Terraform-provider-azurerm: Support for azurerm_app_service_certificate for App Service Environments

Created on 9 Dec 2019 · 5Comments · Source: terraform-providers/terraform-provider-azurerm

I cannot get my app services that reside in an ASE to recognize that I uploaded a cert for them to use when using terraform. If I upload the cert in the WebGUI, the cert shows up as a valid cert for Custom Domain SSL binding.

Comparing the JSON between the WebGUI upload and the terraform apply, I see this JSON block is missing when you run terraform:

        "hostingEnvironmentProfile": {
            "id": "/subscriptions/0xxxxxxxxxxxx/resourceGroups/rsg_name/providers/Microsoft.Web/hostingEnvironments/ase_name",
            "name": "ase_name",
            "type": "Microsoft.Web/hostingEnvironments"
        },

this hostingEnvironmentProfile parameter is not an available option in azure terraform provider. Without this parameter when you're using ASE, the cert is uploaded, but not useable by any ASE app services.

Current code in terraform:

resource "azurerm_app_service_certificate" "cert_upload" {
  name                = "appsrv-cert"
  resource_group_name = "rsg_name"
  location            = "eastus"
  pfx_blob            = "${base64encode(file("cert_file.pfx"))}"
  password            = "12345"
}

enhancement servicapp-service

Source

milagrofrost

👍5

Most helpful comment

I ran in to the same problem and believe it can be resolved with just a slight change. I forked and modified the certificates resource definition and tested and this seems to work. Happy to PR if desired.

https://github.com/wmdave/terraform-provider-azurerm/blob/master/azurerm/internal/services/web/resource_arm_app_service_certificate.go

Tested with TF file like

resource "azurerm_app_service_certificate" "tf-fds-demo-01-torbit-cert" {
  name                           = "a-certificate-name"
  resource_group_name            = "a-resource-group-name"
  location                       = "southcentralus"
  pfx_blob                       = filebase64("a-pfx-file.pfx")
  password                       = "not-the-password"
  hosting_environment_profile_id = "/subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/Microsoft.Web/hostingEnvironments/<ase-name>"

wmdave on 30 Jan 2020

👍5

All 5 comments

https://github.com/wmdave/terraform-provider-azurerm/blob/master/azurerm/internal/services/web/resource_arm_app_service_certificate.go

Tested with TF file like

resource "azurerm_app_service_certificate" "tf-fds-demo-01-torbit-cert" {
  name                           = "a-certificate-name"
  resource_group_name            = "a-resource-group-name"
  location                       = "southcentralus"
  pfx_blob                       = filebase64("a-pfx-file.pfx")
  password                       = "not-the-password"
  hosting_environment_profile_id = "/subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/Microsoft.Web/hostingEnvironments/<ase-name>"

wmdave on 30 Jan 2020

👍5

@wmdave - happy to accept a pr 🙂

katbyte on 24 May 2020

PR Created. https://github.com/terraform-providers/terraform-provider-azurerm/pull/7087

wmdave on 26 May 2020

Fixed via #7087

tombuildsstuff on 28 Aug 2020

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!