-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
azurerm_container_app_custom_domain
fails parsing the certificate ID for managed certificates
#25788
Comments
Hi @ghjklw thanks for opening this issue. Per the information provided, I assume that the error is reported by resource |
Hi @sinbai, Thanks for looking into it! No I am not using this resource at all, only |
I'll note that the test added in #25356 only checks for the existence of the domain, not whether the certificate is set up properly. |
I confirm the behaviour described above, in opposite to what's written in the documentation:
The managed certificate does never get created by Terraform, even though all DNS verification steps are run before. It's useless having to generate the certificate through the portal afterwards in a fully automated infra-as-code environment as where Terraform is supposed to help with. |
I'm getting this error too. Does anyone have a work around, other than not using managed certificates? |
Our workaround is using the AzAPI provider to create both the Container App and Managed Certificate. Unfortunately, due to technical constraints on both the actual Azure API and the AzAPI provider itself, we must:
|
@fabrideci Yikes, thanks for that. This isn't ideal. |
I've had success using a To bind the custom domain to the container app, use the following command: Then to create a managed certificate: And finally to bind the cert to the domain (providing the domain is already bound to the container app): I've set my script up to work for adding/removing custom domains on already deployed container apps, here's a link to the gist if anyone is curious: https://gist.github.com/LynnAU/131426847d2793c76e36548f9937f966 |
@LynnAU Wow, thanks. That's very helpful. |
This is a blocking issue for me too. I used a manual binding using the portal and now my Terraform scripts are failing. Is there a workaround available to be able to run the scripts, while using the manual binding to the custom domain? Edited -> After trying out the manual "az containerapp" way described by @LynnAU to add the certificate and binding, it works. Somehow terraform does not recognizes that new certificate and binding as something to destroy on the next "terraform apply". |
Thanks to @LynnAU for the awesome script. I had to make some tweaks to get it working. The final command to bind the hostname and certificate failed for me. Running it with --debug revealed that it fails because, when only specifying a certificate name, the Azure CLI only looks in the "certificates" resource namespace when managed certificates live in "managedCertificates". The workaround was to use the managed certificate resource ID, rather than the name. I've left a note on the gist, and raised a bug for the CLI issue here: Azure/azure-cli#29119 |
I've been having the same issue, the script provided by @LynnAU works, but when the state gets refreshed on subsequent runs the error still occurs. Any ideas? resource "azurerm_container_app_custom_domain" "app_domain" {
container_app_id = azurerm_container_app.web_app.id
name = "my.domain.com"
provisioner "local-exec" {
command = "chmod +x ./scripts/bind-custom-domain.sh; ./scripts/bind-custom-domain.sh" # Based on working dir set in github action
environment = {
RESOURCE_GROUP = data.azurerm_resource_group.resource_group.name
CONTAINER_APP_ENV_NAME = azurerm_container_app_environment.container_app_environment.name
CUSTOM_DOMAIN = "my.domain.com"
CONTAINER_APP_NAME = azurerm_container_app.web_app.name
}
}
} |
@thomasdewulf For this workaround you need to forgo using the azurerm_container_app_custom_domain resource entirely and use a null_resource resource to execute the local-exec in. If you want it to also destroy the domain on a terraform destroy you will have to add a script that does that with a when argument of 'destroy' |
Glad you liked the script guys, I'm back with some updates. I've tweaked my create script to add some more checks prior to provisioning a certificate and included a destroy script for cleanup. The gist now also contains some terraform files to execute the scripts for you, just need to place the I've added a DNS check using @thomasdewulf bolsteryorick is correct, you need to use a @1TT-Chris Cheers for leaving feedback, weird that you had to change those lines. I wonder if it's to do with the AZCLI version I use, which is |
Is there any update on this? Still it's not possible to use |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Is there an existing issue for this?
Community Note
Terraform Version
1.8.1
AzureRM Provider Version
3.101.0
Affected Resource(s)/Data Source(s)
azurerm_container_app_custom_domain
Terraform Configuration Files
Debug Output/Panic Output
Expected Behaviour
I would expect the managed certificate ID to be ignored, as defined in ignore_changes... or to be correctly parsed by accepting either
certificates
ormanagedCertificates
. In that case, when runningterraform apply
I owuld have expected to getApply complete! Resources: 0 added, 0 changed, 0 destroyed.
as the container app was already in the expected state.As a side note, when the domain was initially added, the certificate was not generated and the domain wasn't bound (
certificate_binding_type
remains set toDisabled
). I don't know if that's expected behaviour, but it's slightly unfortunate as it doesn't enable fully automated deployment.Actual Behaviour
When running
terraform apply
the first time, the custom domain name was deployed.I then triggered the certificate generation and bound it manually.
When I ran
terraform apply
again, instead of gettingApply complete! Resources: 0 added, 0 changed, 0 destroyed.
as expected, I got the error message above.Steps to Reproduce
terraform apply
to create a new container app with a custom domain nameterraform apply
againImportant Factoids
No response
References
This is a newly added resource: #25356
The text was updated successfully, but these errors were encountered: