azurerm_container_app_custom_domain errors if container app has private registry (secret set)

[AButler]

Is there an existing issue for this?

• I have searched the existing issues

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.7.4

AzureRM Provider Version

3.95.0

Affected Resource(s)/Data Source(s)

azurerm_container_app_custom_domain

Terraform Configuration Files

resource "azurerm_container_app" "ingress" {
  name                         = "ingress"
  container_app_environment_id = azurerm_container_app_environment.container-app-environment.id
  resource_group_name          = azurerm_resource_group.rg.name
  revision_mode                = "Single"

  template {
    container {
      name   = "hub"
      image  = "ghcr.io/my-org/ingress:latest"
      cpu    = 0.25
      memory = "0.5Gi"
    }
  }

  registry {
    server               = "ghcr.io"
    username             = "my-user"
    password_secret_name = "registry-secret"
  }

  secret {
    name  = "registry-secret"
    value = "my-password"
  }

  ingress {
    target_port      = 80
    external_enabled = true
    traffic_weight {
      percentage      = 100
      latest_revision = true
    }
  }
}

resource "azurerm_container_app_custom_domain" "root" {
  name                                     = azurerm_dns_a_record.root.fqdn
  container_app_id                         = azurerm_container_app.ingress.id
  container_app_environment_certificate_id = azurerm_container_app_environment_certificate.container-app-certificate.id
  certificate_binding_type                 = "SniEnabled"
}

Debug Output/Panic Output

Resource Group Name: "***"
Container App Name: "ingress"
Custom Domain Name: "***"): performing CreateOrUpdate: unexpected status 400 with error: ContainerAppSecretInvalid: Invalid Request: Container app secret(s) with name(s) 'registry-secret' are invalid: value or keyVaultUrl and identity should be provided.

  with azurerm_container_app_custom_domain.root,
  on 02-ingress.tf line 37, in resource "azurerm_container_app_custom_domain" "root":
  37: resource "azurerm_container_app_custom_domain" "root" {

Expected Behaviour

The azurerm_container_app_custom_domain should correctly add the custom domain.

Actual Behaviour

The azurerm_container_app_custom_domain fails to create. The logs seem to indicate it is because the registry secret is not resolved, presumably because the azurerm_container_app_custom_domain is getting the container app in order to update it with the custom domain, but isn't retrieving the secret and then when updating isn't sending the secret back.

Steps to Reproduce

1. terraform apply

Important Factoids

No response

References

No response

[fabrideci]

Hi @AButler, @katbyte, unfortunately the issue seems not to be resolved as I'm still facing the same exact problem described here, with azurerm version 3.97.1. Can please someone have a further look into this? Thank you.

[AButler]

Yeah - it looks like my PR didn't fix the issue as I hoped

[fabrideci]

@AButler can you reopen this issue please?

[AButler]

@fabrideci I don't have the ability to reopen the issue

[fabrideci]

@AButler I just cloned it into #25433

@rcskosir @mbfrahry @katbyte are you able to get someone looking into this? The PR that went through didn't actually solve the issue and still there's a bug preventing Terraform to work with the AzureRM provider. Thank you!

[rcskosir]

@fabrideci Thanks for reaching out! I will open this issue. I am going to close #25433 as a duplicate, since this issue is older and has the additional context with the previous PR not fixing it.

[iambaim]

@AButler, @fabrideci : I have created a pull request that hopefully will fix this problem. Perhaps you guys can give it a try and let me know? Thanks!

[fabrideci]

@iambaim it looks like you fixed it, thank you! Just tested your code locally and it went through smoothly. @rcskosir you can close this one and push it through next release steps. Speaking of, can you please let us know in what version this fix is going to be available?

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.