Do not allow the admin user to login to the container registry

ID

azure_container_registry_admin_user

Severity

critical

Vendor

Azure

Resource

Network

Tags

reachable

Description

Do not allow the admin user to login to the container registry. By default, azure_rm_containerregistry.admin_user_enabled=false.

Learn more about this topic at Azure container registry.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Create an azure container registry
      azure_rm_containerregistry:
        name: myRegistry
        location: eastus
        resource_group: myResourceGroup
        admin_user_enabled: true
        sku: Premium
        tags:
          Release: beta1
          Environment: Production

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Create an azure container registry
      azure_rm_containerregistry:
        name: myRegistry
        location: eastus
        resource_group: myResourceGroup
        admin_user_enabled: false
        sku: Premium
        tags:
          Release: beta1
          Environment: Production
---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Create an azure container registry
      azure_rm_containerregistry:
        name: myRegistry
        location: eastus
        resource_group: myResourceGroup
        sku: Premium
        tags:
          Release: beta1
          Environment: Production