Error while Adding DAPR via Azure component in Azure Container Apps Environment.

[VenkataRKC]

Please provide us with the following information:

This issue is a: (mark with an x)

• [ ] bug report -> please search issues before submitting
• [ ] documentation issue or request
• [ ] regression (a behavior that used to work and stopped in a new release)

Issue description

I am trying to add a DAPR Component via Azure Component option and it fails with Deny Assignments which are there on the managed resource group that gets created when we host Azure Functions in Azure Container Apps.

Steps to reproduce

1. .. Create a Azure Function in Azure Container App
2. .. Add DAPR component to the container App Environment via the Azure Component Option and try to add a Config store

Expected behavior [It should add the DAPR component]

Actual behavior [Errors out with Deny Assignments]

Screenshots
If applicable, add screenshots to help explain your problem.

Additional context

Error Error: Operation is not succeeded: Failed. {"code":"UnauthorizedResourceAccess","message":"Execution failed. The client '' with object id 'a3a44cb2-fcb0-47ec-bd42-edd8a815da06' has permission to perform action 'Microsoft.App/containerApps/write' on scope '/subscriptions/9d23e376-3fdf-46a7/resourceGroups/usascamsdevace01_FunctionApps_d3e11262-39ea-43ee-bb96-e44160074aea/providers/Microsoft.App/containerApps/ams-blob'; however, the access is denied because of the deny assignment with name 'd3e11262-39ea-43ee-bb96-e44160074aea' and Id 'd3e1126239ea43eebb96e44160074aea' at scope '/subscriptions/9d23e376-3fdf-46a7/resourceGroups/usascamsdevace01_FunctionApps_d3e11262-39ea-43ee-bb96-e44160074aea'.\nStatus: 403 (Forbidden)\nErrorCode: DenyAssignmentAuthorizationFailed\n\nContent:\n{\"error\":{\"code\":\"DenyAssignmentAuthorizationFailed\",\"message\":\"The client '' with object id 'a3a44cb2-fcb0-47ec-bd42-edd8a815da06' has permission to perform action 'Microsoft.App/containerApps/write' on scope '/subscriptions/9d23e376-3fdf-46a7/resourceGroups/usascamsdevace01_FunctionApps_d3e11262-39ea-43ee-bb96-e44160074aea/providers/Microsoft.App/containerApps/ams-blob'; however, the access is denied because of the deny assignment with name 'd3e11262-39ea-43ee-bb96-e44160074aea' and Id 'd3e1126239ea43eebb96e44160074aea' at scope '/subscriptions/9d23e376-3fdf-46a7/resourceGroups/usascamsdevace01_FunctionApps_d3e11262-39ea-43ee-bb96-e44160074aea'.\"}}\n\nHeaders:\nCache-Control: no-cache\nPragma: no-cache\nx-ms-failure-cause: REDACTED\nx-ms-request-id: dae830b3-501d-4bd9-9d17-d829d44549d0\nx-ms-correlation-request-id: REDACTED\nx-ms-routing-request-id: REDACTED\nStrict-Transport-Security: REDACTED\nX-Content-Type-Options: REDACTED\nX-Cache: REDACTED\nX-MSEdge-Ref: REDACTED\nDate: Wed, 02 Oct 2024 15:21:26 GMT\nContent-Length: 712\nContent-Type: application/json; charset=utf-8\nExpires: -1\n"

[raorugan]

Hi @VenkataRKC , user is not expected to update from MRG as deny assignment for updates is being enforced. However the portal experience for Azure Functions on ACA is not yet enabled . Adding Dapr components will work via ARM/Bicep/azd deployments

[raorugan]

For more details on MRG refer to this doc link - https://learn.microsoft.com/en-us/azure/azure-functions/functions-container-apps-hosting#managed-resource-groups

[VenkataRKC]

Ok thank you @raorugan , will try adding the component via Bicep. Any ETA on when this will be enabled from portal ?.