azurerm_container_app_custom_domain - fix parsing the certificate ID error

[sinbai]

Community Note

• Please vote on this PR by adding a 👍 reaction to the original PR to help the community and maintainers prioritize for review
• Please do not leave "+1" or "me too" comments, they generate extra noise for PR followers and do not help prioritize for review

Description

• The Certificate Id returned from API has two possible values. When using an Azure created Managed Certificate, its format is "/subscriptions/%s/resourceGroups/%s/providers/Microsoft.App/managedEnvironments/%s/managedCertificates/%s", another format is "/subscriptions/%s/resourceGroups/%s/providers/Microsoft.App/managedEnvironments/%s/certificates/%s",
  we should handle both cases to avoid parsing error to fix azurerm_container_app_custom_domain fails parsing the certificate ID for managed certificates #25788 .

• Fix following 'run bash ./scripts/fun-gradually-deprecated.sh' error.

  

PR Checklist

• I have followed the guidelines in our Contributing Documentation.
• I have checked to ensure there aren't other open Pull Requests for the same update/change.
• I have checked if my changes close any open issues. If so please include appropriate closing keywords below.
• I have updated/added Documentation as required written in a helpful and kind way to assist users that may be unfamiliar with the resource / data source.
• I have used a meaningful PR title to help maintainers and other users understand this change and help prevent duplicate work.

Changes to existing Resource / Data Source

• I have added an explanation of what my changes do and why I'd like you to include them (This may be covered by linking to an issue above, but may benefit from additional explanation).
• I have written new tests for my resource or datasource changes & updated any relevent documentation.
• I have successfully run tests with my changes locally. If not, please provide details on testing challenges that prevented you running the tests.
• (For changes that include a state migration only). I have manually tested the migration path between relevant versions of the provider.

This is a (please select all that apply):

• Bug Fix
• New Feature (ie adding a service, resource, or data source)
• Enhancement
• Breaking Change

Related Issue(s)

Fixes #25788

[tombuildsstuff]

These are two different Resource Types within the API - Microsoft.App/managedEnvironments/certificates and Microsoft.App/managedEnvironments/managedCertificates - so should be exposed as two different properties on our side.

Presumably that'd mean introducing a new property container_app_environment_managed_certificate_id to go alongside the existing container_app_environment_certificate_id - what's the reasoning for shoe-horning these into a single field?

[sinbai]

Thanks for your feedback. The code has been updated. Could you please take another look?

[tombuildsstuff]

Since it's also possible to create/delete/read Managed Certificates I suspect we'll need an associated data source/resource to manage those, so that this is usable?

[sinbai]

I assume that this parsing issue is introduced by support the ability to use Azure Managed Certificates PR. Per the PR's description "This is required to support the automatic creation of Azure Managed Certificates. This PR is in Draft as we are considering design options and may significantly change how this is implemented before inclusion in the provider", I assume that there may be a special reason for not using Managed Certificates API , although I don't know what the reason is. Now that TF already supports Managed Certificates through azurerm_container_app_custom_domain, is it possible to fix the parsing error to unlock the user first?