Skip to content

"az containerapp job create" does not recognize *.azurecr.us registry domain as one that can use identity instead of username:password for auth #32194

Description

@bitdeft

Describe the bug

When invoking the command, if you supply an ACR domain with *azurecr.us, which is used in usgov / GCCH tenants for Azure Container Registry, it requires --registry-username and --registry-password instead of allowing the use of --registry-identitiy for auth with an MSI.

Related command

az containerapp job create

Errors

Usage error: --registry-server, --registry-password and --registry-username are required together if not using Azure Container Registry

Issue script & Debug output

It doesn't pass validation, likely the domain for the usgov regions azurecr.us needs to be added.

File "/usr/lib64/az/lib/python3.12/site-packages/knack/cli.py", line 233, in invoke
    cmd_result = self.invocation.execute(args)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/az/lib/python3.12/site-packages/azure/cli/core/commands/__init__.py", line 654, in execute
    self._validation(expanded_arg)
  File "/usr/lib64/az/lib/python3.12/site-packages/knack/invocation.py", line 113, in _validation
    self._validate_arg_level(parsed_ns)
  File "/usr/lib64/az/lib/python3.12/site-packages/azure/cli/core/commands/__init__.py", line 925, in _validate_arg_level
    validator(**self._build_kwargs(validator, ns))
  File "/usr/lib64/az/lib/python3.12/site-packages/azure/cli/command_modules/containerapp/_validators.py", line 110, in validate_registry_server
    raise ValidationError("Usage error: --registry-server, --registry-password and --registry-username are required together if not using Azure Container Registry")
azure.cli.core.azclierror.ValidationError: Usage error: --registry-server, --registry-password and --registry-username are required together if not using Azure Container Registry

Expected behavior

This is targeting an azure container registry, not a docker one. It should accept managed identity for auth.

Environment Summary

From Azure Cloud Shell:

azure-cli                         2.76.0 *

core                              2.76.0 *
telemetry                          1.1.0

Extensions:
ml                                2.38.0
ssh                                2.0.6

Dependencies:
msal                            1.33.0b1
azure-mgmt-resource               23.3.0

Python location '/usr/bin/python3.12'
Config directory '/home/bryce/.azure'
Extensions directory '/home/bryce/.azure/cliextensions'
Extensions system directory '/usr/lib/python3.12/site-packages/azure-cli-extensions'

Additional context

I am fairly certain that using an identity for pulling the image is supported in these tenants, but if I am wrong, and that is not the case then this is expected behavior. Thanks!

Metadata

Metadata

Assignees

No one assigned

    Labels

    Auto-AssignAuto assign by botAuto-ResolveAuto resolve by botContainerAppService AttentionThis issue is responsible by Azure service team.act-observability-squadbugThis issue requires a change to an existing behavior in the product in order to be resolved.customer-reportedIssues that are reported by GitHub users external to the Azure organization.

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions