Merge pull request #207867 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: huypub

articles/container-registry/container-registry-authentication.md

@@ -112,6 +112,8 @@ Using `Connect-AzContainerRegistry` with Azure identities provides [Azure role-b
 
 If you assign a [service principal](../active-directory/develop/app-objects-and-service-principals.md) to your registry, your application or service can use it for headless authentication. Service principals allow [Azure role-based access control (Azure RBAC)](../role-based-access-control/role-assignments-portal.md) to a registry, and you can assign multiple service principals to a registry. Multiple service principals allow you to define different access for different applications.
 
+ACR authentication token gets created upon login to the ACR, and is refreshed upon subsequent operations. The time to live for that token is 3 hours.
+
 The available roles for a container registry include:
 
 * **AcrPull**: pull

articles/container-registry/container-registry-delete.md

@@ -107,7 +107,7 @@ The following Azure CLI command lists all manifest digests in a repository older
 
 ```azurecli
 az acr manifest list-metadata --name <repositoryName> --registry <acrName> <repositoryName> \
-    --orderby time_asc -o tsv --query "[?timestamp < '2019-04-05'].[digest, timestamp]"
+    --orderby time_asc -o tsv --query "[?lastUpdateTime < '2019-04-05'].[digest, lastUpdateTime]"
 ```
 
 After identifying stale manifest digests, you can run the following Bash script to delete manifest digests older than a specified timestamp. It requires the Azure CLI and **xargs**. By default, the script performs no deletion. Change the `ENABLE_DELETE` value to `true` to enable image deletion.
@@ -136,13 +136,13 @@ TIMESTAMP=2019-04-05
 if [ "$ENABLE_DELETE" = true ]
 then
     az acr manifest list-metadata --name $REPOSITORY --registry $REGISTRY \
-    --orderby time_asc --query "[?timestamp < '$TIMESTAMP'].digest" -o tsv \
+    --orderby time_asc --query "[?lastUpdateTime < '$TIMESTAMP'].digest" -o tsv \
     | xargs -I% az acr repository delete --name $REGISTRY --image $REPOSITORY@% --yes
 else
     echo "No data deleted."
     echo "Set ENABLE_DELETE=true to enable deletion of these images in $REPOSITORY:"
-    az acr manifest list-metadata --name $REPOSITORY --repository $REGISTRY \
-   --orderby time_asc --query "[?timestamp < '$TIMESTAMP'].[digest, timestamp]" -o tsv
+    az acr manifest list-metadata --name $REPOSITORY --registry $REGISTRY \
+   --orderby time_asc --query "[?lastUpdateTime < '$TIMESTAMP'].[digest, lastUpdateTime]" -o tsv
 fi
 ```
 

articles/container-registry/container-registry-helm-repos.md

@@ -142,7 +142,7 @@ Run  `helm registry login` to authenticate with the registry. You may pass [regi
   ACR_REGISTRY_ID=$(az acr show --name $ACR_NAME --query id --output tsv)
   PASSWORD=$(az ad sp create-for-rbac --name $SERVICE_PRINCIPAL_NAME \
             --scopes $(az acr show --name $ACR_NAME --query id --output tsv) \
-             --role acrpull \
+             --role acrpush \
             --query "password" --output tsv)
   USER_NAME=$(az ad sp list --display-name $SERVICE_PRINCIPAL_NAME --query "[].appId" --output tsv)
   ```