Container app Jobs create with --registry-identity fails

[ioanbo]

Please provide us with the following information:

This issue is a: (mark with an x)

• [x ] bug report -> please search issues before submitting
• [ ] documentation issue or request
• [ ] regression (a behavior that used to work and stopped in a new release)

Issue description

When creating a new container app job with the parameter --registry-identity and the id of a User managed identity we see the following error:

The command failed with an unexpected error. Here is the traceback:
'userAssignedIdentities'
Traceback (most recent call last):
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/knack/cli.py", line 233, in invoke
    cmd_result = self.invocation.execute(args)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/core/commands/__init__.py", line 666, in execute
    raise ex
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/core/commands/__init__.py", line 733, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/core/commands/__init__.py", line 725, in _run_job
    return cmd_copy.exception_handler(ex)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/bogdan/.azure/cliextensions/containerapp/azext_containerapp/_client_factory.py", line 29, in _polish_bad_errors
    raise ex
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/core/commands/__init__.py", line 703, in _run_job
    result = cmd_copy(params)
             ^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/core/commands/__init__.py", line 336, in __call__
    return self.handler(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/lib/python3.11/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler
    return op(**command_args)
           ^^^^^^^^^^^^^^^^^^
  File "/Users/bogdan/.azure/cliextensions/containerapp/azext_containerapp/custom.py", line 919, in create_containerappsjob
    containerapp_job_create_decorator.construct_payload()
  File "/Users/bogdan/.azure/cliextensions/containerapp/azext_containerapp/containerapp_job_decorator.py", line 714, in construct_payload
    self.parent_construct_payload()
  File "/Users/bogdan/.azure/cliextensions/containerapp/azext_containerapp/containerapp_job_decorator.py", line 711, in parent_construct_payload
    self.set_up_registry_identity()
  File "/Users/bogdan/.azure/cliextensions/containerapp/azext_containerapp/containerapp_job_decorator.py", line 534, in set_up_registry_identity
    if not env_has_managed_identity(self.cmd, managed_env_rg, managed_env_name, identity):
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/bogdan/.azure/cliextensions/containerapp/azext_containerapp/_utils.py", line 758, in env_has_managed_identity
    for msi in managed_env_info["identity"]["userAssignedIdentities"]:
               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^
KeyError: 'userAssignedIdentities'

Steps to reproduce

1. Create a User Managed identity, ACR, Container App Env
2. Assign acrpull to the user managed identity in the ACR
3. Execute the following command:

   az containerapp job create -n "test" \
   -g "my-rg" \
   --environment "my-ca-env" \
   --registry-identity /subscriptions/subsc/resourceGroups/my-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/my-umid \
   --mi-user-assigned my-umid \
   --trigger-type Event \
   --replica-timeout 1800 \
   --replica-retry-limit 0 \
   --replica-completion-count 1 \
   --parallelism 1 \
   --image "my-acr.azurecr.io/image_name:latest" \
   --min-executions 3 \
   --max-executions 10 \
   --polling-interval 30 \
   --scale-rule-name "azure-pipelines" \
   --scale-rule-type "azure-pipelines" \
   --scale-rule-metadata "poolName=Pool-name" "targetPipelinesQueueLength=1" \
   --scale-rule-auth "personalAccessToken=personal-access-token" "organizationURL=organization-url" \
   --cpu "2.0" \
   --memory "4Gi" \
   --secrets "personal-access-token=PAT-Token" "organization-url=https://dev.azure.com/my-org" \
   --env-vars "AZP_TOKEN=secretref:personal-access-token" "AZP_URL=secretref:organization-url" "AZP_POOL=Pool-name" \
   --registry-server "my-acr.azurecr.io"

   This will fail with the error indicated.

4. Remove the parameter --registry-identity and the same command works and a new container app job is created.

Expected behavior [What you expected to happen.] A new container app job is created Actual behavior [What actually happened.] Fails with the above error. Screenshots
If applicable, add screenshots to help explain your problem.

Additional context

Ex. Did this issue occur in the CLI or the Portal? This is in the cli.

[anthonychu]

Thanks for reporting. We have identified the issue and have a fix on the way: https://github.com/Azure/azure-cli-extensions/pull/7970

[ioanbo]

Ok will wait for that fix

[Greedygre]

Hi @ioanbo

The has been fixed from containerapp extension version 1.0.0b2. Please update containerapp extension with command az extension add -n containerapp --upgrade and make sure containerapp extension version >= 1.0.0b2. (Get version with command az version)

cc @anthonychu @njuCZ