-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
azurerm_app_service - way to get 'Custom Domain Verification ID' #7537
Comments
Thanks for opening this issue. Seems it's an API restriction. So I assume terraform cannot support this property since API doesn't support it after went through the api doc. |
@neil-yechenwei yeah seems like a bit of a hole in the api. I've filled a feature request with azure team so hopefully they will come back with something. |
It's possible to use terraform to provision these already - see the original issue for further details. |
I don't have one configured to test - but presumably this is this endpoint in the API? |
@peter-dolkens when you say they can be provisioned already are you talking about using the "awverify." prefix on the domain and site reference in a CNAME or TXT record. I have setup the following via terraform and aws provider.
I still can't bind in terraform using Have you got any further information in relation to this ? |
@rluiten does AWS route53 do any proxying or similar magic? It may simply come down to how long it takes DNS to propagate from AWS In cloudflare, you can either proxy a record, or pass it through raw, and it normally only takes 30-60s to propagate. Our stack looks like this:
|
Thanks for the response. I don't think my current issue is a propagation problem. I let it create most of the resources including domains yesterday, so only custom domain didn't create due to error. I have verified the domain config using https://toolbox.googleapps.com/apps/dig to make sure the CNAME record for both domain and awverify prefixed domain and they appear to be correct. I have tested using TXT type of record for the awverify record same results so far with a delay of an hour before retrying creating the custom domain and still getting failure. I'd like to thank you also for the delay resource example which I had not encountered before but I am sure it will be useful. |
@rluiten when you ran yesterday, did it create the awverify records? If you want, you can email me ([email protected]) and I could take a look at your actual records. Ideally run it once, let it create the DNS records and fail, and I'll take a look tomorrow to confirm that they look right to me. Additionally, the official documentation is here: https://docs.microsoft.com/en-us/azure/app-service/manage-custom-dns-migrate-domain |
Hey all ... its a property already returned by the REST API, the go-sdk is just not exposing it in the props collection (SiteProperties struct). type SiteProperties struct {
// CustomDomainVerificationId - READ-ONLY; Custom domain verification id used in the txt record of custom domains to verify them for use on a app service.
props.CustomDomainVerificationId *string `json:"customDomainVerificationId,omitempty"`
} Then we add this this line in the resource, as well as the corresponding schema: d.Set("custom_domain_verification_id", props.CustomDomainVerificationId |
They've just shipped the update for this in Azure/azure-sdk-for-go#12160 Included in v45.1.0 of the sdk, here: @tombuildsstuff - I'm happy to have a go at this? |
FYI @jonsamwell - this probably also closes your issue Azure/azure-cli#14142 |
@AdamCoulterOz unfortunately v45.x of the Azure SDK is sufficiently broken (there's 3 separate regressions in it) that we're blocked from upgrading - so whilst a PR would be great I think we're blocked for a little while longer here unfortunately (we're waiting to find out if v46 of the SDK fixes these regressions) |
@tombuildsstuff do those regressions affect this resource? |
@AdamCoulterOz I don't believe so, however the entire provider is blocked from upgrading to SDK v45.x until those regressions are fixed unfortunately |
@tombuildsstuff Any progress on this? As far as I know, sdk v46 is already published |
there is an open PR to update the azure sdk: #8411 |
FWIW, in practice, all you need is just the one CNAME: |
In case it helps someone else, I found that the value Custom Domain Verification ID is shared across an Azure subscription. That is if you have multiple app service plans with different app services, they will all shared the same Custom Domain Verification ID. This meant that I could use an environment variable, rather than looking it up.
I know it doesn't help you when creating from scratch, but it might be helpful as a stopgap until it is supported in the provider. |
Thanks for this @palmerandy ! I feel a lot less guilty passing the verification ID as a variable to terraform, knowing that it's shared across my whole subscription, and not tied to a specific App Service. The |
This has been released in version 2.38.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example: provider "azurerm" {
version = "~> 2.38.0"
}
# ... other configuration ... |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks! |
This issue was originally opened by @jonsamwell as hashicorp/terraform#25432. It was migrated here as a result of the provider split. The original body of the issue is below.
I need a way to get the
Custom Domain Verification ID
of an azure web app so that I can automate binding a custom host name.I've looked through all the exported attributes when using
azurerm_app_service
but I am unable to find a way to get the verification id which I can use to add a TXT record to an Azure DNS zone then bind a custom host name without performing the verification step manually.This is a big hole in our environment creation process we would like to automate.
Sorry if I missed anything!
Thanks!
The text was updated successfully, but these errors were encountered: