Skip to content

"az containerapp job create" does not recognize *.azurecr.us registry domain as one that can use identity instead of username:password for auth #32194

New issue
New issue
Open
Open
"az containerapp job create" does not recognize *.azurecr.us registry domain as one that can use identity instead of username:password for auth#32194
Labels
Auto-AssignAuto assign by botAuto-ResolveAuto resolve by botContainerAppService AttentionThis issue is responsible by Azure service team.bugThis issue requires a change to an existing behavior in the product in order to be resolved.customer-reportedIssues that are reported by GitHub users external to the Azure organization.
@bitdeft

Description

@bitdeft
bitdeft
opened on Sep 29, 2025

Describe the bug

When invoking the command, if you supply an ACR domain with *azurecr.us, which is used in usgov / GCCH tenants for Azure Container Registry, it requires --registry-username and --registry-password instead of allowing the use of --registry-identitiy for auth with an MSI.

Related command

az containerapp job create

Errors

Usage error: --registry-server, --registry-password and --registry-username are required together if not using Azure Container Registry

Issue script & Debug output

It doesn't pass validation, likely the domain for the usgov regions azurecr.us needs to be added.

File "/usr/lib64/az/lib/python3.12/site-packages/knack/cli.py", line 233, in invoke
    cmd_result = self.invocation.execute(args)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/az/lib/python3.12/site-packages/azure/cli/core/commands/__init__.py", line 654, in execute
    self._validation(expanded_arg)
  File "/usr/lib64/az/lib/python3.12/site-packages/knack/invocation.py", line 113, in _validation
    self._validate_arg_level(parsed_ns)
  File "/usr/lib64/az/lib/python3.12/site-packages/azure/cli/core/commands/__init__.py", line 925, in _validate_arg_level
    validator(**self._build_kwargs(validator, ns))
  File "/usr/lib64/az/lib/python3.12/site-packages/azure/cli/command_modules/containerapp/_validators.py", line 110, in validate_registry_server
    raise ValidationError("Usage error: --registry-server, --registry-password and --registry-username are required together if not using Azure Container Registry")
azure.cli.core.azclierror.ValidationError: Usage error: --registry-server, --registry-password and --registry-username are required together if not using Azure Container Registry

Expected behavior

This is targeting an azure container registry, not a docker one. It should accept managed identity for auth.

Environment Summary

From Azure Cloud Shell:

azure-cli                         2.76.0 *

core                              2.76.0 *
telemetry                          1.1.0

Extensions:
ml                                2.38.0
ssh                                2.0.6

Dependencies:
msal                            1.33.0b1
azure-mgmt-resource               23.3.0

Python location '/usr/bin/python3.12'
Config directory '/home/bryce/.azure'
Extensions directory '/home/bryce/.azure/cliextensions'
Extensions system directory '/usr/lib/python3.12/site-packages/azure-cli-extensions'

Additional context

I am fairly certain that using an identity for pulling the image is supported in these tenants, but if I am wrong, and that is not the case then this is expected behavior. Thanks!

Metadata

Metadata

Assignees

No one assigned

    Labels

    Auto-AssignAuto assign by botAuto-ResolveAuto resolve by botContainerAppService AttentionThis issue is responsible by Azure service team.bugThis issue requires a change to an existing behavior in the product in order to be resolved.customer-reportedIssues that are reported by GitHub users external to the Azure organization.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions