Alibaba Cloud CLI is a general-purpose command-line tool that is developed based on APIs. You can use Alibaba Cloud CLI to automate the management and maintenance of Container Registry (ACR). This topic describes how to use Alibaba Cloud CLI to call the API operations of Container Registry. In the following example, the GetInstance operation is called to query the details of a Container Registry Enterprise Edition instance.
Before you begin
You must be familiar with Alibaba Cloud CLI. For more information, see What is Alibaba Cloud CLI?
Step 1: Install Alibaba Cloud CLI
You must install Alibaba Cloud CLI before you can use Alibaba Cloud CLI. You can install Alibaba Cloud CLI in Windows, Linux, and macOS operating systems. Select an installation package of Alibaba Cloud CLI based on the operating system of your device. For more information, see the following topics:
You can also use Alibaba Cloud Cloud Shell to debug the commands that you want to run in Alibaba Cloud CLI. For more information about Cloud Shell, see What is Cloud Shell?
Step 2: Configure Alibaba Cloud CLI
An Alibaba Cloud account has permissions to manage and access the APIs of all Alibaba Cloud services. If you use an Alibaba Cloud account to call API operations, security risks may arise. We recommend that you create a Resource Access Management (RAM) user, grant permissions to the RAM user based on the principle of least privilege, and then use the RAM user to call API operations. For information about the permission policies supported by Container Registry, see System permission policies of Container Registry.
Before you use Alibaba Cloud CLI, you must specify information, such as identity credentials and a region ID, in Alibaba Cloud CLI. Alibaba Cloud CLI supports various identity credentials. For more information, see the Credential types section of the "Configure profiles" topic. In this example, AccessKey credentials are used. To use AccessKey credentials, perform the following steps:
Create a RAM user and create an AccessKey pair for the RAM user. For more information, see Create a RAM user and the Create an AccessKey pair for a RAM user section of the "Create an AccessKey pair" topic.
Grant permissions to the RAM user. In this example, attach the
AliyunContainerRegistryReadOnlyAccesspolicy to the RAM user to grant the RAM user the read-only permissions on Container Registry. For more information, see Grant permissions to a RAM user.Obtain the ID of the region that you want to use. Alibaba Cloud CLI uses the region ID that you specify to initiate API calls. For information about the regions in which Container Registry is available, see Endpoints.
NoteWhen you use Alibaba Cloud CLI, you can use the
--regionoption to specify the region from which you want to initiate an API call. If you use this option, Alibaba Cloud CLI ignores the region information in the default credential configurations and environment variable settings. For more information, see Command line options for API calls.Use the AccessKey pair of the RAM user to configure identity credentials in the configuration file named
AkProfile. For more information, see the Configuration examples section of the "Configure profiles" topic.
Generate a sample command
Go to the GetInstance debugging page in OpenAPI Explorer.
On the Parameters tab, configure the request parameters and initiate an API call. Then, click the CLI Example tab to view the generated sample command.
Copy the sample command or debug the sample command in Cloud Shell.
Click the Run Command in CloudShell icon
to start Cloud Shell and then debug the command in Cloud Shell. Click the Copy icon
to copy the sample command to the clipboard. You can paste the sample command to your shell to run the sample command. NoteTake note of the parameter formats when you copy and paste the sample command to your shell. For information about the parameter formats of Alibaba Cloud CLI, see Parameter formats.
By default, OpenAPI Explorer adds the
--regionoption to the generated sample command. When you copy the command to your shell, Alibaba Cloud CLI ignores the region information in the default identity credential configurations and environment variable settings, and runs the command in the specified region. You can delete or retain the option based on your business requirements.
Call API operations
Example 1: Query the Container Registry API operations that can be called in Alibaba Cloud CLI
The following example shows how to use the --help option to query the Container Registry API operations that can be called in Alibaba Cloud CLI. You can also view the API operations in List of operations by function.
Run the following command:
aliyun cr --helpView the command output.
Example 2: Query the details of a Container Registry instance
The following example shows how to use Alibaba Cloud CLI to call the GetInstance operation of Container Registry to query the details of a Container Registry instance.
Run the following command:
aliyun cr GetInstance --region cn-shanghai --InstanceId 'cri-xkx6vujuhay0****'The following command output is returned, which includes the details of the specified Container Registry instance.
{ "ModifiedTime": 1571926560000, "RequestId": "6EF34B18-4228-470C-860C-D28597CF010E", "CreateTime": 1571926439000, "InstanceName": "shanghai-instance1", "InstanceSpecification": "Enterprise_Basic", "Code": "success", "InstanceStatus": "RUNNING", "InstanceId": "cri-xkx6vujuhay0****", "IsSuccess": true, "ResourceGroupId": "rg-acfmv36i4isx****", "InstanceIssue": "Instance issue. Valid values:\nOSS_TOO_MANY_BUCKETS: The maximum number of Object Storage Service (OSS) buckets is reached.\n\nOSS_BUCKET_ALREADY_EXISTS: An OSS bucket that has the same name already exists.\n\nOSS_SERVICE_ROLE_UNAUTHORIZED: You do not have permissions to access OSS resources.\n\nUSER_NOT_REGISTERED_BY_REAL_NAME: The Alibaba Cloud account has not completed real-name verification.", "Tags": [ { "TagKey": "test_key", "TagValue": "test_value" } ] }NoteIf an error is returned after you call the Container Registry API operation, check whether the request parameters and the values of the request parameters are valid based on the returned error code.
You can also perform self-service diagnostics based on the returned request ID or SDK error message on the OpenAPI problem diagnosis page.