Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

azurerm_app_service_managed_certificate stuck in create loop when app and service plan are in different resource groups #9699

Closed
AdamCoulterOz opened this issue Dec 6, 2020 · 3 comments · Fixed by #9701
Closed

azurerm_app_service_managed_certificate stuck in create loop when app and service plan are in different resource groups #9699

AdamCoulterOz opened this issue Dec 6, 2020 · 3 comments · Fixed by #9701
Assignees
@jackofallops
Labels
bug service/app-service v/2.x (legacy)
Milestone
v2.40.0

Comments

@AdamCoulterOz
Copy link
Contributor

Versions

Terraform v0.13.5

  • provider registry.terraform.io/hashicorp/azurerm v2.39.0

Affected Resource

  • azurerm_app_service_managed_certificate

Problem

Resource creation is stuck waiting for resource creation even though the resource is already created. This happens when the web app and the service plan are in different resource groups. This is because the certificate is force created in the app service plan resource group by ARM even if the resource group specified is that of the app.

This needs to be fixed by looking up the resource group of the app service plan, and specifying that as the resource group of the certificate explicitly. If this isn't don't, ARM does it implicitly anyway, which is why the created certificate resource isn't found.

Terraform Configuration Files

locals {
  location = "australiaeast"

  //existing dns_zone details
  dns_name = "example.com"
  dns_rg   = "mydnsrg"
  dns_sub  = "xxxxxxxxx-xxxxxx-xxxxxxx-xxxxxx"
}

resource "random_integer" "id" {
  min     = 1
  max     = 50000
}

provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "app" {
  name     = "test-app"
  location = local.location
}

resource "azurerm_resource_group" "host" {
  name     = "test-host"
  location = local.location
}

resource "azurerm_app_service_plan" "example" {
  name                = "appserviceplan"
  location            = azurerm_resource_group.host.location
  resource_group_name = azurerm_resource_group.host.name

  sku {
    tier = "Premium"
    size = "P1"
  }
}

resource "azurerm_app_service" "example" {
  name                = "myspecialapp-${random_integer.id.result}"
  location            = azurerm_resource_group.app.location
  resource_group_name = azurerm_resource_group.app.name
  app_service_plan_id = azurerm_app_service_plan.example.id
}

// subscription for where the dns_zone is
provider "azurerm" {
  features {}
  alias                      = "dns"
  subscription_id            = local.dns_sub
  skip_provider_registration = true
}

data "azurerm_dns_zone" "main" {
  provider            = azurerm.dns
  name                = local.dns_name
  resource_group_name = local.dns_rg
}

resource "azurerm_dns_cname_record" "main" {
  provider            = azurerm.dns
  name                = "test"
  zone_name           = data.azurerm_dns_zone.main.name
  resource_group_name = data.azurerm_dns_zone.main.resource_group_name
  ttl                 = 300
  record              = azurerm_app_service.example.default_site_hostname
}

resource "azurerm_dns_txt_record" "main" {
  provider            = azurerm.dns
  name                = "asuid.${azurerm_dns_cname_record.main.name}"
  zone_name           = data.azurerm_dns_zone.main.name
  resource_group_name = data.azurerm_dns_zone.main.resource_group_name
  ttl                 = 300
  record {
    value = azurerm_app_service.example.custom_domain_verification_id
  }
}

resource "azurerm_app_service_custom_hostname_binding" "main" {
  hostname            = trim(azurerm_dns_cname_record.main.fqdn, ".")
  app_service_name    = azurerm_app_service.example.name
  resource_group_name = azurerm_resource_group.app.name
  depends_on          = [azurerm_dns_txt_record.main]
  lifecycle {
    ignore_changes = [ssl_state, thumbprint]
  }
}

resource "azurerm_app_service_managed_certificate" "main" {
  custom_hostname_binding_id = azurerm_app_service_custom_hostname_binding.main.id
}
@AdamCoulterOz
Copy link
Contributor Author

@jackofallops - FYI - I'll tweak the resource with the fix shortly.

@AdamCoulterOz AdamCoulterOz mentioned this issue Dec 6, 2020
Merged
@jackofallops jackofallops self-assigned this Dec 7, 2020
@jackofallops jackofallops added this to the v2.40.0 milestone Dec 7, 2020
@ghost
Copy link

ghost commented Dec 10, 2020

This has been released in version 2.40.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 2.40.0"
}
# ... other configuration ...

@ghost
Copy link

ghost commented Jan 9, 2021

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

@ghost ghost locked as resolved and limited conversation to collaborators Jan 9, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@jackofallops jackofallops

Labels
bug service/app-service v/2.x (legacy)
Projects
None yet
Milestone
v2.40.0
Development

Successfully merging a pull request may close this issue.

azurerm_app_service_managed_certificate - create certificate in service plan resource group
3 participants
@AdamCoulterOz @jackofallops @catriona-m