I have a service principal in one tenant that needs access to an Azure Container Registry in another tenant. However, I am not sure as to how to create the azurerm_role_assignment for the same. Is there a way to configure the service principal as multi-tenant such that it can have role assignments in both the tenants accordingly?
Firstly set available_to_other_tenants = true for the azure ad application and service principal in terraform.
Now that the service principal exists in your tenant, the quickest method to make the service principal created into another tenant is using admin consent.
https://login.microsoftonline.com/{tenant-id}/adminconsent?client_id={client-id}
Replace the {tenant-id} with the real tenant id of "another tenant". {client-id} is the application id of the azure ad app or service principal.
Access the url in a browser. Use an admin account of "another tenant" to sign in to accept the permissions. Then the service principal will be created in "another tenant".
Now you can create the azurerm_role_assignemnt for the new service principal (it's a different service principal from the original one and it is how multiple tenant application works) created in the "another tenant".