diff --git a/README.md b/README.md
index 9b42293..13e35b0 100644
--- a/README.md
+++ b/README.md
@@ -32,12 +32,13 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [container\_instance\_name](#input\_container\_instance\_name) | Specifies the name of the Container Group. | `string` | n/a | yes |
-| [containers](#input\_containers) | List of objects to configure containers | list(object({
name = string
image = string
cpu = number
memory = number
environment_variables = optional(map(string))
commands = optional(list(string))
ports_tcp = optional(set(string), [])
ports_udp = optional(set(string), [])
volumes = optional(list(object({
mount_path = string
name = string
storage_account_name = optional(string)
storage_account_key = optional(string)
share_name = optional(string)
})), [])
})) | n/a | yes |
+| [containers](#input\_containers) | List of objects to configure containers | list(object({
name = string
image = string
cpu = number
memory = number
environment_variables = optional(map(string))
commands = optional(list(string))
ports_tcp = optional(set(string), [])
ports_udp = optional(set(string), [])
volumes = optional(list(object({
mount_path = string
name = string
storage_account_name = optional(string)
storage_account_key = optional(string)
share_name = optional(string)
})), [])
})) | n/a | yes |
| [dns\_config\_nameservers](#input\_dns\_config\_nameservers) | A list of nameservers the containers will search out to resolve requests. | `list(string)` | `[]` | no |
+| [enable\_system\_assigned\_identity](#input\_enable\_system\_assigned\_identity) | Specifies whether to enable System Assigned identity for container instance or not | `bool` | `false` | no |
| [exposed\_ports\_tcp](#input\_exposed\_ports\_tcp) | Set of ports to expose with TCP protocol | `set(string)` | `[]` | no |
| [exposed\_ports\_udp](#input\_exposed\_ports\_udp) | Set of ports to expose with UDP protocol | `set(string)` | `[]` | no |
| [identity\_ids](#input\_identity\_ids) | Specifies a list of User Assigned Managed Identity IDs to be assigned to this Container Group. | `list(string)` | `null` | no |
-| [image\_registry\_credential](#input\_image\_registry\_credential) | List of objects to configure connection to private registry | list(object({
server = string
username = string
password = string
})) | `[]` | no |
+| [image\_registry\_credential](#input\_image\_registry\_credential) | List of objects to configure connection to private registry | list(object({
server = string
username = optional(string)
password = optional(string)
user_assigned_identity_id = optional(string)
})) | `[]` | no |
| [ip\_address\_type](#input\_ip\_address\_type) | Specifies the IP address type of the container. Public, Private or None. | `string` | `"Public"` | no |
| [location](#input\_location) | Specifies the supported Azure location where the resource exists. | `string` | n/a | yes |
| [os\_type](#input\_os\_type) | The OS for the container group. Allowed values are Linux and Windows. | `string` | `"Linux"` | no |
diff --git a/main.tf b/main.tf
index dde6eed..df3dfc5 100644
--- a/main.tf
+++ b/main.tf
@@ -9,17 +9,25 @@ resource "azurerm_container_group" "this" {
subnet_ids = var.subnet_ids
tags = var.tags
- identity {
- type = var.identity_ids == null ? "SystemAssigned" : "SystemAssigned, UserAssigned"
- identity_ids = var.identity_ids
+ dynamic "identity" {
+ for_each = (var.enable_system_assigned_identity || var.identity_ids != null) ? [1] : []
+
+ content {
+ type = join(", ", compact([
+ var.enable_system_assigned_identity ? "SystemAssigned" : "",
+ var.identity_ids != null ? "UserAssigned" : ""
+ ]))
+ identity_ids = var.identity_ids
+ }
}
dynamic "image_registry_credential" {
for_each = var.image_registry_credential
content {
- server = image_registry_credential.value.server
- username = image_registry_credential.value.username
- password = image_registry_credential.value.password
+ server = image_registry_credential.value.server
+ username = image_registry_credential.value.username
+ password = image_registry_credential.value.password
+ user_assigned_identity_id = image_registry_credential.value.user_assigned_identity_id
}
}
diff --git a/variables.tf b/variables.tf
index 5577880..a9d9276 100644
--- a/variables.tf
+++ b/variables.tf
@@ -37,6 +37,12 @@ variable "restart_policy" {
default = "Never"
}
+variable "enable_system_assigned_identity" {
+ type = bool
+ description = "Specifies whether to enable System Assigned identity for container instance or not"
+ default = false
+}
+
variable "identity_ids" {
type = list(string)
description = "Specifies a list of User Assigned Managed Identity IDs to be assigned to this Container Group."
@@ -69,9 +75,10 @@ variable "exposed_ports_udp" {
variable "image_registry_credential" {
type = list(object({
- server = string
- username = string
- password = string
+ server = string
+ username = optional(string)
+ password = optional(string)
+ user_assigned_identity_id = optional(string)
}))
description = "List of objects to configure connection to private registry"
default = []