New Resource: azurerm_container_app_environment_managed_certificate#31137
Merged
sreallymatt merged 7 commits intohashicorp:mainfrom Apr 14, 2026
Merged
Conversation
jiaweitao001
requested review from
a team,
WodansSon and
magodo
as code owners
github-actions
Bot
added
ai-assisted
documentation
service/container-apps
size/XL
labels
13 tasks
sreallymatt
requested changes
Apr 6, 2026
Collaborator
sreallymatt
left a comment
sreallymatt
left a comment
There was a problem hiding this comment.
Thanks @jiaweitao001 - I've left some comments inline
- Use consistent error message format with retrieving/updating - Add nil check for env.Model before accessing nested fields - Use pointer.FromEnum for DomainControlValidation - Add CNAME and TXT domain control validation tests - Shorten DNS record name to avoid exceeding 64 char limit - Add custom domain with depends_on to docs example Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Collaborator
|
Hi @jiaweitao001 - it looks like |
TXT domain control validation requires longer polling time due to DNS propagation and CA signing chain being slower than HTTP/CNAME methods. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
jiaweitao001
force-pushed
the
container_app_env_managed_cert
branch
from
edefc78 to
630b677
Compare
The CNAME record was pointing to latest_revision_fqdn instead of the container app's ingress FQDN. Azure requires the CNAME to map directly to the app's generated domain name (ingress fqdn) for domain validation to succeed. This was causing TXT validation to stay in Pending state indefinitely, resulting in context deadline exceeded. Also reverts the temporary timeout increase from the previous commit. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
jiaweitao001
force-pushed
the
container_app_env_managed_cert
branch
from
e358342 to
74be517
Compare
TXT validation is accepted by the API but does not appear to be functional on the Azure service side - certificates remain in Pending state indefinitely. Remove the TXT test case and update documentation to only advertise CNAME and HTTP as supported validation methods. The validation code still accepts TXT to match the API definition. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Collaborator
Author
Hi @sreallymatt, I removed the TXT validation test case and updated the documentation to only advertise CNAME and HTTP as supported validation methods. TXT exists as an enum value in the API definition, but the service side does not appear to support it currently. |
sreallymatt
requested changes
Apr 13, 2026
| ForceNew: true, | ||
| Default: string(managedenvironments.ManagedCertificateDomainControlValidationHTTP), | ||
| ValidateFunc: validation.StringInSlice( | ||
| managedenvironments.PossibleValuesForManagedCertificateDomainControlValidation(), |
Collaborator
There was a problem hiding this comment.
Given TXT does not currently appear to function, we should omit it from this ValidateFunc as well. If/when support is added, we can revisit and add it back to the resource.
Collaborator
Author
There was a problem hiding this comment.
Sure. Removed.
Per review feedback, remove TXT from the allowed validation values since it does not currently function on the Azure service side. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
sreallymatt
approved these changes
Apr 14, 2026
Collaborator
sreallymatt
left a comment
sreallymatt
left a comment
There was a problem hiding this comment.
Thanks @jiaweitao001 - LGTM ✅
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Community Note
Description
This PR add support for the azurerm_container_app_environment_managed_certificate resource. This PR replaces #28366 since it has been inactivate for a while.
PR Checklist
For example: “
resource_name_here- description of change e.g. adding propertynew_property_name_here”Changes to existing Resource / Data Source
Testing
Change Log
Below please provide what should go into the changelog (if anything) conforming to the Changelog Format documented here.
azurerm_container_app_environment_managed_certificateThis is a (please select all that apply):
Related Issue(s)
Fixes #27362
AI Assistance Disclosure
Rollback Plan
If a change needs to be reverted, we will publish an updated version of the provider.
Changes to Security Controls
Are there any changes to security controls (access controls, encryption, logging) in this pull request? If so, explain.
Note
If this PR changes meaningfully during the course of review please update the title and description as required.