From 1e982e5d7ae8bf0c050ea65d626d05c8f3e2ab81 Mon Sep 17 00:00:00 2001 From: jerae-duffin <83294991+jerae-duffin@users.noreply.github.com> Date: Thu, 24 Feb 2022 14:53:42 -0600 Subject: [PATCH] Registry Access Management (#14300) * new doc * updated registry.json * Apply suggestions from code review * added image * updated image Co-authored-by: Usha Mandya <47779042+usha-mandya@users.noreply.github.com> --- docker-hub/image-access-management.md | 2 +- .../images/registry-access-management.png | Bin 0 -> 22969 bytes docker-hub/registry-access-management.md | 115 ++++++++++++++++++ 3 files changed, 116 insertions(+), 1 deletion(-) create mode 100644 docker-hub/images/registry-access-management.png create mode 100644 docker-hub/registry-access-management.md diff --git a/docker-hub/image-access-management.md b/docker-hub/image-access-management.md index 4693dad653..4fce1ebad6 100644 --- a/docker-hub/image-access-management.md +++ b/docker-hub/image-access-management.md @@ -20,7 +20,7 @@ The following video walks you through the process of configuring Image Access Ma To configure Image Access Management permissions, perform the following steps: -1. Log into your [Docker Hub](https://hub.docker.com) account as an organization administrator. +1. Log into your [Docker Hub](https://hub.docker.com){: target="_blank" rel="noopener" class="_"} account as an organization administrator. 2. Select an organization, and navigate to the **Settings** tab on the **Organizations** page and click Org Permissions. ![Image Access Management](images/image-access-management.png){:width="700px"} diff --git a/docker-hub/images/registry-access-management.png b/docker-hub/images/registry-access-management.png new file mode 100644 index 0000000000000000000000000000000000000000..5e2084d4142e4cca77c846a30a563315270c1575 GIT binary patch literal 22969 zcmc$_WmH>H*Dgv+ON$g*pn(E~LXiSVfZ|?StZ0E2*WgZYcZvip#jSX8g1ZNIcL{F6 zU2^FAerJsP>yGo|jC=QwWbK)`=6aqv*P45+J!XQx$w|DxA;ZDIzK^-IXZ@1}4TgneSp~H2VJj9*w?6qtDRS$7u9E8oh=yJ+;rJ$mQj z^7!m#^BBE`x>!8Fo4L50xknG7(Zi?rhzoQJ3SE!7sN6;uY@z?Gq2p)JzedqP!)WiW zE05MwkGdQ0M)c2Sba2;cY~Mk0_jYQ_LPYI!WJzy&T_R`_x`qb>=@c7tZcTZO{e5^Kis3@_g z05($=v{o0q+?ur0mv+_{cY%mN55=O#QtqcS?iY*DYjE^-%Y z*L)3PZx%7L-`ICsICGmZa+fiE$ zmWle*vADI+yEoHYR2G@s~95`fgw=re*z21H!2UVH7oD=G0{n_(uOx zlK!JGBf9_(uduwxCnJ7gyUz-yDpDT0GC@}I@s_e#4jO;`P0D?&GVL9r1MJgaUZuZ% z+T*>ulA%Kx)}w#j7fK!W%AA(|8cn3AcZR9A1&Itsej1A6uXg@YU@4rbBOIgliVYwPF-h1!}MnD{wCZTx?Ghoppg{z>$&Oo3J>Lk65|>LG^3*4oKR>M$AE z1UdfSM(i9O`iuM;Kl?RpNIZN17~D@E(Z>)uP8W-! zh}?hcgT{iPF{03q{m>X5Xbd;>BgobxNI$O^`kOo2-19ErCps$%ott;l`uAqK_GYX7 zuJLbwX<1Rz-<;yK+_IdIa);!2jreSBHE8XbQOC9YuBJDcbq~QEjd1{20Gcr8*7e=-#hTBMrx!>Q5MQ*?S zm=XI6*E1{G*QVgrEArUF!P@2)<+%c`JIoE+w_a--^R7QES*kutygpwe|04P`kprjT zfP|J|bImz*lb83(CiGzm{@=cA%)}?T@yms1FubD;UszKFuwvam6G(_`&;o15p>6aV zWXTTN&Y}gIa7v!6v+j~hsKs%ozwcCh>za@}AJphjTb z?be?nn~t5f$m{8v_gtUWu@TVPQ8GW{tCBhT$U!Nk(5BTvCon6+)J{XRt>6({e8H2q zzjGuDzjEI_v+L`Cmip>=5SDK&5SQ5R; ztgEiFC^&SS0D&s=5nZ@(1!|ff43BVCx=Pn<$akpVIy>ceWj<eGapV*jkc=(VMS}iC?d*K)l;| zj(I6PNGZB2*AeI`D?EeJ`g%c);m)tS_9i@A8QQfvEG&=|?=UxV?%?mnMyd`BX*n66Ra%=*I2<_c^+B-HJ^`fn zF1*84dmvg{*>+3G-`{AAo1Qd2UREWnwN7&k7KKG+bi2bB!inbu5`29&fQmvU|CbaEe!p{uf;mt0O%f{bzRDI*uhNNY zRnoZa$Su6Ik9RQN$YWbsl!&O(X)uO|Y&Q4ozI7 zxnFUI7&lIcSN_V;eV2+G&p$S~_gcYC&0;6v_bFHteDPyDziFjVawN23%8L$GNd&5- zj{%;8pA1-4n$FrTG_wRZ*53G_8{3MFPO5?$*ReX7jE}0el>UBQDzh(8Q<(tXH#J`M zH1EyJT7UmR+H$nHnD7<*`7SYpN|`8HXamY zFGdi#M2&B;gX|QfqOap?5LQi>Ny+`z@cPSFNuMXBK{(#)BTU;85?!6%xtr1~MK!6( zgwb2U>p5LMgxlQeqBj>c@a7>Qk5$1%qu0Vtr?o<=>B;J_rPMj(QaOMyn|xM0O;b3< z06W@T(Vo_gpCv96FomRBDG;WOH*sHVd|M^VUkUr%_$>s<9hLSHUHHd`P3oAPHn`|QD+B`EME4VTjvcsL)WC0PeMJUqJw1eR1v_aPcb-|ePW**LjpymmT3{q8)dSg7x_FpGPk zvhZmT1x8$;G5`|BF>A=jDR{3O){9RgNN7)T>R*{`5>s5QtGAw8vuqdls8PoN13N2LETGzXVVDx$kt1A*&^!a(uinijR;m27EJ~=n zw9}&Gn!KzlS3g0%*BYg>^f&`K;`V`)Wop9P$Y#k>{-U;JuM$e&{7O!Y-pjZzm#?qE#mi(MoQ=4{ zIcullii^^^8(IM6pI=zM8vz2m<6u=aZz?tC849wi>vA(!SE8G>Ta5pZ#J#Cl?+Pm+ zd2~2x+6&n2t?v{bskTVJX;|o2VL7e$xnKCXB6Zbf&FucLt4GVH4`@F5C~>i7=Wa}o zaY=Njb&N55`)eut$^ZFgV=~sv?j?q5U;cmyM*r*+j6>O342-4`2*zOq0Mpy6f)wL6 z6M?Zz1;WBWo3LSAO28hq2&>~^-2Z>0((rqLoB-p~K<9vEfiHl?P(KOdQy9J8k6~ms z#Y>EMhd-7NO|b_o6*Y{*51-Qy*t`KZ4=9Hr|M05sJs|%CyL;eZ0{_PbbpF8W58@yE z|2O4HO;|+g%{z#K}77QOi2Dw2SsbdEGSF@}d*JXyAgpRy;FsZAjx79t z1eR4idr=}l{~-BBZ4j90zO>8 zhu}T8pS6I)FBNN}Bv2)5IVkQI^QXP;FjGcNuuz#@bvVB`CHWE(A~HF-RF(eUE|8Oxa&G!*Aw8 z2dVF4^}=736{?I0p~gcm^yL&2#Ez3c~d6 zw=3`a=l3R$rsDZ*#{ikcEI%!Ap5vInrIbyNR0F_}r37f&FY`1#W}fNM`0m>=4dJGN zF}t~POQ?KI1f!hn-NG4hE&=XpwPugZbze*iz{O^6$%)Au{rUmQggWpSw8kN^2)x$T zACkZ?a&o_2^hO4H;a;(tQ04puZ42VciCTC1K->2@6m1hV$7aH2Lh!&;N4=p*{yRrW zIl|T9+1n2r<&zuNb#*%NTEE!}7mO_b1{08%{$er`Hr*-&5N$OR2~X8nK?5)v{YdZC0f4~>rFR&j-X_yW%Xpx8Y$Gw?eA5j09dOml_u25t92X&cM z&U%OJxaxqt{pRd3F{N3s9Lk;F-bVTKD8uBhC^bOeHb$`WWZh$%xHV^WJ?VZC=A;NSg#9`OR!U$$IQeo+hi=ePk*mg7sRD-zIZ*-KRqf>kKCpg9tavZ;Jd?m z?N<0XZAm4mAU7_5Mpi!<+3S!1M-(aPEChl0-E7%41RUOTWrQsXd~SPI;J_!S@p;rt zgScaR0>V@vV?8LC8;zuNKo`R(OYX-FnTVI9!;qNEQRJ7R z@g5fXs*gJqcdwg)_N5^`04hMj_brLyRMYcH+dCSn}+Bomadb!W`q!l(IaVt;l z#WeL213rXI#W2>%%<{zd1BMTO-kXk`1Q(SdLNbDqq%smZMXwKZao-ZIQ=JcT<>WDk zu3jMH***lr_ZfN2#B!@)yJ$q>@n8OfRm|NYYw8_$}cah{wTH@B#54$G-O+qm-BYD^xpL*1S3 zMx%Kz+756+1w)-uvEpXqfOqfgsnkO*xCWiPKGc=Il4x^SSsiI0>-boL6A{O_i+ud8 zpI}4<&~2-ARTrPK0ZjkzKLo!@0?$Q&~UvYF&Dk8tdA+sywUbn zJX3jJ3J{p=GvxbX%O+`I9o3Rx&$dNA-NHO>#TfI6S)W|Rrg7=y({jJyKp&jRqp1Y` zX$68ZKip*1W^0+s{iDVgvw;LRp_1Ot?uNCnk&byl;pp7;XAUIcq4S8o7KB;+2doVQ z(VxZU+c!sZ)v=NzOt9%k+9%tZ_UD2ul7vM^Q1QtZQtp#GiG9x zWW3pzPzP^zgFCs#w^=Lja0vxTmVh9T-3vQrzrLLF{A8Jz{P-LZh|tV%)#QjUwdZ6`bd{ zAco@bC&H|mhi$J0YkxD;z*Ii1g@!rZXE($Lz3oPjz2eIB<|F$2Ok1+IXjlC$D9-$j zPxiL|YQ#Moc66z2Ue{o|`3VgARdB^*Kn0bYuusWiF_l zVifU5L!dYPsSz<+=4T)7hs<{nEL*s^=rXb9OhFnA48boTs@&zqDNg}ddFFM+hL|7Em3f4MqzGY#e(0Fd{M8xT2 zx*s0&>R%WZ5z8W}iv2v8)GfVbSl={DFinc3KZg}9l}|k9A01`Ob!({O*s(VL&?_B%RsStZ|MT$SA zf6G zw$v?%c$w~kfN(!I#bz9PHtHQlKXVb^W#=Kom~|Jo$VE@yb;+x!*HaUx0$p#STuU;C|X~8%P?Qj{ID) z8q2Tyz9eb2V|X>K*E^#dZ;F_Si`A9;W%{!RMr>zJMp7=QQ1*KNE*}lw%H`iB6ka6x zOCM+wXOj7i$RQd(R-8uJZs{1neo*-R|G? zkolg}#=m=R3qOy9Vf#MZ68t}IhhZ?;a-}u9xej&ms^PxT=OmVs7YN zWqWv$Kwle|6P_lc_u$U?eJkh}Ot#CeuGD{Vp4SE(H=|rhpb3JM^9`l;!Ivd(OAr2{ zwy1!R^YHt$lAO=h=sz)HxVCH}FY9dCoOX|7z)E9@7PxaAbZ*o!Ggt60w$QeK@m>q< z!&DYsE?fx8RH+;MQ>|2qZ<}6Guy%-LJ9S06_i#~>~68!ePod$<)f94qO_#wN&&PrK7So8I#uqyaQtwq-5E$Mm+eo9c!>RU&@Ykt%Uv_5v&Bmwf zjr-VfG6&qnqk0fKY7*s9%*zmr7JLUd9G0eN@8#9Y8m_X{ybz)q!@==^_OLy9~veR;&Tf)XS0c}Yy&4; z%{%8Cynd#uD(@AAAD`e_AIoWk!Oed(j&&9{^*)5Uwr0KKGn$igGPakm_bx`{hjD;b<1zzlY;DS*z?ed_3p}8ku!-jzYcBFh57lVYKKobwc8MRKV4%j4%~tNc2%#lZ5{_xvAg`}HiB4=vySGB3(CxwCXN zNk_>nLjs+7cZ1!v_ZQ|SM2l;^$|zehn)3}+PHISiNy6I$nVi3GBlj^>8Ky&E3nwEc z9PWB0jj(-jNyo8g_g*A+wOs2E#w-~JVSj~=oy%x%a{@_WYTsw z<#62EW{y>FrOppwF;qL*dGacnsqg>kBs5HD=A~5)`i2x;jN_y(J z>cxcf>Es);8w(!$T=g`Z``pWo9(cE%5lQFAM`PDw7MG2-sPnyxiG>Yhd)nOqhM zmHUu0bm@OdFV7EFn&J$4adAK`1~L46HpPBe@qWc_@q1fq-T1WY@rlf)hv+ZA8Mz`A zNK`8mJ1KZm(*H~JVxH|$pcUPlR20Pg)dJC%^z?6D0mL6U0|phfG|LI~bJh}<=gxB7 znoMO7ER_eUF1s1mcYh^wt*xHcrX*DReiwZGwCgqd&DZB|nLQWiN>1if{iX952vR41 z{l3qp7;G&e@7G|`m!v7Pl7qtQ`szXj`3g_xX!DLf8kzEYc04}$jxSQ!ahtMI|R<76xgqKPf?0riH~p@fNM3l-wP?m^TzKN*BVlJ z#kUgQFG$|Xy5?4NFit|v^{)>(NHkzPDW_@&{;4!E*<=PADLkLSsgjP>?nD20Z*KTfVJ z(Rlu=BG}b8TJ?ly8Xp?k*o%I5AnDeUYwge%+B$CB)NQ*Hsp$5FdVXW0!Q_OSvH1je zo{eqBt`6rO+svF}BsnHYD`XA6)b2+FtPZdrEv+0m3?R}CyX6I)UYhCykl^Cf^A!MlNEldUe$BT3z(m%_R2O7SI6 z)NU7M^W{iHOJqa^F6oprRmZ*eLe;X_>ZaYXl z&=Fz0X|uaJ=Xsjq`3@h47+ME4K zMskV_7*3e`yoG-8`6E>dyo_L%8}J;_hc;8XJJQ170D3imoz{EyAdef-N)~}F?042p z>C56NjkI$erRe3s|+Jdk)U{=f)WV|#BYMvP3s^1 z?Xgo@w{UOH-GoFUQuV-v*`W1cR~jg7IlP8<@Qs$HKYL&NlE*t*mLewT125bLNyIZ1MJX{S<2$aOFO-vR2YqR~QbJq$vZd zUnGZrXiEskRG9+$RmyHce2D!qfcRKZo1qMzN_)7pG*&n`lcJxafiRVLmLS1g8Ua$A ztwEQ-#~CQ+k=is^CSGa*>yM`ruC9xY67Br-t(C^)QW&tPE>8jixzg#MuYls*SBXD| zt31ixs_}BfxYcMImiQw~6>R}dny5O8T<$7aereWuk-99P^3FlvA16vZg38>Ze0VR?2*6f7_%EVqlOFG;y;6#y2e zGo#vpRW4s$$S>sCZY;=sfj`-!Os3McpyqFl*vbM`LkW-N&d)XTj-P()Mt+k$DJ6xc zB_Xy3e*>$uF@kI+*t09&mpy^y^0ro@uYuxIeh9A6ay3oAoGaD&tBW}BcPC9o+PS@$ zQXbjFKm_SvR}Qh|(%Y2dpKkUBOq{U&Z~;m_Ys-iw&O2b0IUcLtQ(Whj)g27jRkT_U z%joT}tuM4UC1WEkwb6zoK3BSqU#1>x4 zqa`(n-0DWT)-}z2QIYxS$#-9-DBE|0F&h?-0drAeI2dQLK0vjwFb-W@DXa*RmLoE_ zbTT|*@9<%I8InGaoe5PlY(4Rw9m|&}UIj8R4PcGot~w+y^Syq%(pX=u@^_QPh1Kj@ zFzp-p;>zBFL%48p#`>C|b#c0KDJkzamh9sjp~`SathkZb2(JSx?t_JdO{$Cg#`>+p zaETvE!2{CuN@mgNS#wxPscvR<@l{oY>}+OktuwAeiS39ub>jp4nJ++bJDkDOv;9W( z^{1nZkAe7;#MAZUO>jJ*I9?0HO33x`0`I{$n@p4|TSK|jQR60)48KsZf-t|$*v!v4 z(LZZX%+s6_&u6e$eyZX{eD)jDhrf7VzkZPOY3$|f2>cBhWAmJNMb7%#-tUJAAT}&*2L;I;#zi)tLO4%x1}mWYx5l#; z+Cm~mBvuyW7InPe9C@u$((PQ_g9ghT+YqvA8?G}C3xy82B3PU3l-u};Ps|(9ny6}` z*xK5Z1ctrBES=_{64a}=yMM@e3uiQ4p035d1p;KA6OMinV5AKB9`4^<6)J2vDP;iG zznr&Kv%dQuHx2aPoG&=|9|V)dq!0pfzY=Vr6+~(5?nBHwG&k5p9@WSzh^VqX?%@7L z`{RAv*NdyT@xQnMv?W}=X-z(EQJYS&s++noAA>FlxoRV(146#OeQ}2Iy0#?8F!v#I zjABBdRa-);4KH`rNNiI(V4`-Cstu%czDC@Kv@T*jnme3FctGCV_^=(yE1ri3A`5_460zDJudXT1#p9ldk z(Tq@I=*Un+Sjvrjrd&?PvUN34D00yqq8->hCF_8K8eS~>JGi?N7j%q>|ZZ((hVD2}m3*CcOE|y-V zDh@6b)y%e}{X_Yi(vTij>A6v>FAS8$3x$)B);XLta?m!)l4&Ojj@qQ);%EU+n} z@T7yh7Z(|Z1J%e~L+uB5jb_Oh!Y5_#%->WOt^vVhn&s=Rd6T;EbXKhcCS`Vy+9aj4 zaw*G~|0r=V+NsHqJB#_fP}g`qGz4i}502$bdUY3T?0Whb&J)vAo znRAMnwPDt-(mqFt(kRsZjskAHx7aLpI7z5lz2&Cb2<&0fa(3VIW8l74)f_+HYYz2MYp6UzHf-a68lNZw!*lcfAo~x@YVfXz}`^|W3IIJI{ZQ^ttlqOHXerC z$N~LAucoW*ig~;`G#sWel?X%_}mW41dA$GP_VGXF43_>Nrpu0Zy*qU zr;uP#n#P(#NtRei+EEy8#QzqoEx}&of?KG!$q6hp-s-K>bw9Fecse?EW%!zP!%^w+ z$1Y;*E3Bm=U*w~?oVSB^6fETsNMKDr?HG0XANe9?ChM$EqC0L)*s{Yc*xGllyXqG3{&7ZY=jj za;MI0$h@I>n1cOkULHt#$10Gjw;`Nlcdch1Ba1aHfFurB736sJ*WQ0JB3Ic##Q|)b z#(p5l0)F|%1%BnI>SFM0Ykr%`O|@%rJB|S}m1K#4S*767EQ7CST(-do_V8UxxQO$6 zkf0a)8aYxqh+spbME0r5v$?L{67yu&^q2*k=@+@fTeC|O zB#)`_ao{JW>ieosF^Bn0*w-mHu8zY5bkz**i_{!Ug}NMjXLX{EV5u9`7WT;E@2(7E zm?7s!zik0F?0XJHgA@vJEO!(%uPc8k`ZE(A*Qbi~2t8Wft|ZxXq>%xG$xB3ktahws zk@&GyS-x8Tgf?iIlETeqPXa_uZ$FQg>4!aHLM0QK%F6}*-nA~{qS%d_`R3ojp*R{* zPr~_1l=@1NMvn?VhP%5lJ}p)|_8EiSw=GfNz>jhgk&9(A)XlYwO+1Ne)3~Uw^>G{o zV&QaDpGxVx;eY&xH))J|KHGwxW9Mxf?)QAsiTOb%psz#-_Ip(iZ==@0!p^vohF&=? z+KH4G`nr(HC;}hpOl`T}5%$aX3@8f>`=W`QHCpS%hyC`Ce0zx9k657RqlfwxoR7!I zt0Jb$<v!k#XtWpnKFhQ_^d!Uf8R|%jv*lHhq>hoGs-no@L??Uov*n> zxLFLRTd2vxWk0e0c_jztq!T8IPDz50Up5#9RD=2fJPLS>ZljuITV-t*sGU1)&Fie! zhgLGyx%TmnFQr!Hib#~M1Xt_5Nu?Gc3<G4?7gY?->M3D z>s;7fQ~F4}P{F`BLl=vj%UoK?Y!s$)?~I8z|48z?CVfN$MoxfUQC7$NRM9t=Dg7=c zGcnfzF;~5COPm>1I&9ASyan#o;v0vIad*^!}^;un=t5ipuglRzE?1lbDAwmC5sNT z)cYL)QbLa*Yu45)>8POnrX`rmL#W7Da>SWb62G_Bkif_#O?s1q)`+k=E|Z^<7ZZKS zai+&q`tf(S{R!^vur8hZb4@ZwHJMj=S;OSJsvSmVa#{KvIGq84)G5=+J&$=Ga?~dS zB;vJwtm%0Qfh9&hN!nA_p1t0nT$vx_9!j>4T5Cc$76Np^0<=9O8?q*^iw;e01>`t*`*P zI4VRsb&QE=qScEJ!Niq^-ePNB89!#%I5+2c?Tq9)%_mEZ9DA;Ch6e{5H&fkEDFo#g zgD7f^3X@2m;6M_>a_5W6nnseAo)-|nm^q(coKF`-pyFla#tUatYt`A3t~(%@Kh73I z|26y^2=nscP9L0E^ND{X;xJ=u0>|v(Zm*Qt_|#u1C-TO+wII(Bpdtv+QQZY4wt&{m z+(uq?`ce;kqF#IVGjIULeS{&h{PTstib?mY`4rh2)F++oC%!Z6^W>YKly-~NEC#Qq zqhyC&SUMQLNQ?(_UV7=X^R{wy*mXc$)6^)Qb2xpf3P9<-p-Aiu!A|BY_B(urYeU-o z%^P8m@Sa6gCfe8$FsJwoVkJwa2fwCKmC>`w?8DLojJ@-&A-w1$)io>UowLh(l#gYh z=(mLx7)~BoD$wv7LCqM^SWhe`NMR27Ad8hOfX~BMk~JowsOp~Yv%UF8xy<>6)^h`6 z_m`ZjaObXfJDpPQAhl3-vQk;jE+tQZ#B4-Ub!sf_GVwi}()Nv65~B)~DMfCn^m`G{ z!qSNrP;`JzSTyZOa*;&7uih$@_~9f~pc!gSMA~>&r53*MDgVtVk|kt$zp+y1K_v!6Lq8wCyQ6aDRI;}skS6XvbK-=uK2sl z5&BTp;rT~1fM~caa(5ied%1?7f6hZy_wzB3zK_DC6_O}WUhdrKvObyhN<2pR#)wal zPOV?><;c1bj}`sr^wuwqOWvL5LPuZ6ocoYYplqeHk`?*h;3cS9BU8Pfe|1R39pZT7Y}BLKJP$lhVQOU`4%k+WTRf0}#zeEBy1_ zu}U+jtI}y8?^4|2#dmLn`Qzfj9ta0Qn#MWy3zHhKSj$tXv_`}~EJN=TB#fp7xj3b( zAw>o-CpN&Z+#>~+7+<4fEb+?Xg}zAwqKUrAIYt`yQ2=x5c-8u;U;@vE7N1g_=*a=1 z4Y`jAS|Isf--nX%cQdbu0AO2KYW?Xe;xk2eht0OOSX}tV#?Y=a*Xbc8fUtINAOf~s z{tX|{PPMFo0}ghxtVZ&xCgYWnPMy-i_?O@FNfjzYrZ$|WsQ^D;K{^a2mXz6boaWOaF(aa$>aS)l$u*~426qRUsLEpM~`N$-%2kItTQQ#7W_iA4AXmBcB0xLTr6sM zKj4|9Tptl5hhgtrxh)r>%!zBBOaH_K7W2*aXZnz}mm+P;1rKnKv;}xA9|No8T1>j} zk1dWKUfpmwdCw9)s7o&I5s(kHo|{`%r?$1v13SeS%4DK0dg)IL*(S1HZCtiBJtHVv zrWfPxhLAnM2`i#)(>l9|$W8GwGKOBkt+b3Uv&F`ll0!6azi)wVfX=YkIt ze_;KGFN0zPa}3g8uKGA4>vNko94Y=D?b(}pgEXI}5*fm0IB_f%LQxU>b&K6@PW9zW ztcJ{@X-{GNhmYnx_8vJHshmHp2fenRptUakDJ2A0jm2M7C~8YdJ8$NUAI!YaV@o2j zet17_e+mx#mp3jY4ilz4YkTdCH+8rZ#h8u1f zT)lAt)XRmoqW+Zl-Ou?)^^G5YWpP2GvPxs#T8Y<|4iRY4T@{{xi-`)6 zrR)AEMmcmezt-c&Z_)vwWD;kbs(2szc^1qk7_%(Wc};=!N{eGTHCyD*@U+yPP(EaB zz(~pS*2&yrZZzjd*+H?Bmf~tJl2An(2o}~)OX+Dv_O2erPn;8@LPeJcsaqiBZ_UtK z>XC??>xuS2&xLLvmP{%c+3luur;wM!!v^2dBp+%&`;>H%TNnGregxp|xld6SxW8&= z>dxz<#-q|_Sh!tgdH8LFVEfwlS(xXomjRnlpHW)c4%xZj7?-;y{WO z@6J?6Zmx#`da4EDXZM#Sf^9RqbF0jDZEJ_G%y?K{Y#6a6#R2bmg~mGdzR2^C3HV+P zgz@Vf)e`v#U6fRgknM-vyf|?Z#9FlG?BvuyT?W&=)N=gxp+omxqgmJjlR<5d4{qRW z)43#KT}5jCOaTAM?39nKj)r~Qwcq<&$xLo7nl~RdD9fnl>ez>L?We+MHT$e0K5=jh z0x-!58byH{=?{;cc;2K!i|c?@Y)S)-v|7dt7}gf>#p8g^JOidY?!V`#@XoBZS zr_U9m|F?&InlazHcr%#M99Mq7I`Y3PZfzGX`|?6CD0dA@tCAN{4B(Ktc%dhP(?fP^ zO*_tl8BF(dWx4%)c;wdD-YDmAV9;1`??Zoez;6U1>v6gBioZNQiQit}0RrPemJtl{16^bo#v}8{6UW4sIBu4xM4n9tCPw8ognhYy~}db3anZJ-U7REyR}5 zHbjg&mtiyOd){|3@B@j&XoU8)OuvlUnN@jS-E_w`K%9HxT7)T$v=TpjN0D zQ%p$?P-zyrLLUG9ZY;0G5g1z(^s}H=6*y)LDZbLJ6N5mXrbgEiM>Si?$s59@e$X(< z0#qVoI?c!+s$W z?$~%<{*M)-BfFcBm9CbDNa=SXg{LIUV^eN(o~;(4=ZIry00*_JWzPB)8&?HM8Dcc8 zNN*-aoos~F@w)~yuiVzJ)gM$FE`ht=`RaD}IcKb6U*vQ{2tO1?xha z$m&Vh4Ko|BnTZ}8Q25ITsv)n%34V4^tM$xaU5QssbIiek==*h|T}9&=yCW($H|#xL zOAYUP70c}F7eDaEe=ubSQiiV4DpD^hI;|&5V%9=Nv9R-aPlvd-ii{u2^+;g6vH5*a zYB@^3vmmS5;}c0kw=yjC?JVUC2iEZVO2Q4G52uiNPMGVu-8C(U17x65N&mL zs_%3NNMc#JJ6*jnCd7~{ma~SMw$>z>_QNCuhU)88U=9bUYCVrFan+5|Wt2*@^J1C4 z_;1G3AA*t4z3}ym4;c3O;Z{dm-28bj^7)*E?mAuIBNlKCM~<$K*Q}PQ_)FXc06UWP z%ZCzUhAaePpy6w->dDk=hdlpG4krSDJRazcGp zpLZfZK^{luoLbQvZgiJY>BWxg7HcF+0;skPr)+6uxevH71FrXW^$IVt36M z=#QGS#YzBRZe0STm82Z`=~kSj@N>t1wj(M?Td>WK6zux;uN*o46;EFv7ZZi2eqvhw zE1#}<{7;nmufQ6)^{_@9Q;HD zs(J~+D&$pzuUlT>xL29y`!{J7b!gC$gN zqNHdHIrva4ZC)8}lwPIv*ZP8%Q2uU~iZg}8sVIS5eSYQvRZ;B7p6dpBtTG2i98ht=s=Ygbpwey5<(lBKbUUS+d zvL|zl+=#j4WtDTE^=ybNEP9MrA)CCc-6M6x=NZ*jOsv6KXai&~LlVl)^55>_cI`TO zQ@gV(lb}K4iP*Fk9l40bvJ)v-{ec0k4JWBgj}>Z&guMNKv`_L5ZkSzDK;u;0lOIk; zIYU%SNEp1R+~Tb&rr*}`dU>h-DnD5i%stg|H82_>mq}!m?*{|%zaASJ-hWmn0mnA9 zB6Bj^*>R<#X%PHV#>}pn^2!?r7t;0rJXw_CVm5*1`Ea}x)>u#G<|L(|G03Sd;7Sc5 zn$W{OeyHC*K`y5q8A{A+*N(HGH09Q&H0s7@;LA_P`{luh3a3`WIv%?|RPVVWw=l zCGBXgZ(Kh?;MhR?VI*pR+T%tR6g#fLa&{^9A8vuxM=Qcrb{fF!ovE7=h4@!*EUQ$D z{mqH_LHGn}73BY!g9P*zP_uD!)WY_Y>6r-#V?txSr`;$IuiY2BB-{&B{>q}(H00uB z5j|a@X0Q1>|=#NEF zrh3H_CZnH=xA^YHE>AsDXW%47yJU*L)LIYhFdS#j5bR49j$ISSbMnn7QV>=*sKQx& zUR`RJTzd>~l*q+&GDH$L&;vL@R`zAGcxKR9miRF}y-Lvr~gXwl5{XPDi?%Iq#FI_a#oo8(y{G=bu$Ka?r~>i<)gzeo9>N`1Hg z6z`+{fBj)#94P@;l%krv!o=nlJ=zWu!b_?Mtm>^uznJRmJ)AN;))Kq^9IsLau9UFW zLX<>wnXz2e`n zy=kEG!fNxIYsXs?D5`%NvS1bQJI&n$t;#GeMOC2_E-;4d(w`;WFL9p~iqWfIP|ux; z`@N_raS#%tYRv#r)?28G*EWo-h;Ig-I^Q0u*_UCcx>tj=$)!^Ca{wo| zE{j4@y{mUO92eie<)&;WbAYPsJ_yoaf(FyyXi!)Un_%y5U^4dEC=ufXtT9u*;>Ls# znOD`*m)vCZksEDFzMTQY@#$q%U#+DJ03ZR2w`)L!ml&{vDukd%uiZQLK%5+eE3s8P zccaqIhoSzAKlC+q8KimocCjhZ4O157r$KlXJb^~mY+&;Dt z;2*!M=6IlDDhM>i+bA(o22wUSejeomkU!YFralQidL~eR^6Pju%E0rWY2gGZn%^D_ z7+YB}`e=V?K8J*4o!20YPLsE^te|T6%KBal6{JJ^x@yw^lIxJv`fm~Y6ulMGu(pBJ z#l~DjYezZ1uvzQ8fTkX{`f zmE4Q=r1qWhVk+g7zyytchsL``6@zb^3i=X{VW)$lFy8tzeh~O{JW`zknya!UY6jmr z!o;Z{jfGi4#cVllX8Q)I=a3VZSC{elO*ebtj(ZDp$kU)gI%}x>-JPL>`qUn|f~$N< z_64sQ{DYF0_2kfRJ|o$rx7Z6SA~&Kx$)iC44~O5DY|m5~BR*;oxwlYOUw$onIQPx! zCfJ`o5;k1LrC^sXv+J%>6>Zolk1jSH+fL-tnLpVpj-iBheXgpx&^W!RKRi((i3_yf zCP%jqF5Ge`c0no7FX|~}#$JF~mp)sx`*jc4=xV$xvntY4t%9sGve6?yi*l)zK?M^9 zT`)McLj|y_!-AiYRn2q@FSj1*J~mE>wt!?{lX9Cz8l2rE$!!fkHu64KF%mAxIvGzO z_c-Y*VNa1NmI$s}l>J||oOw7@eb~pRJn@9cHpo^|*1;%@Y;Bg9$iB>=#vX$)7>qT^ zGEyRYDxOfbFpRN>A^Vcu3>kaY$xe9ZslVPo-sO6)>;3bb`@YY8|IT%;^E=<)?|kn2 zC53nW>+pP~428XzuF3Be38{J>E&0-=_$n)%<1~lIN%=Jx*91AiECY?$rxFtgRKcvZ z%yN40@XSuSuQG8v*)xSOVF!$|?i%yxas$haWIP*QkM6Q6BdJY>ye7~JnbZt9mj`sz zWZHx3i$~wSCj$>h{N+#^g*sTumvZ48(FW3vvjkRK*t60f47EXjlvuz1iU#c8aC-3e z#mhpOvH2ZF#gB**t7GZ#v(}>ri0^Y{+`zN7F<3s1ePWI}V0-M+^BMQMuT9jaa{O zA&(v*H0tRHeOBV%?Z92Ngq;pVN~ouQc`g$jNV~nEje9<}?64&}l6W%V;9UxG=^~tI zuhQ!>@Cq%MoHEycowmLv6;Yoz5>xHA9ebWeqEy^%7Vw>QraFp5;`D0z^2N)gNl@SO0&0AcuwA^OHK7LOcNE&0F*aMOlkhH7 zd+odm?3aU~L#zy>ZQ_1*6g%9O{_*+lysQ)M#WjdQ8u8&9w#C_Z%RaA+gV)#qwLLJ9 z@OU)Get=g{AlaIpF}5298rI1*!8K$qMGflxB!mMRmurU*xh7#f*xvsazUMKqW^JAKk)~m`@_}!LG9H4c>Zqo)E&H^@A@sJYjvyK8BIUDE+!w{PNjP!rVAE0E96$KEB}F?$YB9Mxahag z0>qZqMo8s3IIDKQAZ}sQM!o9@6bRsLVVP>U8cPQgTg+-(4LoS6dv@#htM<@=v?x3D zGtwMQ(6b~KC}v+0KOVpE)WK7m0J+ zUG){lS8Y{2wixevBX`{9qw9PUZU}`29lPe>fD`LM8$)&Wu);G^GXZ`U=*6ac%Li`0 zzN_2Szrfm}Qtm07LQKSMolpG;2_E)!A!XU&gJLsWWbd*4`U)ajuNQLM6L(%Z+sJB? zV|L|Yc>k?OHBu9#7i>+RwH+kx4XssIvRsv)K-yO;7oEfQyYMKY1ZwWdSw9|j!R&sr zupRZNW*Kv*rs|G6xz>zx@bmL&v^u6ckxy0hVtb~$(%4IbAWR!4T)o)I6m*qngW9jR zm>x-l6jNwYFWd20PjV>rk!KLXVxbg#s>)vpzqMtkWytcD?}-fOfnT5*Dh>|3n9 znZP4=+{f$$q0KD{?L$K9K7q7+rIA+1cj{Q*z=@dC)frdfo;h6Yy`T>{mbhoBVc)6w z%PMP6V96mv=P2V7I!E4Pm`T&FZ4xpP@~h459>K9eox-(%uvV2CY1ujvZ_o(-Rn!uV z`0(j|{V;dY{tkpZW-Qe_qsDlWMbAmLVq?Iu=~tc}w4Cz~*jicP-f* z+H(|zJmH_F*wvy}qhfJWel?Wm&Qy31wPbt2FzJ4E>bicoG6yhBQIA*LT>4`USN6VArfyV ze>q&Lw@N0rVdRPGW~6X#-b`MAUL5U5X^?LZ9vrW=h!_EYp#J`xIT}%Z_rHU!g=sqb zCx$19)7Kuc!B^rmT1i6UdMR&@o|HPy4&BMS>|nCr-mgE+MsPg?2o(z+~G&u_MNVwR&Ytf+EiHI!E3c>yW&b z_;O!*>f`5?lCC_SDn7nQa!pMdifH3y%CWl3-Ot&O(;(+7SZm$2C7VmE%xV<%L9I6W zyDdL_8)5h*{{$?{#<&K}@n7RjQt0HlVO`8OONG&ps;G;+T$0zAhx_OJi|U|h14MUn zv1V4_Em!)^38F|nMIoo^Be{_1KhA$9u{rvUTl+`bQ&yOjgZKqSUW@$G$G0%==c#ep zCGSLYN>2xXlIfcV2>jJ0jJ;TOp9*gy0i(?J`>b5 z;S1BRV6NpklFO+V#MB}FB}4^=m-4CEb%=R}_7|_+N|`uu&vb!Ui6||LKP$XUb-X9* zbTvy<&Lg!NBmNVCM(^HuG^Tb{-pV}ArX+owgx7OuA~jla^JYw)JUKfUm+fp!ij;Y_ z)Muu8PH%nfw2clLsUAaGKonPvS{R7W4CP$s|8OB-wuey`F1X@5%$lOx91?Zkd!K&M8LdSGQSmUs_g8PbRW)n$0t}aBoTVm0v2tx=Q$By5%g&I>_ z5#0_jq$W%&8&_U?5SMK{YS&NT=RYGK*FH(f8#ErPi4Vm1`R#ohfbd|V6|79;R$bB2 z>d5h+11Z~7+2o|SC)v*u>Ypo3czI4g@O;1V`3H47laGTxvQtyGjfbt;JHmVYd$4de z+V#QTRzhC~=agX4KV0mRI+c^q;q!=2C39(dYZ&{EF^cFs(B2xp(oak+I4LxsIIC}A z$3xK1m>+(?V6u}yM_~p{evioUiF32$N*k4bC4=# zdjrMRbH1|SCf~S>uT~bqyLaPP5!fbGG&4fB$K{_%O2_TZ@U6yLg?%q@`k*H_PD#|K5V+h3Ae&)$BX*MBqWN}ej`5wG*YfYHjTVs}Y z3n=A_ilNTjw8QJ6QA8QC1iQvd$Sn(ZSL8WzO2OkNjE-ixNg?mnNvCDc9MyOG1b2}v zR_3ujL8%t{H;S<>n2~}?(1{GS?A^SPheg1sga9Rcml6<XOcAz|b>qVw=j9lWL-a+ynqyDKZ2Bs`U zU^b4V5u2~eE5=zI!E#&UO8A2}dXb-dNZ0>5Hqa{fz6!h@qO%&tX&@1ie3gsa%nK>< zY##Ar>fS7ZRF7HJk6jkF%1oAa^+x&1{PX>1%C+=XXQy` zi@8L^U?xoN*eH!$w3(g|tMMPT7dS`G`{r3WZpy2F=SLPoVT*D5_)n1 z)dI!5Nsy0Byb8Gk06=#%`INTIpxR5D^1og(zU)`g9T&nMp^0(+RiktNs+&iT)FrB! z3ekUB2!QTs@iC+cG8ji)#W5Gf30aysx$XPEK$JxjJNx74jtm zpd}3F+!o}Y{7Y(m4{>z1?&1Sp26^W~>x+$~&GWy>y8lxa0Pp`47UtYSl6DU|KK<`FYjNdMha##N z{I|+~Td!ogwK&+foj{CNK)Yl`7a zT4F9K`w2J{X-f+$ig9=ax!dsKFQXom_x_Mw+cStp!wv66SV%Evq_bk+yZsN)UCRkO zIqGq_LbniIco;U2M5G*oM<#q01+2{uG*>g2hF0MoD)=L+(=nK?tR6~QLkCxeqO;a* zGdJM^Yqjx*8XQ79R7}Ou$k7+4z1&HnELUV+NcDt@iU{0daYL-0IofJELn@&suV*Ph#>?!NB# zSa3|s52ieD%UL&K3-L`Sygi*Aob{4DUMT%vg_Zn)#3a{QVE3vzIR+H~ikBCtfT$FV zPW|J98Ku@;SU)nlJiKptDR(%dVE@=_zX}M4~#+2|Mauipv zg|#AtV%9x3XZdj;0=Vf&UbT;6oA(Zkqq~>kt9&yD&0JA8Rr1(jf?152Gd{{lu$;JX zmQg-XGqhhMD62Eai>}&a?%^^BA%PpJtScR%y%H`BDxQ}ku^WKpM*B8e>*pS=J+{X_0K!S+R}A=bohkNPm+`4&rG5aOj&mO$exN zKwHE3cyzQcfx9P1fi)&_rDfrK3^Ik{Q`C>f&K+tdBQ86wm5`rKqMU%w@A{}%Hp2s6 z3!Ups_As@?(o`nX`w#r$IgUc7TVKNq+W}&YN*&*RS7K zmWcr}bctAJCU$}5xhE>ScI*_zD=d{+ZLWRbqoFy)Ijm$hDDEDrgEYNMODQ@M=4)9R}} zxPv0hRw;>(@|=^CY7fg{%v&w^9PzDMFi1$;O{T%+WIVIHuIsJq{ikIW}=imTYb1fxpP^G_7dbO|ea4r00 z^N{E~BJATW9QqZJG#S_oESvVVf&J})GA%n|Y*2d2^;fZrgC~k+i_^L_!n!%BE`3q;sXA5-WH~NE}{@+~of0g_H>aPVa|DUF#({aO%LsdHC2LJYFyQgJv KxA^wMC;tI3vq_5p literal 0 HcmV?d00001 diff --git a/docker-hub/registry-access-management.md b/docker-hub/registry-access-management.md new file mode 100644 index 0000000000..d601833786 --- /dev/null +++ b/docker-hub/registry-access-management.md @@ -0,0 +1,115 @@ +--- +description: Registry Access Management +keywords: registry, access, managment +title: Registry Access Management +--- + +Registry Access Management is a feature available to organizations with a Docker Business subscription. This feature lets organization owners manage the registries that their developers can access while using Docker Desktop. When using this feature, organization owners can ensure that their developers can only access their trusted registries, such as a secure private registry on Artifactory, thereby reducing the security risks that can occur when developers interact with public registries. + +> **Note** +> +> Registry Access Management is currently offered as a Tech Preview to a closed group of Docker Business customers. +{: .important} + +## Configure Registry Access Management permissions + +To configure Registry Access Management permissions, perform the following steps: + +1. Sign into your [Docker Hub](https://hub.docker.com){: target="_blank" rel="noopener" class="_"} account as an organization owner. +2. Select an organization, navigate to the **Settings** tab on the **Organizations** page and click **Org Permissions**. +3. Enable Registry Access Management to set the permissions for your registry. + + > **Note** + > + > When enabled, the Docker Hub registry is set by default, however you can also restrict this registry for your developers. + +4. Click **Add** and enter your registry details in the applicable fields, and click **Create** to add the registry to your list. +5. Verify that the registry appears in your list and click **Save & Apply**. You can verify that your changes are saved in the Activity tab. + + > **Note** + > + > Once you add a registry, it can take up to 24 hours for the changes to be enforced on your developers’ machines. If you want to apply the changes sooner, you must force a Docker logout on your developers’ machine and have the developers re-authenticate for Docker Desktop. Also, there is no limit on the number of registries you can add. See the [Caveats](#caveats) section to learn more about limitations when using this feature. + +![Registry Access Management](images/registry-access-management.png){:width="700px"} + +### Enforce authentication + +To ensure that each org member uses Registry Access Management on their local machine, you can perform the steps below to enforce sign-in under your organization. To do this: + +1. Download the latest version of Docker Desktop, and then +2. Create a `registry.json` file. + +Download Docker Desktop 4.5 or a later release. + +- [Download and install for Windows](/desktop/windows/install/) +- [Download and install for Mac](/desktop/mac/install/) + +#### Create a registry json file + +Before you create a `registry.json` file, ensure that the developer is a member of at least one organization in Docker Hub. If the registry.json file matches at least one organization the developer is a member of, they can sign into Docker Desktop and access all of their organizations. + +**On Windows** + +On Windows, you must create a file `C:\ProgramData\DockerDesktop\registry.json` with file permissions that ensure that the developer using Docker Desktop cannot remove or edit the file (that is, only the system administrator can write to the file). The file must be `JSON` and contain one or more organization names in the `allowedOrgs` key. + +To create your `registry.json` file on Windows: + +1. Open Windows PowerShell and select **Run as Administrator**. +2. Type the following command: `cd /ProgramData/DockerDesktop/` +3. Type `notepad registry.json` and enter the Docker Hub organization that the developer belongs to in `allowedOrgs` key and click **Save**. + + For example: + + ```json + { + "allowedOrgs": ["myorg"] + } + ``` + +**On macOS**: + +On macOS, you must create a file at `/Library/Application Support/com.docker.docker/registry.json` with file permissions that ensure that the developer using Docker Desktop cannot remove or edit the file (that is, only the system administrator can write to the file). The file must be of type JSON and contain the name of the Docker Hub organization in the `allowedOrgs` key (using one organization name instead of multiple organizations). + +To create your `registry.json` file on macOS: + +1. Navigate to Visual Studio Code or any text editor of your choice. +2. Enter one or more organization names in the `allowedOrgs` key and save it in your Documents. + + For example: + + ```json + { + "allowedOrgs": ["myorg"] + } + ``` + + 3. Open a new terminal and type the following command: + + `sudo mkdir -p /Library/Application\ Support/com.docker.docker` + + Note: if prompted, type your password associated with your local computer. + +4. Type the following command: + + `sudo cp Documents/registry.json /Library/Application\ Support/com.docker.docker/registry.json` + +### Verify the restrictions + + After you’ve created the registry.json file and deployed it onto the developers’ machines, you can verify whether the changes have taken effect by asking the developers to start Docker Desktop. + + If the configuration is successful, Docker Desktop prompts the developer to authenticate using the organization credentials on start. If the developer fails to authenticate, or authenticates as a developer in the wrong organization they will see an error message, and they will be denied access to Docker Desktop. + +### Caveats + + There are certain limitations when using Registry Access Management; they are as follows: + + * Windows image pulls, and image builds are not restricted + * Builds such as `docker buildx` using a Kubernetes driver are not restricted + * Builds such as `docker buildx` using a custom docker-container driver are not restricted + * Blocking is DNS-based; you must use a registry's access control mechanisms to distinguish between “push” and “pull” + * You must disable HTTP proxy or use a corporate proxy which also blocks the registries + * WSL 2 requires at least a 5.4 series Linux kernel (this does not apply to earlier Linux kernel series) + * Under the WSL 2 network, traffic from all Linux distributions is restricted (this will be resolved in the updated 5.15 series Linux kernel) + + Also, Registry Access Management operates on the level of hosts, not IP addresses. Developers can bypass this restriction within their domain resolution, for example by running Docker against a local proxy or modifying their operating system's `sts` file. Blocking these forms of manipulation is outside the remit of Docker Desktop. +