Support for acr_use_managed_identity_credentials in azurerm_function_app

[mickare]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

The resource for Azure Function App azurerm_function_app is missing the acr_use_managed_identity_credentials property in site_config.

It was already added for the azurerm_app_service resource in the PR #12745 .

New or Affected Resource(s)

• azurerm_function_app

Potential Terraform Configuration

resource "azurerm_resource_group" "example" {
  name     = "azure-functions-cptest-rg"
  location = "West Europe"
}

resource "azurerm_storage_account" "example" {
  name                     = "functionsapptestsa"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "LRS"
}

resource "azurerm_container_registry" "example" {
  name                = "crcrmyregistry"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  sku                 = "Premium"
  admin_enabled       = true
}

resource "azurerm_app_service_plan" "example" {
  name                = "azure-functions-test-service-plan"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  kind                = "Linux"
  reserved            = true

  sku {
    tier     = "Standard"
    size     = "S1"
    capacity = 1
  }
}

resource "azurerm_function_app" "example" {
  name                       = "test-azure-functions"
  location                   = azurerm_resource_group.example.location
  resource_group_name        = azurerm_resource_group.example.name
  app_service_plan_id        = azurerm_app_service_plan.example.id
  storage_account_name       = azurerm_storage_account.example.name
  storage_account_access_key = azurerm_storage_account.example.primary_access_key
  os_type                    = "linux"
  version                    = "~3"


  identity {
    type = "SystemAssigned"
  }
  site_config {
    linux_fx_version                     = "DOCKER|${azurerm_container_registry.example.login_server}/image:tag"
    acr_use_managed_identity_credentials = true 
  }
  app_settings = {
    "WEBSITES_ENABLE_APP_SERVICE_STORAGE" = false
  }
}


resource "azurerm_role_assignment" "example" {
  count                = length(azurerm_function_app.example.identity)
  scope                = azurerm_container_registry.example.id
  role_definition_name = "AcrPull"
  principal_id         = azurerm_function_app.example.identity[count.index].principal_id
}

References

• azurerm_app_service - support for the acr_use_managed_identity_creds and acr_user_managed_identity_id properties #12745

[mickare]

It is possible to update the function app by hand:

az functionapp update \
    --name "test-azure-functions" \
    --resource-group "azure-functions-cptest-rg" \
    --set "siteConfig.acrUseManagedIdentityCreds=true"

[mickare]

It seems that this will be solved in version 3? See #15884

[rcskosir]

Thanks for opening this issue. The azurerm_function_app resource is deprecated in version 3. 0 and will be removed in version 4.0 - so I'd suggest moving to the azurerm_linux_function_app and azurerm_windows_function_app resources instead.
If this feature request has not been satisfied in 3.x version of the provider for azurerm_linux_function_app and azurerm_windows_function_app resources please do let us know by opening a new feature request, thanks!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.