btardif
commented
3 months ago @fabiocav can you take a look? this is not a UX issue
Open nathanblair opened 3 months ago
btardif
commented
3 months ago @fabiocav can you take a look? this is not a UX issue
Issue Title
UseManagedIdentityCreds in Azure Functions on Azure Container Apps
Description
Azure Functions on Azure Container Apps is currently in preview and I would like to begin rolling it out for my company. While doing so in the Azure Portal I am prompted to provide the registry to pull our Function Container Image from as well as credentials for accessing the registry.
Our governance policy is such that Azure Functions must have
AcrUseManagedIdentityCredsset totrue. This works for App Services and Function Apps that are directed at App Service plans rather than App Container Environments. But for Function apps directed at running on Azure Container Environments, when trying to deploy a custom ARM template through Terraform'sAzAPIprovider, I get this messageAzAPI template
``` resource "azapi_resource" "function" { type = "Microsoft.Web/sites@2022-09-01" parent_id = "our resource group ID" location = "our target location" response_export_values = ["*"] name = "a function name" identity { type = "UserAssigned" identity_ids = ["an identity with pull access to our registry"] } body = jsonencode({ kind = "functionapp,linux,container,azurecontainerapps" properties = { managedEnvironmentId = "our container app environment ID" virtualNetworkSubnetId = "our subnet id in the container app environment" clientAffinityEnabled = false httpsOnly = true siteConfig = { acrUseManagedIdentityCreds = true acrUserManagedIdentityID = data.azurerm_user_assigned_identity.acr.id linuxFxVersion = "DOCKER|our-docker-registry/our-docker-registry/our-function-name:the-function-tag" appSettings = [ { "name" : "FUNCTIONS_EXTENSION_VERSION", "value" : "~4" }, { "name" : "WEBSITES_ENABLE_APP_SERVICE_STORAGE", "value" : "false" } ] } } }) } ```