Cannot remove secrets from Container Apps at this time due to a limitation in the Container Apps Service

[msingh0101]

Terraform Version

Terraform v1.5.7
on linux_amd64
+ provider registry.terraform.io/hashicorp/azuread v2.41.0
+ provider registry.terraform.io/hashicorp/azurerm v3.71.0

Terraform Configuration Files

what config are you looking for here? do you mean the terraform code?

Debug Output

none

Expected Behavior

should work

Actual Behavior

I can build my container app successfully with the below code:

resource "azurerm_container_app" "aca" {
  name = "${var.name_prefix}-aca"

  container_app_environment_id = azurerm_container_app_environment.app_env.id
  resource_group_name          = azurerm_resource_group.rg.name
  revision_mode                = "Single"

  secret {
    name  = "password"
    value = data.azurerm_container_registry.acr.admin_password
  }

  registry {
    server               = data.azurerm_container_registry.acr.login_server
    username             = data.azurerm_container_registry.acr.admin_username
    password_secret_name = "password"
  }


  ingress {
    allow_insecure_connections = false
    external_enabled           = true
    target_port                = 5000
    traffic_weight {
      latest_revision = true
      percentage = 100
    }
  }

  template {
    container {
      name    = "${var.name_prefix}-data-svc"
      image   = "${data.azurerm_container_registry.acr.login_server}/${var.name_prefix}_app:latest"
      cpu     = 0.25
      memory  = "0.5Gi"
    }
  }

  tags = var.tags

  #depends_on = [azurerm_container_app_environment.app_env]
}

However, if i then use azure portal to add A/D authentication to my container app (cause im not sure how to do that in terraform), and afterwards if i run a terraform apply once more, i get the error below:

│ Error: cannot remove secrets from Container Apps at this time due to a limitation in the Container Apps Service. Please see `https://github.com/microsoft/azure-container-apps/issues/395` for more details
│ 
│   with azurerm_container_app.aca,
│   on main.tf line 50, in resource "azurerm_container_app" "aca":
│   50: resource "azurerm_container_app" "aca" {

The issue referenced in the error (microsoft/azure-container-apps#395) indicates this is a terraform issue - but i do not see any similar issue ticket in this repo. Wondering if this was addressed and if so, why is it happening and how do i resolve this?
After receiving this error, one can no longer run a terraform apply or destroy.

Steps to Reproduce

1. Create a Container App using secrets for accessing the ACR
2. after container app is built, make a change using azure portal to add Microsoft A/D authentication
3. Run a terraform apply on your script once more

Additional Context

Issue ticket from azure container apps github: microsoft/azure-container-apps#395

References

No response

[kmoe]

This error is being returned by the azurerm provider, which has a separate repository. It looks like there's been some discussion there on related issues already: hashicorp/terraform-provider-azurerm#21739, hashicorp/terraform-provider-azurerm#20435. If these do not cover your issue, please open a new one at https://github.com/hashicorp/terraform-provider-azurerm/issues. Thanks!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.