az acr cache show][az-acr-cache-show] command to show a cache rule.
+
+    - For example, to show a cache rule for a given `MyRegistry` Azure Container Registry.
+ 
+    ```azurecli-interactive
+     az acr cache show -r MyRegistry -n MyRule
+    ```
+
+### Assign permissions to Key Vault
+
+1. Get the principal ID of system identity in use to access Key Vault.
+
+    ```azurecli-interactive
+    PRINCIPAL_ID=$(az acr credential-set show 
+                    -n MyCredSet \ 
+                    -r MyRegistry  \
+                    --query 'identity.principalId' \ 
+                    -o tsv) 
+    ```
+
+2. Run the [az keyvault set-policy][az-keyvault-set-policy] command to assign access to the Key Vault, before pulling the image.
+
+    - For example, to assign permissions for the credential set access the KeyVault secret
+
+    ```azurecli-interactive
+    az keyvault set-policy --name MyKeyVault \
+    --object-id $PRINCIPAL_ID \
+    --secret-permissions get
+    ```
+
+### Pull your Image
+
+1. Pull the image from your cache using the Docker command `docker pull myregistry.azurecr.io/hello-world`
+
+## Clean up the resources
+
+1. Run [az acr cache list][az-acr-cache-list] command to list the cache rules in the Azure Container Registry.
+
+    - For example, to list the cache rules for a given `MyRegistry` Azure Container Registry.
+
+    ```azurecli-interactive
+     az acr cache list -r MyRegistry
+    ```
+
+2.  Run [az acr cache delete][az-acr-cache-delete] command to delete a cache rule.
+
+    - For example, to delete a cache rule for a given `MyRegistry` Azure Container Registry.
+
+    ```azurecli-interactive
+    az acr cache delete -r MyRegistry -n MyRule
+    ```
+
+3. Run[az acr credential set list][az-acr-credential-set-list] to list the credential sets in an Azure Container Registry. 
+
+    - For example, to list the credential sets for a given `MyRegistry` Azure Container Registry.
+
+    ```azurecli-interactive
+    az acr credential-set list -r MyRegistry
+    ```
+
+4. Run [az-acr-credential-set-delete][az-acr-credential-set-delete] to delete a credential set. 
+
+    - For example, to delete a credential set for a given `MyRegistry` Azure Container Registry.
+
+    ```azurecli-interactive
+    az acr credential-set delete -r MyRegistry -n MyCredSet
+    ```
+
+## Next steps
+
+* Advance to the [next article](tutorial-troubleshoot-registry-cache.md) to walk through the troubleshoot guide for Registry Cache.
+
+<!-- LINKS - External -->
+[create-and-store-keyvault-credentials]: ../key-vault/secrets/quick-create-cli.md#add-a-secret-to-key-vault
+[set-and-retrieve-a-secret]: ../key-vault/secrets/quick-create-cli.md#retrieve-a-secret-from-key-vault
+[az-keyvault-set-policy]: ../key-vault/general/assign-access-policy.md#assign-an-access-policy
+[Install Azure CLI]: /cli/azure/install-azure-cli
+[Azure Cloud Shell]: /azure/cloud-shell/quickstart
+[az-acr-cache-create]:/cli/azure/acr/cache#az-acr-cache-create
+[az-acr-cache-show]:/cli/azure/acr/cache#az-acr-cache-show
+[az-acr-cache-list]:/cli/azure/acr/cache#az-acr-cache-list
+[az-acr-cache-delete]:/cli/azure/acr/cache#az-acr-cache-delete
+[az-acr-cache-update]:/cli/azure/acr/cache#az-acr-cache-update
+[az-acr-credential-set-create]:/cli/azure/acr/credential-set#az-acr-credential-set-create
+[az-acr-credential-set-update]:/cli/azure/acr/credential-set#az-acr-credential-set-update
+[az-acr-credential-set-show]: /cli/azure/acr/credential-set#az-acr-credential-set-show
+[az-acr-credential-set-list]: /cli/azure/acr/credential-set#az-acr-credential-set-list
+[az-acr-credential-set-delete]: /cli/azure/acr/credential-set#az-acr-credential-set-delete
diff --git a/articles/container-registry/tutorial-enable-registry-cache-auth.md b/articles/container-registry/tutorial-enable-registry-cache-auth.md
@@ -1,5 +1,5 @@
 ---
-title: Enable Caching for ACR with authentication- Azure portal
+title: Enable Caching for ACR with authentication - Azure portal
 description: Learn how to enable Caching for ACR with authentication using Azure portal.
 ms.topic: tutorial
 ms.date: 04/19/2022
@@ -8,16 +8,16 @@ ms.author: tejaswikolli
 
 # Enable Caching for ACR (Preview) with authentication - Azure portal
 
-This article is part three of a four-part tutorial series. [Part one](tutorial-registry-cache.md) provides an overview of Caching for ACR, its features, benefits, and preview limitations. In [part two](tutorial-enable-registry-cache.md), you learn how to enable Caching for ACR feature by using the Azure portal. 
+This article is part four of a six-part tutorial series. [Part one](tutorial-registry-cache.md) provides an overview of Caching for ACR, its features, benefits, and preview limitations. In [part two](tutorial-enable-registry-cache.md), you learn how to enable Caching for ACR feature by using the Azure portal. In [part three](tutorial-enable-registry-cache-cli.md) , you learn how to enable Caching for ACR feature by using the Azure CLI.
 
 This article walks you through the steps of enabling Caching for ACR with authentication by using the Azure portal. You have to use the Credential set to make an authenticated pull or to access a private repository.
 
 ## Prerequisites
 
 * Sign in to the [Azure portal](https://ms.portal.azure.com/). 
+* You have an existing Key Vault to store credentials. Learn more about [creating and storing credentials in a Key Vault.][create-and-store-keyvault-credentials]
 
-
-## Configure Caching for ACR with authentication - Azure portal
+## Configure Caching for ACR (preview) with authentication - Azure portal
 
 Follow the steps to create cache rule in the [Azure portal](https://portal.azure.com). 
 
@@ -61,16 +61,22 @@ Follow the steps to create cache rule in the [Azure portal](https://portal.azure
 
 12. Select on **Save** 
 
-13. Run the [az keyvault set-policy][az-keyvault-set-policy] command to assign access to the Key Vault, before pulling the image.
+13. Learn about [az keyvault set-policy][az-keyvault-set-policy] to assign access to the Key Vault, before pulling the image.
+
+    - For example, to assign permissions for the credential set access the KeyVault secret
 
-```azurecli-interactive
-az keyvault set-policy --name myKeyVaultName --object-id myObjID --secret-permissions get
-```
+    ```azurecli-interactive
+    az keyvault set-policy --name MyKeyVault \
+    --object-id $PRINCIPAL_ID \
+    --secret-permissions get
+    ```
 
 14. Pull the image from your cache using the Docker command `docker pull myregistry.azurecr.io/hello-world`
 
 ### Create new credentials
 
+Before configuring a Credential Set, you require to create and store secrets in the Azure KeyVault and retrieve the secrets from the Key Vault. Learn more about [creating and storing credentials in a Key Vault.][create-and-store-keyvault-credentials] and to [set and retrieve a secret from Key Vault.][set-and-retrieve-a-secret].
+
 1. Navigate to **Credentials** > **Add credential set** > **Create new credentials**.
 
 
@@ -90,8 +96,9 @@ az keyvault set-policy --name myKeyVaultName --object-id myObjID --secret-permis
 
 ## Next steps
 
-* Advance to the [next article](tutorial-troubleshoot-registry-cache.md) to walk through the troubleshoot guide for Registry Cache.
+* Advance to the [next article](tutorial-enable-registry-cache-cli.md) to enable the Caching for ACR (preview) using Azure CLI.
 
 <!-- LINKS - External -->
-[create-and-store-keyvault-credentials]: ../key-vault/secrets/quick-create-portal.md
-[az-keyvault-set-policy]: /azure/key-vault/general/assign-access-policy.md#assign-an-access-policy
+[create-and-store-keyvault-credentials]: ../key-vault/secrets/quick-create-portal.md#add-a-secret-to-key-vault
+[set-and-retrieve-a-secret]: ../key-vault/secrets/quick-create-portal.md#retrieve-a-secret-from-key-vault
+[az-keyvault-set-policy]: ../key-vault/general/assign-access-policy.md#assign-an-access-policy
diff --git a/articles/container-registry/tutorial-enable-registry-cache-cli.md b/articles/container-registry/tutorial-enable-registry-cache-cli.md
@@ -0,0 +1,72 @@
+---
+title: Enable Caching for ACR (preview) - Azure CLI 
+description: Learn how to enable Registry Cache in your Azure Container Registry using Azure CLI.
+ms.topic: tutorial
+ms.date: 04/19/2022
+ms.author: tejaswikolli
+---
+
+# Enable Caching for ACR (Preview) - Azure CLI
+
+This article is part three of a six-part tutorial series. [Part one](tutorial-registry-cache.md) provides an overview of Caching for ACR, its features, benefits, and preview limitations. [Part two](tutorial-enable-registry-cache.md), you learn how to enable Caching for ACR feature by using the Azure portal. This article walks you through the steps of enabling Caching for ACR by using the Azure CLI without authentication.
+
+## Prerequisites
+
+* You can use the [Azure Cloud Shell][Azure Cloud Shell] or a local installation of the Azure CLI to run the command examples in this article. If you'd like to use it locally, version 2.0.74 or later is required. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI][Install Azure CLI].
+
+## Configure Caching for ACR (preview)  - Azure CLI
+
+Follow the steps to create a cache rule without using a Credential set.
+
+### Create a Cache rule
+
+1. Run [az acr cache create][az-acr-cache-create] command to create a cache rule.
+
+    - For example, to create a cache rule without a credential set for a given `MyRegistry` Azure Container Registry.
+
+    ```azurecli-interactive
+    az acr cache create -r MyRegistry -n MyRule -s docker.io/library/ubuntu -t ubuntu-
+    ```
+
+2. Run [az acr cache show][az-acr-cache-show] command to show a cache rule.
+
+    - For example, to show a cache rule for a given `MyRegistry` Azure Container Registry.
+ 
+    ```azurecli-interactive
+     az acr cache show -r MyRegistry -n MyRule
+    ```
+
+### Pull your image
+
+1. Pull the image from your cache using the Docker command `docker pull myregistry.azurecr.io/hello-world`.
+
+
+## Clean up the resources
+
+1. Run [az acr cache list][az-acr-cache-list] command to list the cache rules in the Azure Container Registry.
+
+    - For example, to list the cache rules for a given `MyRegistry` Azure Container Registry.
+
+    ```azurecli-interactive
+     az acr cache list -r MyRegistry
+    ```
+
+2. Run [az acr cache delete][az-acr-cache-delete] command to delete a cache rule.
+
+    - For example, to delete a cache rule for a given `MyRegistry` Azure Container Registry.
+
+    ```azurecli-interactive
+    az acr cache delete -r MyRegistry -n MyRule
+    ```
+
+## Next steps
+
+* To enable Caching for ACR (preview) with authentication using the Azure CLI advance to the next article [Enable Caching for ACR - Azure CLI](tutorial-enable-registry-cache-auth-cli.md).
+
+<!-- LINKS - External -->
+[Install Azure CLI]: /cli/azure/install-azure-cli
+[Azure Cloud Shell]: /azure/cloud-shell/quickstart
+[az-acr-cache-create]:/cli/azure/acr/cache#az-acr-cache-create
+[az-acr-cache-show]:/cli/azure/acr/cache#az-acr-cache-show
+[az-acr-cache-list]:/cli/azure/acr/cache#az-acr-cache-list
+[az-acr-cache-delete]:/cli/azure/acr/cache#az-acr-cache-delete
diff --git a/articles/container-registry/tutorial-enable-registry-cache.md b/articles/container-registry/tutorial-enable-registry-cache.md
@@ -1,5 +1,5 @@
 ---
-title: Enable Caching for ACR (preview)- Azure portal
+title: Enable Caching for ACR (preview) - Azure portal
 description: Learn how to enable Registry Cache in your Azure Container Registry using Azure portal.
 ms.topic: tutorial
 ms.date: 04/19/2022
@@ -8,11 +8,11 @@ ms.author: tejaswikolli
 
 # Enable Caching for ACR (Preview) - Azure portal
 
-This article is part two of a four-part tutorial series. [Part one](tutorial-registry-cache.md) provides an overview of Caching for ACR, its features, benefits, and preview limitations. This article walks you through the steps of enabling Caching for ACR by using the Azure portal.
+This article is part two of a six-part tutorial series. [Part one](tutorial-registry-cache.md) provides an overview of Caching for ACR, its features, benefits, and preview limitations. This article walks you through the steps of enabling Caching for ACR by using the Azure portal without authentication.
 
 ## Prerequisites
 
-* Sign in to the [Azure portal](https://ms.portal.azure.com/). 
+* Sign in to the [Azure portal](https://ms.portal.azure.com/)
 
 ## Configure Caching for ACR (preview) - Azure portal
 
@@ -58,7 +58,7 @@ Follow the steps to create cache rule in the [Azure portal](https://portal.azure
 
 ## Next steps
 
-* Advance to the [next article](tutorial-enable-registry-cache-auth.md) to enable the Caching for ACR (preview) with authentication using Azure portal.
+* Advance to the [next article](tutorial-enable-registry-cache-cli.md) to enable the Caching for ACR (preview) using Azure CLI.
 
 <!-- LINKS - External -->
 [create-and-store-keyvault-credentials]:../key-vault/secrets/quick-create-portal.md
diff --git a/articles/container-registry/tutorial-registry-cache.md b/articles/container-registry/tutorial-registry-cache.md
@@ -9,12 +9,14 @@ ms.author: tejaswikolli
 
 Caching for Azure Container Registry (Preview) feature allows users to cache container images in a private container registry. Caching for ACR, is a preview feature available in *Basic*, *Standard*, and *Premium* [service tiers](container-registry-skus.md).
 
-This article is part one in a four-part tutorial series. The tutorial covers:
+This article is part one in a six-part tutorial series. The tutorial covers:
 
 > [!div class="checklist"]
 > * Caching for ACR (preview) 
 > * Enable Caching for ACR - Azure portal
 > * Enable Caching for ACR with authentication - Azure portal
+> * Enable Caching for ACR - Azure CLI
+> * Enable Caching for ACR with authentication - Azure CLI
 > * Troubleshooting guide for Caching for ACR
 
 ## Caching for ACR (Preview)
@@ -63,7 +65,7 @@ Implementing Caching for ACR provides the following benefits:
 
 - Caching for ACR only supports 50 cache rules.
 
-- Caching for ACR is only available by using the Azure portal. The Azure CLI is in target for the coming weeks.  
+- Caching for ACR is only available by using the Azure portal and Azure CLI.  
 
 ## Next steps
 
diff --git a/articles/container-registry/tutorial-troubleshoot-registry-cache.md b/articles/container-registry/tutorial-troubleshoot-registry-cache.md
