Support api-version 2019-08-01 or above for Azure Container App

[kabal2010]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Authentication using IDENTITY_ENDPOINT for Terraform in Azure Container App is using the the api-version 2018-02-01 as shown in the error below which is because of the default set in https://github.com/hashicorp/go-azure-sdk/blob/02fea5bf71c725cf01668bf28c523b7f84422718/sdk/auth/managed_identity_authorizer.go#L47.

2024-07-23T09:03:56.265Z [DEBUG] provider.terraform-provider-azurerm_v3.113.0_x5: plugin address: address=/tmp/plugin2308236137 network=unix timestamp=2024-07-23T09:03:56.264Z
2024-07-23T09:03:56.265Z [DEBUG] provider: using plugin: version=5
2024-07-23T09:03:56.331Z [WARN]  ValidateProviderConfig from "provider[\"registry.terraform.io/hashicorp/azurerm\"]" changed the config value, but that value is unused
2024-07-23T09:03:56.333Z [DEBUG] provider.terraform-provider-azurerm_v3.113.0_x5: Configuring built-in cloud environment by name: "public": timestamp=2024-07-23T09:03:56.332Z
2024-07-23T09:03:56.333Z [DEBUG] provider.terraform-provider-azurerm_v3.113.0_x5: Performing GET Request to "http://localhost:42356/msi/token?api-version=2018-02-01&client_id=3e6d550a-xxxx-xxxx-xxxx-xxxxxxxxxxxx&resource=https%3A%2F%2Fgraph.microsoft.com": timestamp=2024-07-23T09:03:56.332Z
2024-07-23T09:03:56.333Z [DEBUG] provider.terraform-provider-azurerm_v3.113.0_x5: GET http://localhost:42356/msi/token?api-version=2018-02-01&client_id=3e6d550a-xxxx-xxxx-xxxx-xxxxxxxxxxxx&resource=https%3A%2F%2Fgraph.microsoft.com: timestamp=2024-07-23T09:03:56.332Z
2024-07-23T09:03:56.334Z [DEBUG] provider.terraform-provider-azurerm_v3.113.0_x5: Reading Body from GET "http://localhost:42356/msi/token?api-version=2018-02-01&client_id=3e6d550a-xxxx-xxxx-xxxx-xxxxxxxxxxxx&resource=https%3A%2F%2Fgraph.microsoft.com": timestamp=2024-07-23T09:03:56.334Z
2024-07-23T09:03:56.335Z [ERROR] provider.terraform-provider-azurerm_v3.113.0_x5: Response contains error diagnostic: diagnostic_detail="" diagnostic_severity=ERROR tf_provider_addr=provider tf_rpc=Configure @caller=github.com/hashicorp/terraform-plugin-go@v0.19.0/tfprotov5/internal/diag/diagnostics.go:58 diagnostic_summary="building account: could not acquire access token to parse claims: ManagedIdentityAuthorizer: failed to request token from metadata endpoint: received HTTP status 400 with body: {\"error\":{\"code\":\"UnsupportedApiVersion\",\"message\":\"The HTTP resource that matches the request URI 'http://localhost:42356/msi/token' does not support the API version '2018-02-01'.\",\"innerError\":null}}" tf_proto_version=5.4 tf_req_id=b1282aa4-7701-03f3-5d76-c179f7204ac6 @module=sdk.proto timestamp=2024-07-23T09:03:56.334Z
2024-07-23T09:03:56.335Z [ERROR] vertex "provider[\"registry.terraform.io/hashicorp/azurerm\"]" error: building account: could not acquire access token to parse claims: ManagedIdentityAuthorizer: failed to request token from metadata endpoint: received HTTP status 400 with body: {"error":{"code":"UnsupportedApiVersion","message":"The HTTP resource that matches the request URI 'http://localhost:42356/msi/token' does not support the API version '2018-02-01'.","innerError":null}}
2024-07-23T09:03:56.335Z [WARN]  Planning encountered errors, so plan is not applyable
2024-07-23T09:03:56.335Z [INFO]  backend/local: plan operation completed

Planning failed. Terraform encountered an error while generating this plan.

╷
│ Error: building account: could not acquire access token to parse claims: ManagedIdentityAuthorizer: failed to request token from metadata endpoint: received HTTP status 400 with body: {"error":{"code":"UnsupportedApiVersion","message":"The HTTP resource that matches the request URI 'http://localhost:42356/msi/token' does not support the API version '2018-02-01'.","innerError":null}}
│ 
│   with provider["registry.terraform.io/hashicorp/azurerm"],
│   on main.tf line 2, in provider "azurerm":
│    2: provider "azurerm" {
│ 
╵
2024-07-23T09:03:56.346Z [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2024-07-23T09:03:56.349Z [INFO]  provider: plugin process exited: plugin=.terraform/providers/registry.terraform.io/hashicorp/azurerm/3.113.0/linux_amd64/terraform-provider-azurerm_v3.113.0_x5 id=1840
2024-07-23T09:03:56.349Z [DEBUG] provider: plugin exited

New or Affected Resource(s)/Data Source(s)

azurerm_container_app azurerm_container_app_job

Potential Terraform Configuration

The api-version called when authenticating using IDENTITY_ENDPOINT will be 2019-08-01

Service Name

Azure Container Apps

API Versions Required

2019-08-01

References

https://github.com/hashicorp/terraform-provider-azurerm/issues/21616