On azurerm_container_app adding custom domain, the field certificate_id is required and should not be

[caiola]

Is there an existing issue for this?

• I have searched the existing issues

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.6.2

AzureRM Provider Version

3.76.0

Affected Resource(s)/Data Source(s)

azurerm_container_app

Terraform Configuration Files

Debug Output/Panic Output

│ Error: Missing required argument
│
│   with module.container_apps.azurerm_container_app.container_app["capp-web"],
│   on modules\container_apps\main.tf line 15, in resource "azurerm_container_app" "container_app":
│   15: resource "azurerm_container_app" "container_app" {
│
│ The argument "ingress.0.custom_domain.0.certificate_id" is required, but no definition was found.

Expected Behaviour

Adding "custom domain" with Terraform dot not raise an error that "certificate_id" is required (exporting on JSON VIEW on the Azure Portal is not required).

Actual Behaviour

In Azure, with container app add two custom domains, go to "overview", click on JSON view and you can see the SCHEMA exported for the custom domains have 2 properties "name" and "bindingType".

Although, if you add these "custom domain" with Terraform it will raise and error that "certificate_id" is required but doing it on the Azure platform it is not required.

Steps to Reproduce

In Azure, with container app add two custom domains, go to "overview", click on JSON view and you can see the SCHEMA exported for the custom domains have 2 properties "name" and "bindingType".

Although, if you add these "custom domain" with Terraform it will raise and error that "certificate_id" is required but doing it on the Azure platform it is not required.

(...)
                "customDomains": [
                    {
                        "name": "test.ambitiousbay-xxxxxxx.westeurope.azurecontainerapps.io",
                        "bindingType": "Disabled"
                    },
                    {
                        "name": "mysubdomain.example.com",
                        "bindingType": "Disabled"
                    }
                ],
(...)

Error on terraform adding a custom domain without certificate (only name="subdomain.example.com" and certificate_binding_type="Disabled" filled):

│ Error: Missing required argument
│
│   with module.container_apps.azurerm_container_app.container_app["capp-web"],
│   on modules\container_apps\main.tf line 15, in resource "azurerm_container_app" "container_app":
│   15: resource "azurerm_container_app" "container_app" {
│
│ The argument "ingress.0.custom_domain.0.certificate_id" is required, but no definition was found.

Source on terraform -> terraform-provider-azurerm\internal\services\containerapps\helpers\container_apps.go:

type CustomDomain struct {
	CertBinding   string `tfschema:"certificate_binding_type"`
	CertificateId string `tfschema:"certificate_id"`
	Name          string `tfschema:"name"`
}

func ContainerAppIngressCustomDomainSchema() *pluginsdk.Schema {
	return &pluginsdk.Schema{
		Type:     pluginsdk.TypeList,
		Optional: true,
		MaxItems: 1,
		Elem: &pluginsdk.Resource{
			Schema: map[string]*pluginsdk.Schema{
				"certificate_binding_type": {
					Type:         pluginsdk.TypeString,
					Optional:     true,
					Default:      containerapps.BindingTypeDisabled,
					ValidateFunc: validation.StringInSlice(containerapps.PossibleValuesForBindingType(), false),
					Description:  "The Binding type. Possible values include `Disabled` and `SniEnabled`. Defaults to `Disabled`",
				},

				"certificate_id": {
					Type:         pluginsdk.TypeString,
					Required:     true,
					ValidateFunc: managedenvironments.ValidateCertificateID,
				},

				"name": {
					Type:         pluginsdk.TypeString,
					Required:     true,
					ValidateFunc: validation.StringIsNotEmpty,
					Description:  "The hostname of the Certificate. Must be the CN or a named SAN in the certificate.",
				},
			},
		},
	}
}

Important Factoids

No response

References

No response

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.