Open Garwakizashi opened 2 years ago
route to CXP team
@Garwakizashi Thank you for reaching out, we are looking into it.
@Garwakizashi Please go through this documentation https://docs.microsoft.com/en-us/azure/container-apps/managed-identity?tabs=portal%2Cdotnet.
In the meanwhile I will verify the working of identity settings using yaml
@Garwakizashi The error is propagated from the service and not from CLI. Let me engage the service team.
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @macolso.
Author: | Garwakizashi |
---|---|
Assignees: | - |
Labels: | `Service Attention`, `Container Instances`, `question`, `customer-reported`, `Auto-Assign`, `ContainerApp` |
Milestone: | - |
@Garwakizashi Please go through this documentation https://docs.microsoft.com/en-us/azure/container-apps/managed-identity?tabs=portal%2Cdotnet.
In the meanwhile I will verify the working of identity settings using yaml
Thanks @RakeshMohanMSFT , I've been working around this issue by using az containerapp identity assign
after intial YAML creation. But it would be great to do it via the YAML specification instead. Basically I want to create a container app with identity set in place, so that I can also connect to the registry via identity, rather than using username + password.
Related command
az containerapp create -n container-name -g resource-group --yaml file.yaml
Describe the bug Using the yaml specification for creating a containerapp, when user assigned identities are specified, it will always say:
The 'UserAssignedIdentities' property keys should only be empty json objects, null or the resource exisiting property.
(actually the response also has a typoexisiting
š )Upon checking running again with
--verbose
on, it seems the empty json object{}
, still get parsed to json as:I understand that the use of
identity
in the yaml specification isn't actually listed in the documentation, but it seems that it is possible to use it, just that the parsing of empty{}
values in yaml creates those nullprincipalId
andclientId
properties.To Reproduce
az containerapp create -n container-name -g example-rg --yaml file.yaml
Expected behavior I'd expect the container app to be created with the managed identity assigned to the ACA
Environment summary My az version:
2.38.0
Additional context
After finding checking out the request body via
--verbose
, I've tried it myself via rest , and changing the identity value to empty json works. i.e