Add troubleshooting for Azure Policy remediation on CMK-encrypted registries#158
Add troubleshooting for Azure Policy remediation on CMK-encrypted registries#158cshung wants to merge 1 commit into
Conversation
|
Learn Build status updates of commit 4f24ca7: ✅ Validation status: passed
For more details, please refer to the build report. |
|
Learn Build status updates of commit 4f24ca7: ✅ Validation status: passed
For more details, please refer to the build report. |
|
@cshung Thank you for your contribution. Would you take a moment to sign the Contributor License Agreement (CLA)? After the CLA is signed, someone can review your pull request. Thanks! #label:"aq-pr-triaged" |
4f24ca7 to
84c78fc
Compare
There was a problem hiding this comment.
Pull request overview
This PR updates the Azure Container Registry (ACR) customer-managed key (CMK) troubleshooting tutorial to document a known Azure Policy Modify remediation limitation for CMK-encrypted registries and to provide a supported CLI-based workaround to restore compliance.
Changes:
- Adds a new troubleshooting section explaining why Azure Policy Modify remediation can fail for CMK-encrypted registries.
- Documents a CLI workaround (
az acr config authentication-as-arm update) to set the targeted property without impacting encryption.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
Learn Build status updates of commit 84c78fc: ✅ Validation status: passed
For more details, please refer to the build report. |
84c78fc to
cac8c9e
Compare
|
Learn Build status updates of commit cac8c9e: ✅ Validation status: passed
For more details, please refer to the build report. |
cac8c9e to
047c6b7
Compare
|
Learn Build status updates of commit 047c6b7: ✅ Validation status: passed
For more details, please refer to the build report. |
047c6b7 to
34d2f57
Compare
|
Learn Build status updates of commit 34d2f57: ✅ Validation status: passed
For more details, please refer to the build report. |
Document the known limitation where automatic Modify policy remediation fails on registries encrypted with a customer-managed key, including the exact BadRequest error and the supported CLI workaround. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
34d2f57 to
07c3ef7
Compare
|
Learn Build status updates of commit 07c3ef7: ✅ Validation status: passed
For more details, please refer to the build report. |
@microsoft-github-policy-service agree company="Microsoft" |
|
@cshung : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change. |
|
@cshung : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change. |
|
Can you review the proposed changes? Important: When the changes are ready for publication, adding a #label:"aq-pr-triaged" |
Summary
Adds a troubleshooting section to the ACR customer-managed key (CMK) troubleshooting article documenting a known limitation: automatic Azure Policy Modify remediation isn't currently supported on CMK-encrypted registries. Such remediation fails with a
BadRequest, leaving the registry noncompliant.What the section covers
BadRequesterror text, so the page is discoverable by searching the error.Context
Based on a customer support incident root-caused to this behavior. The policy definition itself is correct. The wording ("isn't currently supported") avoids implying the limitation is necessarily permanent.