Help with setting the Registry managed user identity on a Container App

Terraform Providers Azure
1

I’ve got the following snippet for creating container apps. But it says that the identity used by the registry does not exist. But it’s just been created!

Any ideas about what I’m doing wrong? (Using AzureRM 3.45)

resource “azurerm_user_assigned_identity” “uai” {
location = var.location
name = “${var.container_app_environment_name}-registry-identity”
resource_group_name = var.resource_group_name

tags = {
Environment = var.environment_tag
}
}

resource “azurerm_container_app” “ca” {

for_each = local.container_app_names

name = “{each.key}-{var.dotnet_environment}”
container_app_environment_id = azurerm_container_app_environment.cae.id
resource_group_name = var.resource_group_name
revision_mode = “Single”
tags = {
Environment = var.environment_tag
}

registry {
identity = azurerm_user_assigned_identity.uai.id
server=“my-company.azurecr.io
}

}

The error is:

performing CreateOrUpdate:
│ containerapps.ContainerAppsClient#CreateOrUpdate: Failure sending request: StatusCode=0 – Original Error:
│ Code=“WebhookInvalidParameterValue” Message=“The following field(s) are either invalid or missing. Invalid value:
│ "/subscriptions/xxxxx–xxxx-xxxx-xxx/resourceGroups/rg-development/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cae-development-registry-identity":
│ Managed Identity does not exist: configuration.Registries.propertymaster.azurecr.io.Identity.”

2

See Container App - Registry.Identity can't find identity · Issue #20675 · hashicorp/terraform-provider-azurerm · GitHub for the solution.

3

Thanks for info. So it is not right now possible to pull Container App images using a service principal created for Terraform? It works seamlessly with container-based web apps.