-
Notifications
You must be signed in to change notification settings - Fork 4.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
azurerm_container_app_custom_domain
fails parsing the certificate ID for managed certificates
#25788
Comments
Hi @ghjklw thanks for opening this issue. Per the information provided, I assume that the error is reported by resource |
Hi @sinbai, Thanks for looking into it! No I am not using this resource at all, only |
I'll note that the test added in #25356 only checks for the existence of the domain, not whether the certificate is set up properly. |
I confirm the behaviour described above, in opposite to what's written in the documentation:
The managed certificate does never get created by Terraform, even though all DNS verification steps are run before. It's useless having to generate the certificate through the portal afterwards in a fully automated infra-as-code environment as where Terraform is supposed to help with. |
I'm getting this error too. Does anyone have a work around, other than not using managed certificates? |
Our workaround is using the AzAPI provider to create both the Container App and Managed Certificate. Unfortunately, due to technical constraints on both the actual Azure API and the AzAPI provider itself, we must:
|
@fabrideci Yikes, thanks for that. This isn't ideal. |
I've had success using a To bind the custom domain to the container app, use the following command: Then to create a managed certificate: And finally to bind the cert to the domain (providing the domain is already bound to the container app): I've set my script up to work for adding/removing custom domains on already deployed container apps, here's a link to the gist if anyone is curious: https://gist.github.com/LynnAU/131426847d2793c76e36548f9937f966 |
@LynnAU Wow, thanks. That's very helpful. |
This is a blocking issue for me too. I used a manual binding using the portal and now my Terraform scripts are failing. Is there a workaround available to be able to run the scripts, while using the manual binding to the custom domain? Edited -> After trying out the manual "az containerapp" way described by @LynnAU to add the certificate and binding, it works. Somehow terraform does not recognizes that new certificate and binding as something to destroy on the next "terraform apply". |
Is there an existing issue for this?
Community Note
Terraform Version
1.8.1
AzureRM Provider Version
3.101.0
Affected Resource(s)/Data Source(s)
azurerm_container_app_custom_domain
Terraform Configuration Files
Debug Output/Panic Output
Expected Behaviour
I would expect the managed certificate ID to be ignored, as defined in ignore_changes... or to be correctly parsed by accepting either
certificates
ormanagedCertificates
. In that case, when runningterraform apply
I owuld have expected to getApply complete! Resources: 0 added, 0 changed, 0 destroyed.
as the container app was already in the expected state.As a side note, when the domain was initially added, the certificate was not generated and the domain wasn't bound (
certificate_binding_type
remains set toDisabled
). I don't know if that's expected behaviour, but it's slightly unfortunate as it doesn't enable fully automated deployment.Actual Behaviour
When running
terraform apply
the first time, the custom domain name was deployed.I then triggered the certificate generation and bound it manually.
When I ran
terraform apply
again, instead of gettingApply complete! Resources: 0 added, 0 changed, 0 destroyed.
as expected, I got the error message above.Steps to Reproduce
terraform apply
to create a new container app with a custom domain nameterraform apply
againImportant Factoids
No response
References
This is a newly added resource: #25356
The text was updated successfully, but these errors were encountered: