Address review feedback from sreallymatt

- Use consistent error message format with retrieving/updating
- Add nil check for env.Model before accessing nested fields
- Use pointer.FromEnum for DomainControlValidation
- Add CNAME and TXT domain control validation tests
- Shorten DNS record name to avoid exceeding 64 char limit
- Add custom domain with depends_on to docs example

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: jiaweitao001

internal/services/containerapps/container_app_environment_managed_certificate_resource.go

@@ -128,7 +128,11 @@ func (r ContainerAppEnvironmentManagedCertificateResource) Create() sdk.Resource
 
 			env, err := client.Get(ctx, *envId)
 			if err != nil {
-				return fmt.Errorf("reading %s for %s: %+v", *envId, id, err)
+				return fmt.Errorf("retrieving %s: %+v", *envId, err)
+			}
+
+			if env.Model == nil {
+				return fmt.Errorf("retrieving %s: `model` was nil", envId)
 			}
 
 			certificate := managedenvironments.ManagedCertificate{
@@ -167,7 +171,7 @@ func (r ContainerAppEnvironmentManagedCertificateResource) Read() sdk.ResourceFu
 				if response.WasNotFound(existing.HttpResponse) {
 					return metadata.MarkAsGone(id)
 				}
-				return fmt.Errorf("reading %s: %+v", *id, err)
+				return fmt.Errorf("retrieving %s: %+v", *id, err)
 			}
 
 			var state ContainerAppEnvironmentManagedCertificateModel
@@ -180,7 +184,7 @@ func (r ContainerAppEnvironmentManagedCertificateResource) Read() sdk.ResourceFu
 
 				if props := model.Properties; props != nil {
 					state.SubjectName = pointer.From(props.SubjectName)
-					state.DomainControlValidation = string(pointer.From(props.DomainControlValidation))
+					state.DomainControlValidation = pointer.FromEnum(props.DomainControlValidation)
 					state.ValidationToken = pointer.From(props.ValidationToken)
 				}
 			}
@@ -233,7 +237,7 @@ func (r ContainerAppEnvironmentManagedCertificateResource) Update() sdk.Resource
 				}
 
 				if _, err = client.ManagedCertificatesUpdate(ctx, *id, patch); err != nil {
-					return fmt.Errorf("updating tags for %s: %+v", *id, err)
+					return fmt.Errorf("updating %s: %+v", *id, err)
 				}
 			}
 

internal/services/containerapps/container_app_environment_managed_certificate_resource_test.go

@@ -103,6 +103,44 @@ func TestAccContainerAppEnvironmentManagedCertificate_domainControlValidationHTT
 	})
 }
 
+func TestAccContainerAppEnvironmentManagedCertificate_domainControlValidationCNAME(t *testing.T) {
+	if os.Getenv("ARM_TEST_DNS_ZONE") == "" || os.Getenv("ARM_TEST_DATA_RESOURCE_GROUP") == "" {
+		t.Skipf("Skipping as either ARM_TEST_DNS_ZONE or ARM_TEST_DATA_RESOURCE_GROUP is not set")
+	}
+
+	data := acceptance.BuildTestData(t, "azurerm_container_app_environment_managed_certificate", "test")
+	r := ContainerAppEnvironmentManagedCertificateResource{}
+
+	data.ResourceTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.domainControlValidationCNAME(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+			),
+		},
+		data.ImportStep(),
+	})
+}
+
+func TestAccContainerAppEnvironmentManagedCertificate_domainControlValidationTXT(t *testing.T) {
+	if os.Getenv("ARM_TEST_DNS_ZONE") == "" || os.Getenv("ARM_TEST_DATA_RESOURCE_GROUP") == "" {
+		t.Skipf("Skipping as either ARM_TEST_DNS_ZONE or ARM_TEST_DATA_RESOURCE_GROUP is not set")
+	}
+
+	data := acceptance.BuildTestData(t, "azurerm_container_app_environment_managed_certificate", "test")
+	r := ContainerAppEnvironmentManagedCertificateResource{}
+
+	data.ResourceTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.domainControlValidationTXT(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+			),
+		},
+		data.ImportStep(),
+	})
+}
+
 func (r ContainerAppEnvironmentManagedCertificateResource) Exists(ctx context.Context, client *clients.Client, state *pluginsdk.InstanceState) (*bool, error) {
 	id, err := managedenvironments.ParseManagedCertificateID(state.ID)
 	if err != nil {
@@ -222,6 +260,62 @@ resource "azurerm_container_app_environment_managed_certificate" "test" {
 `, r.template(data), data.RandomInteger)
 }
 
+func (r ContainerAppEnvironmentManagedCertificateResource) domainControlValidationCNAME(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+%[1]s
+
+resource "azurerm_container_app_custom_domain" "test" {
+  name             = trimsuffix(trimprefix(azurerm_dns_txt_record.test.fqdn, "asuid."), ".")
+  container_app_id = azurerm_container_app.test.id
+
+  lifecycle {
+    ignore_changes = [certificate_binding_type, container_app_environment_certificate_id]
+  }
+}
+
+resource "azurerm_container_app_environment_managed_certificate" "test" {
+  name                         = "acctest-cacertmgd%[2]d"
+  container_app_environment_id = azurerm_container_app_environment.test.id
+  subject_name                 = trimsuffix(trimprefix(azurerm_dns_txt_record.test.fqdn, "asuid."), ".")
+  domain_control_validation    = "CNAME"
+
+  depends_on = [azurerm_container_app_custom_domain.test]
+}
+`, r.template(data), data.RandomInteger)
+}
+
+func (r ContainerAppEnvironmentManagedCertificateResource) domainControlValidationTXT(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+%[1]s
+
+resource "azurerm_container_app_custom_domain" "test" {
+  name             = trimsuffix(trimprefix(azurerm_dns_txt_record.test.fqdn, "asuid."), ".")
+  container_app_id = azurerm_container_app.test.id
+
+  lifecycle {
+    ignore_changes = [certificate_binding_type, container_app_environment_certificate_id]
+  }
+}
+
+resource "azurerm_container_app_environment_managed_certificate" "test" {
+  name                         = "acctest-cacertmgd%[2]d"
+  container_app_environment_id = azurerm_container_app_environment.test.id
+  subject_name                 = trimsuffix(trimprefix(azurerm_dns_txt_record.test.fqdn, "asuid."), ".")
+  domain_control_validation    = "TXT"
+
+  depends_on = [azurerm_container_app_custom_domain.test]
+}
+`, r.template(data), data.RandomInteger)
+}
+
 func (r ContainerAppEnvironmentManagedCertificateResource) template(data acceptance.TestData) string {
 	dnsZone := os.Getenv("ARM_TEST_DNS_ZONE")
 	dataResourceGroup := os.Getenv("ARM_TEST_DATA_RESOURCE_GROUP")
@@ -281,15 +375,15 @@ resource "azurerm_container_app" "test" {
 }
 
 resource "azurerm_dns_cname_record" "test" {
-  name                = "containerapp%[1]d"
+  name                = "contapp%[1]d"
   resource_group_name = data.azurerm_dns_zone.test.resource_group_name
   zone_name           = data.azurerm_dns_zone.test.name
   ttl                 = 300
   record              = azurerm_container_app.test.latest_revision_fqdn
 }
 
 resource "azurerm_dns_txt_record" "test" {
-  name                = "asuid.containerapp%[1]d"
+  name                = "asuid.contapp%[1]d"
   resource_group_name = data.azurerm_dns_zone.test.resource_group_name
   zone_name           = data.azurerm_dns_zone.test.name
   ttl                 = 60

website/docs/r/container_app_environment_managed_certificate.html.markdown

@@ -33,11 +33,49 @@ resource "azurerm_container_app_environment" "example" {
   log_analytics_workspace_id = azurerm_log_analytics_workspace.example.id
 }
 
+resource "azurerm_container_app" "example" {
+  name                         = "example-app"
+  resource_group_name          = azurerm_resource_group.example.name
+  container_app_environment_id = azurerm_container_app_environment.example.id
+  revision_mode                = "Single"
+
+  template {
+    container {
+      name   = "example-container"
+      image  = "mcr.microsoft.com/k8se/quickstart:latest"
+      cpu    = 0.25
+      memory = "0.5Gi"
+    }
+  }
+
+  ingress {
+    external_enabled = true
+    target_port      = 80
+    transport        = "http"
+
+    traffic_weight {
+      latest_revision = true
+      percentage      = 100
+    }
+  }
+}
+
+resource "azurerm_container_app_custom_domain" "example" {
+  name             = "example.com"
+  container_app_id = azurerm_container_app.example.id
+
+  lifecycle {
+    ignore_changes = [certificate_binding_type, container_app_environment_certificate_id]
+  }
+}
+
 resource "azurerm_container_app_environment_managed_certificate" "example" {
   name                         = "example-managed-cert"
   container_app_environment_id = azurerm_container_app_environment.example.id
   subject_name                 = "example.com"
   domain_control_validation    = "HTTP"
+
+  depends_on = [azurerm_container_app_custom_domain.example]
 }
 ```