Unable to enable https on custom domain for a CDN endpoint after upgrading to az cli 2.0.81

[feksai]

This is autogenerated. Please review and update as needed.

Describe the bug

When I try to enable https for custom domain on cdn endpoint I get error

Command Name
az cdn custom-domain enable-https

Errors:

InvalidResourceType - The resource type is invalid.

To Reproduce:

Steps to reproduce the behavior. Note that argument values have been redacted, as they may contain sensitive information.

• Put any pre-requisite steps here...
• az cdn custom-domain enable-https --endpoint-name {} --name {} --profile-name {} --resource-group {} --debug

Expected Behavior

Environment Summary

Linux-4.4.0-18362-Microsoft-x86_64-with-debian-stretch-sid
Python 3.6.5
Shell: bash

azure-cli 2.0.81

Extensions:
image-copy-extension 0.2.1

Additional Context

[feksai]

Attaching debug information

username@DESKTOP-B9F0F6M:/mnt/c/Users/username$ az cdn custom-domain enable-https   --endpoint-name domainplayusfront/domainplayusfront --name front-play-domain-org --profile-name domainplayusfront --resource-group domain-playus --debug
Command arguments: ['cdn', 'custom-domain', 'enable-https', '--endpoint-name', 'domainplayusfront/domainplayusfront', '--name', 'front-play-domain-org', '--profile-name', 'domainplayusfront', '--resource-group', 'domain-playus', '--debug']
Event: Cli.PreExecute []
Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x7f359e951d08>, <function OutputProducer.on_global_arguments at 0x7f359e47aae8>, <function CLIQuery.on_global_arguments at 0x7f359e4a5b70>]
Event: CommandInvoker.OnPreCommandTableCreate []
Installed command modules ['acr', 'acs', 'advisor', 'ams', 'apim', 'appconfig', 'appservice', 'backup', 'batch', 'batchai', 'billing', 'botservice', 'cdn', 'cloud', 'cognitiveservices', 'configure', 'consumption', 'container', 'cosmosdb', 'deploymentmanager', 'dla', 'dls', 'dms', 'eventgrid', 'eventhubs', 'extension', 'feedback', 'find', 'hdinsight', 'interactive', 'iot', 'iotcentral', 'keyvault', 'kusto', 'lab', 'managedservices', 'maps', 'monitor', 'natgateway', 'netappfiles', 'network', 'policyinsights', 'privatedns', 'profile', 
'rdbms', 'redis', 'relay', 'reservations', 'resource', 'role', 'search', 'security', 'servicebus', 'servicefabric', 'signalr', 'sql', 'sqlvm', 'storage', 'vm']
Loaded module 'acr' in 0.007 seconds.
Loaded module 'acs' in 0.025 seconds.
Loaded module 'advisor' in 0.002 seconds.
Event: CommandLoader.OnLoadCommandTable []
Loaded module 'ams' in 0.007 seconds.
Loaded module 'apim' in 0.002 seconds.
Loaded module 'appconfig' in 0.003 seconds.
Loaded module 'appservice' in 0.010 seconds.
Loaded module 'backup' in 0.004 seconds.
Event: CommandLoader.OnLoadCommandTable []
Loaded module 'batch' in 0.009 seconds.
Loaded module 'batchai' in 0.003 seconds.
Loaded module 'billing' in 0.002 seconds.
Loaded module 'botservice' in 0.003 seconds.
Event: CommandLoader.OnLoadCommandTable []
Loaded module 'cdn' in 0.004 seconds.
Loaded module 'cloud' in 0.002 seconds.
Loaded module 'cognitiveservices' in 0.002 seconds.
Loaded module 'configure' in 0.001 seconds.
Loaded module 'consumption' in 0.003 seconds.
Loaded module 'container' in 0.002 seconds.
Loaded module 'cosmosdb' in 0.008 seconds.
Loaded module 'deploymentmanager' in 0.003 seconds.
Loaded module 'dla' in 0.004 seconds.
Loaded module 'dls' in 0.004 seconds.
Loaded module 'dms' in 0.003 seconds.
Loaded module 'eventgrid' in 0.002 seconds.
Loaded module 'eventhubs' in 0.003 seconds.
Loaded module 'extension' in 0.001 seconds.
Loaded module 'feedback' in 0.001 seconds.
Loaded module 'find' in 0.001 seconds.
Loaded module 'hdinsight' in 0.003 seconds.
Loaded module 'interactive' in 0.001 seconds.
Loaded module 'iot' in 0.005 seconds.
Loaded module 'iotcentral' in 0.002 seconds.
Loaded module 'keyvault' in 0.005 seconds.
Loaded module 'kusto' in 0.003 seconds.
Loaded module 'lab' in 0.004 seconds.
Loaded module 'managedservices' in 0.002 seconds.
Loaded module 'maps' in 0.002 seconds.
Loaded module 'monitor' in 0.008 seconds.
Loaded module 'natgateway' in 0.002 seconds.
Event: CommandLoader.OnLoadCommandTable []
Loaded module 'netappfiles' in 0.005 seconds.
Loaded module 'network' in 0.034 seconds.
Loaded module 'policyinsights' in 0.003 seconds.
Loaded module 'privatedns' in 0.004 seconds.
Loaded module 'profile' in 0.002 seconds.
Loaded module 'rdbms' in 0.005 seconds.
Loaded module 'redis' in 0.004 seconds.
Loaded module 'relay' in 0.003 seconds.
Loaded module 'reservations' in 0.002 seconds.
Loaded module 'resource' in 0.007 seconds.
Loaded module 'role' in 0.005 seconds.
Loaded module 'search' in 0.002 seconds.
Loaded module 'security' in 0.002 seconds.
Loaded module 'servicebus' in 0.005 seconds.
Loaded module 'servicefabric' in 0.005 seconds.
Loaded module 'signalr' in 0.002 seconds.
Loaded module 'sql' in 0.007 seconds.
Loaded module 'sqlvm' in 0.003 seconds.
Event: CommandLoader.OnLoadCommandTable []
Loaded module 'storage' in 0.029 seconds.
Loaded module 'vm' in 0.016 seconds.
Loaded all modules in 0.303 seconds. (note: there's always an overhead with the first module loaded)
Extensions directory: '/home/username/.azure/cliextensions'
Found 1 extensions: ['image-copy-extension']
Extensions directory: '/home/username/.azure/cliextensions'
Extension compatibility result: is_compatible=True cli_core_version=2.0.81 min_required=2.0.24 max_required=None
Extensions directory: '/home/username/.azure/cliextensions'
Loaded extension 'image-copy-extension' in 0.002 seconds.
Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x7f359dc83840>]
az_command_data_logger : command args: cdn custom-domain enable-https --endpoint-name {} --name {} --profile-name {} --resource-group {} --debug
metadata file logging enabled - writing logs to '/home/username/.azure/commands'.
Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument.<locals>.add_subscription_parameter at 0x7f359dc1e840>]
Event: CommandLoader.OnLoadArguments []
Event: CommandInvoker.OnPostArgumentLoad []
Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument.<locals>.add_ids_arguments at 0x7f359dbd8510>, <function register_cache_arguments.<locals>.add_cache_arguments at 0x7f359dbd86a8>]
Event: CommandInvoker.OnCommandTableLoaded []
Event: CommandInvoker.OnPreParseArgs [<function _documentdb_deprecate at 0x7f359bd52ae8>]
Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x7f359e47ab70>, <function CLIQuery.handle_query_parameter at 0x7f359e4a5bf8>, <function register_ids_argument.<locals>.parse_ids_arguments at 0x7f359dbd8598>, <function handler at 0x7f359bc21ae8>]
Getting management service client client_type=CdnManagementClient
msrest.universal_http.requests : Configuring retry: max_retries=4, backoff_factor=0.8, max_backoff=90
attempting to read file /home/username/.azure/accessTokens.json as utf-8-sig
adal-python : 4d374f8b-0fb9-4e56-b5cc-a7ea5167194a - Authority:Performing instance discovery: ...
adal-python : 4d374f8b-0fb9-4e56-b5cc-a7ea5167194a - Authority:Performing static instance discovery
adal-python : 4d374f8b-0fb9-4e56-b5cc-a7ea5167194a - Authority:Authority validated via static instance discovery
adal-python : 4d374f8b-0fb9-4e56-b5cc-a7ea5167194a - TokenRequest:Getting token from cache with refresh if necessary.
adal-python : 4d374f8b-0fb9-4e56-b5cc-a7ea5167194a - CacheDriver:finding with query keys: {'_clientId': '...', 'userId': '...'}
adal-python : 4d374f8b-0fb9-4e56-b5cc-a7ea5167194a - CacheDriver:Looking for potential cache entries: {'_clientId': '...', 'userId': '...'}
adal-python : 4d374f8b-0fb9-4e56-b5cc-a7ea5167194a - CacheDriver:Found 7 potential entries.
adal-python : 4d374f8b-0fb9-4e56-b5cc-a7ea5167194a - CacheDriver:Resource specific token found.
adal-python : 4d374f8b-0fb9-4e56-b5cc-a7ea5167194a - CacheDriver:Returning token from cache lookup, AccessTokenId: b'ILMjWxGoD8+CYNJKSmx9Z4nEv1oz/zdNbDCMMjZStkk=', RefreshTokenId: b'2+wmp7yJTNbPKDqE4QcEyabsCUDD/8a5Tw8hdkeFMWA='
msrest.http_logger : Request URL: 'https://management.azure.com/subscriptions/8e<<secure>>d4e/resourceGroups/domain-playus/providers/Microsoft.Cdn/profiles/domainplayusfront/endpoints/domainplayusfront%2Fdomainplayusfront/customDomains/front-play-domain-org/enableCustomHttps?api-version=2019-04-15'
msrest.http_logger : Request method: 'POST'
msrest.http_logger : Request headers:
msrest.http_logger :     'Accept': 'application/json'
msrest.http_logger :     'Content-Type': 'application/json; charset=utf-8'
msrest.http_logger :     'accept-language': 'en-US'
msrest.http_logger :     'User-Agent': 'python/3.6.5 (Linux-4.4.0-18362-Microsoft-x86_64-with-debian-stretch-sid) msrest/0.6.9 msrest_azure/0.6.2 azure-mgmt-cdn/4.0.0 Azure-SDK-For-Python AZURECLI/2.0.81'
msrest.http_logger : Request body:
msrest.http_logger : None
msrest.universal_http : Configuring redirects: allow=True, max=30
msrest.universal_http : Configuring request: timeout=100, verify=True, cert=None
msrest.universal_http : Configuring proxies: ''
msrest.universal_http : Evaluate proxies against ENV settings: True
urllib3.connectionpool : Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool : https://management.azure.com:443 "POST /subscriptions/8e<<secure>>d4e/resourceGroups/domain-playus/providers/Microsoft.Cdn/profiles/domainplayusfront/endpoints/domainplayusfront%2Fdomainplayusfront/customDomains/front-play-domain-org/enableCustomHttps?api-version=2019-04-15 HTTP/1.1" 400 107
msrest.http_logger : Response status: 400
msrest.http_logger : Response headers:
msrest.http_logger :     'Cache-Control': 'private'
msrest.http_logger :     'Content-Length': '107'
msrest.http_logger :     'Content-Type': 'application/json; charset=utf-8'
msrest.http_logger :     'Content-Language': 'en-US'
msrest.http_logger :     'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
msrest.http_logger :     'Server': 'Microsoft-IIS/8.5'
msrest.http_logger :     'X-AspNet-Version': '4.0.30319'
msrest.http_logger :     'X-Powered-By': 'ASP.NET'
msrest.http_logger :     'x-ms-ratelimit-remaining-subscription-writes': '1198'
msrest.http_logger :     'x-ms-request-id': 'a0cd285a-2bd1-4de6-ad2a-ae9e025e16e7'
msrest.http_logger :     'x-ms-correlation-request-id': 'a0cd285a-2bd1-4de6-ad2a-ae9e025e16e7'
msrest.http_logger :     'x-ms-routing-request-id': 'WESTEUROPE:20200212T101444Z:a0cd285a-2bd1-4de6-ad2a-ae9e025e16e7'
msrest.http_logger :     'X-Content-Type-Options': 'nosniff'
msrest.http_logger :     'Date': 'Wed, 12 Feb 2020 10:14:43 GMT'
msrest.http_logger : Response content:
msrest.http_logger : {
  "error": {
    "code": "InvalidResourceType",
    "message": "The resource type is invalid."
  }
}
msrest.exceptions : Operation returned an invalid status code 'Bad Request'
cli.azure.cli.core.util : InvalidResourceType - The resource type is invalid.
InvalidResourceType - The resource type is invalid.
az_command_data_logger : exit code: 1
telemetry.save : Save telemetry record of length 2560 in cache
telemetry.check : Negative: The /home/username/.azure/telemetry.txt was modified at 2020-02-12 13:13:42.684391, which in less than 600.000000 s
command ran in 0.974 seconds.

[feksai]

I noticed in debug information that request budy is empty

msrest.http_logger : Request body:
msrest.http_logger : None

But when I enable https on custom domain on Azure Portal I see that browser sends request on

https://management.azure.com/subscriptions/8e<<secure>>d4e/resourcegroups/domain-PlayUS/providers/Microsoft.Cdn/profiles/domainplayusfront/endpoints/domainplayusfront/customdomains/front-play-domain-org/enableCustomHttps?api-version=2019-04-15

with body

{
  "certificateSource": "Cdn",
  "protocolType": "ServerNameIndication",
  "certificateSourceParameters": {
    "@odata.type": "#Microsoft.Azure.Cdn.Models.CdnCertificateSourceParameters",
    "certificateType": "Dedicated"
  }
}

[feksai]

One more fact: same request with api-version=2017-04-02 with empty body is allowed

[feksai]

Workaround solution is to replace this code

#! /bin/bash

set -e

az cdn custom-domain enable-https \
  --endpoint-name $(frontendStorageAccount) \
  --name customDomain \
  --profile-name $(frontendStorageAccount) \
  --resource-group $(resourceGroup)

by this

#!/bin/bash

subscriptionId=`az account show --output tsv --query id`
body="{\"certificateSource\":\"Cdn\",\"protocolType\":\"ServerNameIndication\",\"certificateSourceParameters\":{\"@odata.type\":\"#Microsoft.Azure.Cdn.Models.CdnCertificateSourceParameters\",\"certificateType\":\"Dedicated\"}}"
az rest --method post --uri /subscriptions/$subscriptionId/resourcegroups/$(resourceGroup)/providers/Microsoft.Cdn/profiles/$(frontendStorageAccount)/endpoints/$(frontendStorageAccount)/customdomains/customDomain/enableCustomHttps?api-version=2019-04-15 --body $body

Note that $(..) is tfs specific variables in my case

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc

[arrownj]

Hi @myronfanqiu , could you please help take a look at it ?