Search code examples
azure-cliazure-container-apps

The JSON value could not be converted to System.Nullable`1[Microsoft.ContainerApps.ApiResources.Models.UnauthenticatedClientAction

I have an Azure Container App and I want to enable Authentication with Azure CLI:
az containerapp auth update

resourceGroup='lorem'
appName='ipsum'
az containerapp auth update --resource-group $resourceGroup --name $appName --enabled true --unauthenticated-client-action RejectWith401

This results in the following error:

Bad Request({"type":"https://tools.ietf.org/html/rfc7231#section-6.5.1","title":"One or more validation errors occurred.","status":400,"traceId":"00-13a7f69e4ce3b84f82e3b7d2c0425143-5ec6db570ab2989b-01","errors":{"$.properties.globalValidation.unauthenticatedClientAction":["The JSON value could not be converted to System.Nullable`1[Microsoft.ContainerApps.ApiResources.Models.UnauthenticatedClientAction]. Path: $.properties.globalValidation.unauthenticatedClientAction | LineNumber: 0 | BytePositionInLine: 114."]}})

The Optional Parameters support this:

--action --unauthenticated-client-action
The action to take when an unauthenticated client attempts to access the app. accepted values:
AllowAnonymous, RedirectToLoginPage, RejectWith401, RejectWith404

The same error is returned when I use

--action RejectWith401

It's working in Azure Portal, but I need this in the CI/CD pipeline.

Azure Portal - Authentication settings

Solution

  • I found a similar problem at StackOverflow:
    Unable to set unauthenticatedClientAction with Az module or Az/CLI

    --set properties.siteAuthSettings.unauthenticatedClientAction=AllowAnonymous

    The --set parameter is also present for az containerapp:
    ContainerApp --set

    --set
    Value of a specific field within the configuration settings for the Azure App Service Authentication / Authorization feature.

    After enabling Authentication in Azure Portal, Azure CLI returned for show:

    resourceGroup='lorem'
appName='ipsum'
az containerapp auth show --resource-group $resourceGroup --name $appName

    {
  "globalValidation": {
    "unauthenticatedClientAction": "Return401"
  },...
}

    Based on the gathered information I was successful enabling Authentication with:

    resourceGroup='lorem'
appName='ipsum'
az containerapp auth update --resource-group $resourceGroup --name $appName --enabled true --set globalValidation.unauthenticatedClientAction=Return401

    {
  "name": "current",
  "properties": {
    "globalValidation": {
      "unauthenticatedClientAction": "Return401"
    },...
    "platform": {
      "enabled": true
    }
  },
  "resourceGroup": "lorem",
  "type": "Microsoft.App/containerapps/authconfigs"
}