Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

webapp: Way to get 'Custom Domain Verification ID' for web app #14142

Closed
jonsamwell opened this issue Jun 30, 2020 · 21 comments
Closed

webapp: Way to get 'Custom Domain Verification ID' for web app #14142

jonsamwell opened this issue Jun 30, 2020 · 21 comments
Assignees
Labels
customer-reported Issues that are reported by GitHub users external to the Azure organization. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Service Attention This issue is responsible by Azure service team. Web Apps az webapp

Comments

@jonsamwell
Copy link

jonsamwell commented Jun 30, 2020

I need a way to get the Custom Domain Verification ID of a web app so that I can automate binding a custom host name.

image

I've looked through all the documentation and methods exposed on az webapp but I am unable to find a way to get the verification id which I can use to add a TXT record to an Azure DNS zone then bind the custom host name without performing the verification step manually.

This is a big hole in our environment creation process we would like to automate.

Sorry if I missed anything!

Thanks!

@msftbot msftbot bot added needs-triage This is a new issue that needs to be triaged to the appropriate team. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Jun 30, 2020
@yungezz yungezz added the Web Apps az webapp label Jun 30, 2020
@msftbot msftbot bot removed the needs-triage This is a new issue that needs to be triaged to the appropriate team. label Jun 30, 2020
@yungezz yungezz added the Service Attention This issue is responsible by Azure service team. label Jun 30, 2020
@msftbot
Copy link

msftbot bot commented Jun 30, 2020

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @AzureAppServiceCLI, @antcp.

@yungezz
Copy link
Member

yungezz commented Jun 30, 2020

routing to appropriate team to help look if it's a feature reqeust or doc issue

@peter-dolkens
Copy link

peter-dolkens commented Jul 6, 2020

@jonsamwell there's some older methods which still work - I was hoping to move to this new TXT based record too, but unfortunately we're stuck using CNAMEs for now.

Instead, you can create an extra awverify record as follows:

CNAME or TXT awverify.yourdns.com => awverify.web-app-name.azurewebsites.net

Note: this additional awverify record is only needed if you're unable to point yourdns.com directly at your website immediately. The awverify record allows you to add the binding ahead of time, or alternatively, if you have a proxy (e.g. Cloudflare) in front, the awverify record removes the requirement for a direct CNAME binding all together.

@panchagnula
Copy link
Contributor

@peter-dolkens we need the Python SDK updated with this new property for CLI to expose this. We are working on it. this got added to the rest-api-sepc as a part of this Azure/azure-rest-api-specs#10117 we will get the SDK updated & released soon. Adding tentative ETA to the milestone tag to track this.

@panchagnula panchagnula added this to the S173 milestone Jul 22, 2020
@panchagnula panchagnula self-assigned this Jul 22, 2020
@panchagnula panchagnula changed the title Way to get 'Custom Domain Verification ID' for web app webapp: Way to get 'Custom Domain Verification ID' for web app Jul 22, 2020
@btardif btardif added this to to-do in Compute Features via automation Jul 29, 2020
@btardif btardif modified the milestones: S173, S174 Jul 29, 2020
@ericsampson
Copy link

@panchagnula does someone have a ticket to add it to the go SDK?

@panchagnula
Copy link
Contributor

@ericsampson don't have a firm ETA but next week (if all goes as planned) we should be able to release a new Python SDK that should have this property after which we can work on incorporating this to azure-cli

@ericsampson
Copy link

@panchagnula I was asking not about azure-clie but about the GO SDK because that's what's used by Terraform - looks like the go SDK work is inflight here so I'm good: Azure/azure-sdk-for-go#12160
Thanks!

@panchagnula
Copy link
Contributor

Got it @ericsampson I am not the right person to talk about GO SDK - since I mainly work on CLI - but I can make sure GO SDK gets released once the python SDK is released as well.

@panchagnula panchagnula modified the milestones: S174, S175 - For Ignite Aug 18, 2020
@SupriyaGangineni
Copy link

Hi,

You can use the Azure Resource Graph to achieve this. https://docs.microsoft.com/en-us/azure/governance/resource-graph/overview

If you are using CLI, you can get the Custom Verification ID of Azure App Service with following commands.

az extension add --name resource-graph
az graph query -q "Resources | project name, properties.customDomainVerificationId, type | where type == 'microsoft.web/sites'"

Thanks,
Supriya.

@panchagnula panchagnula modified the milestones: S175 - For Ignite, S176 Sep 15, 2020
@Bunzab
Copy link

Bunzab commented Sep 16, 2020

Is there an ETA for this being released in the CLI?

@azure-sdk azure-sdk added the customer-reported Issues that are reported by GitHub users external to the Azure organization. label Sep 24, 2020
@panchagnula panchagnula removed this from the S176 milestone Sep 25, 2020
@btardif btardif moved this from Tirage to to-do in Compute Features Sep 29, 2020
@brandonwittwer
Copy link

brandonwittwer commented Oct 1, 2020

Building on SupriyaGangineni's reply...

The domain verification id is the same for all app services on the same subscription. the following query gives you a list of all subscriptions you have access to.

az graph query -q "Resources | join kind=leftouter (ResourceContainers | where type=='microsoft.resources/subscriptions' | project SubName=name, subscriptionId) on subscriptionId | where type == 'microsoft.web/sites'| project vid = tostring(properties.customDomainVerificationId), SubName | distinct *"

@btardif btardif moved this from to-do to in progress in Compute Features Oct 7, 2020
@panchagnula panchagnula modified the milestones: S177, S178 Oct 14, 2020
@panchagnula
Copy link
Contributor

Moving this to next sprint since we need the new SDK with latest API Version to support this property

@panchagnula panchagnula moved this from in progress to to-do in Compute Features Oct 28, 2020
@panchagnula panchagnula modified the milestones: S178, S180, S179 Oct 28, 2020
@btardif btardif moved this from to-do to Tirage in Compute Features Nov 4, 2020
@btardif btardif modified the milestones: S179, S180 Dec 2, 2020
@aarsan
Copy link

aarsan commented Dec 3, 2020

Is this ID set dynamically when the first App Service is created or is it possible to know what this ID is prior to deploying the first App Service? @brandonwittwer

@PabloJomer
Copy link

@aarsan I want to know the same thing. Is it possible to get the id without a website?

Kindly,
Pablo

@panchagnula
Copy link
Contributor

@aarsan I want to know the same thing. Is it possible to get the id without a website?

Kindly,
Pablo

Nope this value can be used for app service only so which means you need a webapp/function app.

Also, this value is already added as part of new SDK update change released a while back.

Compute Features automation moved this from Triage to done Jun 18, 2021
@PabloJomer
Copy link

@aarsan I want to know the same thing. Is it possible to get the id without a website?
Kindly,
Pablo

Nope this value can be used for app service only so which means you need a webapp/function app.

Also, this value is already added as part of new SDK update change released a while back.

@panchagnula From what I can see the custom domain name verification id is unique for a subscription so two webapps within the same subscription would use the same id. In our use case it would be valuable to be able to get the id from the subscription without having to create a webapp/functionapp first. That way we could setup the infrastructure in one step and keep all our settings as code, without manual steps.

I understand we could create a fake webapp to retrive the id but it seems suboptimal and is exactly the kind of thing you want to avoid with infrastructure as code.

Could we open a new ticket to allow this to be retrieved some way directly from the subscription?

Kindly,
Pablo

@panchagnula
Copy link
Contributor

@aarsan I want to know the same thing. Is it possible to get the id without a website?
Kindly,
Pablo

Nope this value can be used for app service only so which means you need a webapp/function app.
Also, this value is already added as part of new SDK update change released a while back.

@panchagnula From what I can see the custom domain name verification id is unique for a subscription so two webapps within the same subscription would use the same id. In our use case it would be valuable to be able to get the id from the subscription without having to create a webapp/functionapp first. That way we could setup the infrastructure in one step and keep all our settings as code, without manual steps.

I understand we could create a fake webapp to retrive the id but it seems suboptimal and is exactly the kind of thing you want to avoid with infrastructure as code.

Could we open a new ticket to allow this to be retrieved some way directly from the subscription?

Kindly,
Pablo

I don't understand the ask - the customDomainVerficationId can be used for AppService only so if you have a sub but no webapp resources, what is the purpose of using this DomainVerficationId - since this an AppServicePlan concept, will need a webapp resource. Sorry by design & at this point won't be associated with Subscription alone. i.e you need atleast one webapp associated with a resource to use this.

@PabloJomer
Copy link

PabloJomer commented Jun 18, 2021

@aarsan I want to know the same thing. Is it possible to get the id without a website?
Kindly,
Pablo

Nope this value can be used for app service only so which means you need a webapp/function app.
Also, this value is already added as part of new SDK update change released a while back.

@panchagnula From what I can see the custom domain name verification id is unique for a subscription so two webapps within the same subscription would use the same id. In our use case it would be valuable to be able to get the id from the subscription without having to create a webapp/functionapp first. That way we could setup the infrastructure in one step and keep all our settings as code, without manual steps.
I understand we could create a fake webapp to retrive the id but it seems suboptimal and is exactly the kind of thing you want to avoid with infrastructure as code.
Could we open a new ticket to allow this to be retrieved some way directly from the subscription?
Kindly,
Pablo

I don't understand the ask - the customDomainVerficationId can be used for AppService only so if you have a sub but no webapp resources, what is the purpose of using this DomainVerficationId - since this an AppServicePlan concept, will need a webapp resource. Sorry by design & at this point won't be associated with Subscription alone. i.e you need atleast one webapp associated with a resource to use this.

We setup our infrastructure (functionapp & other resources) via a bicep/ARM template. In the bicep template we bind the custom hostname to the functionapp but this requires that we have already added the records with our DNS provider. Thus we a way to retrieve the record values and set these with our DNS provider before setting up our infrastructure. Since it's not possible to get the value from the subscription alone this means we would have to create a webapp use the cli to get the id and then destroy the webapp. If we want to automate the task. Since the value is unique for the subscription alone it feels like it would be better for everyone if it could be retrieved directly from there. Or if it was possible for MS to share how the value is calculated.

Kindly,
Pablo

@JohnDelisle
Copy link

We setup our infrastructure (functionapp & other resources) via a bicep/ARM template. In the bicep template we bind the custom hostname to the functionapp but this requires that we have already added the records with our DNS provider. Thus we a way to retrieve the record values and set these with our DNS provider before setting up our infrastructure. Since it's not possible to get the value from the subscription alone this means we would have to create a webapp use the cli to get the id and then destroy the webapp. If we want to automate the task. Since the value is unique for the subscription alone it feels like it would be better for everyone if it could be retrieved directly from there. Or if it was possible for MS to share how the value is calculated.

We have the same drivers (automation) and requirement for the ID. We're looking for a way to obtain the ID prior to provisioning an App Service. Is this possible? Did you happen to find a way?

@panchagnula
Copy link
Contributor

We setup our infrastructure (functionapp & other resources) via a bicep/ARM template. In the bicep template we bind the custom hostname to the functionapp but this requires that we have already added the records with our DNS provider. Thus we a way to retrieve the record values and set these with our DNS provider before setting up our infrastructure. Since it's not possible to get the value from the subscription alone this means we would have to create a webapp use the cli to get the id and then destroy the webapp. If we want to automate the task. Since the value is unique for the subscription alone it feels like it would be better for everyone if it could be retrieved directly from there. Or if it was possible for MS to share how the value is calculated.

We have the same drivers (automation) and requirement for the ID. We're looking for a way to obtain the ID prior to provisioning an App Service. Is this possible? Did you happen to find a way?

Due to security reasons there is no way to obtain this prior to creating app Service at this point.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
customer-reported Issues that are reported by GitHub users external to the Azure organization. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Service Attention This issue is responsible by Azure service team. Web Apps az webapp
Projects
No open projects
Development

No branches or pull requests