Docker credentials definition on azurerm_linux_web_app

[GlarakisTaxyio]

Is there an existing issue for this?

• I have searched the existing issues

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.0.11

AzureRM Provider Version

3.66.0

Affected Resource(s)/Data Source(s)

azurerm_linux_web_app

Terraform Configuration Files

resource "azurerm_linux_web_app" "api" {
  name                = "${azurerm_resource_group.this.name}-api"
  location            = local.new_location
  resource_group_name = azurerm_resource_group.this.name
  service_plan_id     = azurerm_service_plan.main_plan.id
  https_only          = true

  depends_on          = [azurerm_postgresql_database.this]

  app_settings = merge({

    ### OLD Docker Credential Definition. --------------------------------    
    DOCKER_REGISTRY_SERVER_URL      = "https://${local.docker.registry_fqdn}"
    DOCKER_REGISTRY_SERVER_USERNAME = local.docker.username
    DOCKER_REGISTRY_SERVER_PASSWORD = local.docker.password
    ### ------------------------------------------------------------------

    TEMP_DIR = "/tmp"
  }, local.api.environment)

  site_config {
    ### NEW Docker credential definition --------------------------------
    application_stack { 
      docker_image_name        = local.api.docker_image
      docker_registry_url      = "https://${local.docker.registry_fqdn}"
      docker_registry_username = local.docker.username
      docker_registry_password = local.docker.password
    }    
    ### ------------------------------------------------------------------

    always_on        = "true"
    health_check_path = "/api/v1/version"

  tags = local.tags
}

Debug Output/Panic Output

2023-08-17T08:00:25.177Z WARN - Image pull failed. Defaulting to local copy if present.
2023-08-17T08:00:25.179Z ERROR - Image pull failed: Verify docker image configuration and credentials (if using private repository)
2023-08-17T08:00:25.182Z INFO - Stopping site our-api because it failed during startup.
2023-08-17T08:04:51.348Z ERROR - DockerApiException: Docker API responded with status code=InternalServerError, response={"message":"Get \"our-image-from-custom-registry": denied: You may not login yet"}

Expected Behaviour

After upgrading AzureRM from v. 2.87.0 to v. 3.66.0, by following the migration guide and adjusting our code to the changes:

Pull the image from the registry using the provided credentials.
(Using only the NEW Docker Credentials definition)

Actual Behaviour

Unable to pull the image from the registry, the Docker credentials were not visible on the Configuration page in Azure Portal.

According to the documentation

docker_registry_url, docker_registry_username, and docker_registry_password replace the use of the app_settings values of DOCKER_REGISTRY_SERVER_URL, DOCKER_REGISTRY_SERVER_USERNAME and DOCKER_REGISTRY_SERVER_PASSWORD respectively, these values will be managed by the provider and should not be specified in the app_settings map.

We eventually added back the OLD Docker Credentials definition in the app_settings and everything works again.

Steps to Reproduce

No response

Important Factoids

No response

References

No response

[xiaxyi]

Thanks @GlarakisTaxyio for raising this issue, the fix is included in the pr:#22484

[james-mwakichako]

We are still seeing this issue in 3.69.0 of the provider. Sometimes the docker image is pulled successfully but most times it fails with

DockerApiException: Docker API responded with status code=InternalServerError, response={"message":"Head \"https://xxxxxxxxxxxxxxxx\": unauthorized: authentication required, visit https://aka.ms/acr/authorization for more information."}

Any idea on when there will be a fix ?

FYI, docker credentials never show up in application settings

[rcskosir]

PR#22484 was closed and superseded by PR #23303 which was merged and released as a part of v3.74.0, and should be resolved. If you find that is not the case, please reach out here to reopen.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.