I have a azure app service that is provisioned by Terraform. The app service fires up the docker image from Azure ACR there fore it need to access the ACR. I'm currently using the password and login name method in my Terraform configuration. How can I make the azure app service to access the ACR by service principle role assignment in Terraform?
resource "azurerm_app_service" "tf_app_service" {
name = var.application_name
location = azurerm_resource_group.tf_resource_group.location
resource_group_name = azurerm_resource_group.tf_resource_group.name
app_service_plan_id = azurerm_app_service_plan.tf_service_plan.id
site_config {
always_on = true
linux_fx_version = "DOCKER|${var.acr_name}.azurecr.io/${var.img_repo_name}:${var.tag}"
}
// How to use role assignment?
app_settings = {
DOCKER_REGISTRY_SERVER_URL = // need to avoid docker URL
WEBSITES_ENABLE_APP_SERVICE_STORAGE = "false"
DOCKER_REGISTRY_SERVER_USERNAME = // need to avoid user name
DOCKER_REGISTRY_SERVER_PASSWORD = // need to avoid PW
}
identity {
type = "SystemAssigned"
}
tags = {
environment = var.environment
DeployedBy = "terraform"
}
}
The steps to use a Service Principle to access ACR are lined out here.
So to do the same in Terraform, you need to first create a new service principle. Then assign a password to it. Afterwards you should be able to use those two to fill the app settings of your app service.