[Container App] Fix managed identity resource ID corrupted by camelCase normalization when using --yaml#33350
Draft
Copilot wants to merge 2 commits into
Draft
[Container App] Fix managed identity resource ID corrupted by camelCase normalization when using --yaml#33350Copilot wants to merge 2 commits into
Copilot wants to merge 2 commits into
Conversation
️✔️AzureCLI-FullTest
|
️✔️AzureCLI-BreakingChangeTest
|
microsoft-github-policy-service
Bot
requested review from
Greedygre,
JennyLawrance,
Juliehzl,
chinadragon0515,
ebencarek,
howang-ms,
jijohn14,
jsntcy,
pagariyaalok,
ruslany,
sanchitmehta,
torosent,
vinisoto,
vturecek,
wangzelin007,
yanzhudd,
yonzhan and
zhoxing-ms
When az containerapp create --yaml is used with userAssignedIdentities, the keys (ARM resource IDs) were incorrectly camelCased by _convert_object_from_snake_to_camel_case, corrupting underscores in resource group names (e.g. _NAME_PARTS -> NameParts). Fix: skip camelCase conversion for keys that start with '/' (ARM resource IDs). Add unit test to verify the fix. Agent-Logs-Url: https://github.com/Azure/azure-cli/sessions/16735815-60d3-490a-8345-5bb464d4ba68 Co-authored-by: a0x1ab <59631311+a0x1ab@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Fix managed identity ID issue in az containerapp create
[Container App] Fix managed identity resource ID corrupted by camelCase normalization when using --yaml
May 11, 2026
Collaborator
|
Container App |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Related command
az containerapp create --yamlDescription
When
--yamlspecifiesidentity.userAssignedIdentitieswith ARM resource ID keys containing underscores (e.g. resource groups namedMY_RG_NAME), the CLI corrupts those keys by applying camelCase normalization —MY_RG_NAMEbecomesMyRgName— causing ARM to reject the request withLinkedAuthorizationFailed.Root cause:
_convert_object_from_snake_to_camel_caseblindly converts all dict keys. When it reaches theuserAssignedIdentitiesdict, the ARM resource ID strings used as keys get camelCased alongside legitimate snake_case property names.Fix:
_utils.py: Skip camelCase conversion for keys starting with/(ARM resource IDs are always absolute paths). One-line guard added to_convert_object_from_snake_to_camel_case.test_containerapp_utils.py: Unit test added to assert ARM resource ID keys with underscores survive the conversion intact.Testing Guide
# Unit test (no live resources needed) python -m unittest azure.cli.command_modules.containerapp.tests.latest.test_containerapp_utils.UtilsTest.test_convert_object_from_snake_to_camel_case_preserves_arm_resource_id_keysTo reproduce the original failure, use a YAML with a resource group name containing underscores in
identity.userAssignedIdentitiesand verify the request body sent to ARM preserves the exact resource ID.History Notes
[Container App]
az containerapp create: Fix managed identity resource ID corrupted when resource group name contains underscores and--yamlis usedThis checklist is used to make sure that common guidelines for a pull request are followed.
The PR title and description has followed the guideline in Submitting Pull Requests.
I adhere to the Command Guidelines.
I adhere to the Error Handling Guidelines.