You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The post-apply verification recipe for the scheduled-task secret migration (issue #50 / PR #74) references az logicapp show, but az logicapp targets Logic Apps Standard (Microsoft.Web/sites with kind=workflowapp). The Terraform here provisions Logic Apps Consumption (Microsoft.Logic/workflows via azurerm_logic_app_workflow). Running az logicapp show -n <wf> against a Consumption workflow returns ResourceNotFound.
The correct command (az logic workflow show) requires the logic extension, which currently fails to install on at least one local environment (Pip status 1 under brewed azure-cli + Python ≥ 3.12), so a recipe that depends on it is fragile too. The reliable, extension-free form is:
After the #50 fix, get-secret should show authentication.type = "ManagedServiceIdentity" and audience https://vault.azure.net; the three call-*-endpoint actions should reference @body('get-secret')['value'] in the Authorization header — no plaintext.
Surfaces to fix
terraform/modules/compute/azure/container-apps/scheduled-tasks.tf:13 — header comment says az logicapp show. Source-tree fix; lands via a small PR against feat/multicloud-web-frontend.
The fix is shipped and merged, but the operator-only post-apply check is still pending a real Azure deployment. Whoever runs that check next will follow the recipe in either #50, #74, or the source comment — all three currently send them down a dead end (wrong SKU, plus a broken extension).
Severity
Low — doc/comment only, no runtime impact.
Effort
Small — one-line comment fix in scheduled-tasks.tf, plus two corrective comments on the closed issue/PR.
Summary
The post-apply verification recipe for the scheduled-task secret migration (issue #50 / PR #74) references
az logicapp show, butaz logicapptargets Logic Apps Standard (Microsoft.Web/siteswithkind=workflowapp). The Terraform here provisions Logic Apps Consumption (Microsoft.Logic/workflowsviaazurerm_logic_app_workflow). Runningaz logicapp show -n <wf>against a Consumption workflow returnsResourceNotFound.The correct command (
az logic workflow show) requires thelogicextension, which currently fails to install on at least one local environment (Pip status 1 under brewedazure-cli+ Python ≥ 3.12), so a recipe that depends on it is fragile too. The reliable, extension-free form is:After the #50 fix,
get-secretshould showauthentication.type = "ManagedServiceIdentity"and audiencehttps://vault.azure.net; the threecall-*-endpointactions should reference@body('get-secret')['value']in theAuthorizationheader — no plaintext.Surfaces to fix
terraform/modules/compute/azure/container-apps/scheduled-tasks.tf:13— header comment saysaz logicapp show. Source-tree fix; lands via a small PR againstfeat/multicloud-web-frontend.az logic show -n <wf>. Edit the merged PR body or post a corrective comment.az logicapp show --name <wf>. Closed; post a corrective comment so anyone landing here from search has the right recipe.Why now
The fix is shipped and merged, but the operator-only post-apply check is still pending a real Azure deployment. Whoever runs that check next will follow the recipe in either #50, #74, or the source comment — all three currently send them down a dead end (wrong SKU, plus a broken extension).
Severity
Low — doc/comment only, no runtime impact.
Effort
Small — one-line comment fix in
scheduled-tasks.tf, plus two corrective comments on the closed issue/PR.