Open mcaulifn opened 3 weeks ago
I can't visualize how this is going here. I also see secret
block supporting UMI & SMIs but both the MIs need to be granted appropriate access on keyvault resource. I do hope it's the same with registry
block. UMIs could be granted RBAC roles beforehand but that's not possible with SMIs right?
My assumption is that on Portal, SMIs are granted access on registry resource on the fly which isn't possible unless role assignment resource is called. I am not sure if this is solved for other resources..
Is there an existing issue for this?
Community Note
Description
Add support for using System Managed Identities when setting registry permissions in
azurerm_container_app_job
. Currently, a separate user assigned identity is required which adds an additional resource. This is possible when using the UI.The
registry
block could default to using theSystemAssigned
identity if theidentity
block is configured that way.New or Affected Resource(s)/Data Source(s)
azurerm_container_app_job
Potential Terraform Configuration