webapp config container set overwrites DOCKER_* app settings

[SophieDeBenedetto]

az feedback auto-generates most of the information requested below, as of CLI version 2.0.62

Describe the bug
When using the webapp config container set command to apply a new container image to an Azure App Service app deployment slot, the following occurs:

• These app settings (DOCKER_REGISTRY_SERVER, DOCKER_REGISTRY_USERNAME, DOCKER_REGISTRY_PASSWORD) are overwritten with
  • The docker-registry-server-url passed to the webapp config container set command
  • The username and password used to authenticate against the Docker registry in the environment in which you run the webapp config container set command
• The "deployment center" page populates the server URL, login and password with the same data points as described in the previous bullet.

So, if you set those settings in app settings and the deployment center to point to values that are key vault references, then every deploy overwrites them with the raw values.

To Reproduce

• Set the docker env vars in app settings for the app slot above to read from key vault by setting their values to key vault references
• Log into your Azure Docker Registry with your username and password
• Apply a new container image to the app slot like this:

az webapp config container set --name <app name> \
          --slot canary \
          --resource-group <resource group>\
          --docker-custom-image-name <image name>\
          --docker-registry-server-url <server name>

• View the app settings for that app slot and see that for those three DOCKER_* settings, their values now contain raw values.
• View the Deployment Center for that app slot and see that the login, username, and password are now also overwritten with raw values.

Expected behavior
Deploys using the webapp config container set command do not overwrite deployment center values or app settings with raw values where they were previously set to key vault references.

Environment summary
We're running this series of steps inside a GitHub action using:

• https://github.com/Azure/cli v1
• https://github.com/Azure/docker-login

[yonzhan]

route to CXP team

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @antcp, @AzureAppServiceCLI.

Issue Details

---

az feedback auto-generates most of the information requested below, as of CLI version 2.0.62

Describe the bug
When using the webapp config container set command to apply a new container image to an Azure App Service app deployment slot, the following occurs:

• These app settings (DOCKER_REGISTRY_SERVER, DOCKER_REGISTRY_USERNAME, DOCKER_REGISTRY_PASSWORD) are overwritten with
  • The docker-registry-server-url passed to the webapp config container set command
  • The username and password used to authenticate against the Docker registry in the environment in which you run the webapp config container set command
• The "deployment center" page populates the server URL, login and password with the same data points as described in the previous bullet.

So, if you set those settings in app settings and the deployment center to point to values that are key vault references, then every deploy overwrites them with the raw values.

To Reproduce

• Set the docker env vars in app settings for the app slot above to read from key vault by setting their values to key vault references
• Log into your Azure Docker Registry with your username and password
• Apply a new container image to the app slot like this:

az webapp config container set --name <app name> \
          --slot canary \
          --resource-group <resource group>\
          --docker-custom-image-name <image name>\
          --docker-registry-server-url <server name>

• View the app settings for that app slot and see that for those three DOCKER_* settings, their values now contain raw values.
• View the Deployment Center for that app slot and see that the login, username, and password are now also overwritten with raw values.

Expected behavior
Deploys using the webapp config container set command do not overwrite deployment center values or app settings with raw values where they were previously set to key vault references.

Environment summary
We're running this series of steps inside a GitHub action using:

• https://github.com/Azure/cli v1
• https://github.com/Azure/docker-login

Author:	SophieDeBenedetto
Assignees:	evelyn-ys
Labels:	Web Apps, Service Attention, App Services, customer-reported, feature-request, Auto-Assign
Milestone:	Backlog