azurerm_app_service_managed_certificate can't parse custom hostname binding IDs for slots

[jaked]

Is there an existing issue for this?

• I have searched the existing issues

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

See #4240 (comment)

This is because azurerm_app_service_managed_certificate calls validate.AppServiceCustomHostnameBindingID which does not handle slots, see

terraform-provider-azurerm/internal/services/web/app_service_managed_certificate_resource.go

Line 47 in 1b6e07f

ValidateFunc: validate.AppServiceCustomHostnameBindingID,

and

terraform-provider-azurerm/internal/services/web/parse/app_service_custom_hostname_binding.go

Line 18 in 1b6e07f

func AppServiceCustomHostnameBindingID(input string) (*AppServiceCustomHostnameBindingId, error) {

Terraform Version

1.8.1

AzureRM Provider Version

3.106.1

Affected Resource(s)/Data Source(s)

azurerm_app_service_managed_certificate

Terraform Configuration Files

resource "azurerm_linux_web_app" "example" { ... }

resource "azurerm_linux_web_app_slot" "example_staging" { ... }

resource "azurerm_app_service_custom_hostname_binding" "example_hostname_binding" {
    hostname            = "example.githubnext.com"
    app_service_name    = azurerm_linux_web_app.example.name
    resource_group_name = azurerm_resource_group.example_resource_group.name
}

resource "azurerm_app_service_managed_certificate" "example_cert" {
  custom_hostname_binding_id = azurerm_app_service_custom_hostname_binding.example_hostname_binding.id
}

resource "azurerm_app_service_certificate_binding" "example_certbinding" {
  hostname_binding_id = azurerm_app_service_custom_hostname_binding.example_hostname_binding.id
  certificate_id      = azurerm_app_service_managed_certificate.example_cert.id
  ssl_state           = "SniEnabled"
}

resource "azurerm_app_service_slot_custom_hostname_binding" "example_staging_hostname_binding" {
    hostname            = "example-staging.githubnext.com"
    app_service_slot_id = azurerm_linux_web_app_slot.example_staging.id
}

/*
fails with

  Error: can not parse "custom_hostname_binding_id" as App Service Custom Hostname ID: ID contained more segments than required

see

  https://github.com/hashicorp/terraform-provider-azurerm/issues/4240#issuecomment-1666075642

resource "azurerm_app_service_managed_certificate" "example_staging_cert" {
  custom_hostname_binding_id = azurerm_app_service_slot_custom_hostname_binding.example_staging_hostname_binding.id
}
*/

resource "azurerm_app_service_certificate_binding" "example_staging_certbinding" {
  hostname_binding_id = azurerm_app_service_slot_custom_hostname_binding.example_staging_hostname_binding.id
  certificate_id      = azurerm_app_service_managed_certificate.example_staging_cert.id
  ssl_state           = "SniEnabled"
}

Debug Output/Panic Output

Error: can not parse "custom_hostname_binding_id" as App Service Custom Hostname ID: ID contained more segments than required: "/subscriptions/6bb24934-9d49-45e1-bee2-5bc698af3517/resourceGroups/example-resource-group/providers/Microsoft.Web/sites/example/slots/staging/hostNameBindings/example-staging.githubnext.com", map[slots:staging]

Expected Behaviour

managed certficate should have been created

Actual Behaviour

error as above

Steps to Reproduce

No response

Important Factoids

No response

References

No response

[DilanBoskan]

Can we please prioritize this issue? It is pretty limiting for such a core feature of Azure.