Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL upload, bind, unbind commands broken when a web app and its service plan are in different resource groups #2750

Closed
phekmat opened this issue Apr 4, 2017 · 0 comments
Closed

SSL upload, bind, unbind commands broken when a web app and its service plan are in different resource groups #2750

phekmat opened this issue Apr 4, 2017 · 0 comments

Comments

@phekmat
Copy link
Contributor

phekmat commented Apr 4, 2017

Environment summary

Install Method: How did you install the CLI? (e.g. pip, interactive script, apt-get, Docker, MSI, nightly)
Interactive
CLI Version: What version of the CLI and modules are installed? (Available with az --version)
2.0.2
OS Version: What OS and version are you using?
Mac OSX 10.11.6
Shell Type: What shell are you using? (e.g. bash, cmd.exe, PowerShell)
Bash

Description

When an app service plan is in resource group A and the web app is in resource group B, the az appservice web config ssl bind|unbind|upload commands will not work as expected. You'll be able to upload, but not bind or unbind any certs.

Judging from how the Azure Portal behaves, the commands should be using the resource group of the app service plan rather than the web app for storing/retrieving the cert, e.g.

azure-cli/src/command_modules/azure-cli-appservice/azure/cli/command_modules/appservice/custom.py

Line 851 in 2793bcd

def upload_ssl_cert(resource_group_name, name, certificate_password, certificate_file):
should look more like

def upload_ssl_cert(resource_group_name, name, certificate_password, certificate_file):
    client = web_client_factory()
    webapp = _generic_site_operation(resource_group_name, name, 'get')
    cert_resource_group_name = _get_resource_group_name_by_resource_id(webapp.server_farm_id)
    cert_file = open(certificate_file, 'rb')
    cert_contents = cert_file.read()
    hosting_environment_profile_param = webapp.hosting_environment_profile
    if hosting_environment_profile_param is None:
        hosting_environment_profile_param = ""

    thumb_print = _get_cert(certificate_password, certificate_file)
    cert_name = _generate_cert_name(thumb_print, hosting_environment_profile_param,
                                    webapp.location, cert_resource_group_name)
    cert = Certificate(password=certificate_password, pfx_blob=cert_contents,
                       location=webapp.location)
    return client.certificates.create_or_update(cert_resource_group_name, cert_name, cert)

def _get_resource_group_name_by_resource_id(resource_id):
    '''Returns the resource group name from parsing the resource id.
    :param str resource_id: The resource id
    '''
    resource_id = resource_id.lower()
    resource_group_keyword = '/resourcegroups/'
    return resource_id[resource_id.index(resource_group_keyword) + len(resource_group_keyword):
                       resource_id.index('/providers/')]
@tjprescott tjprescott added the Web Apps az webapp label Apr 4, 2017
@phekmat phekmat mentioned this issue Apr 4, 2017
Merged
3 tasks
phekmat pushed a commit to phekmat/azure-cli that referenced this issue Apr 6, 2017
Use the app service plan's resource group for cert operations
0c46b24 
SSL certificates are associated with the the app service plan/server farm in
Azure, so use the web app's `server_farm_id` to extract the associated resource
group for any `bind`, `unbind`, or `upload` actions. Fixes Azure#2750
yugangw-msft pushed a commit that referenced this issue Apr 10, 2017
@phekmat @yugangw-msft
Use the app service plan's resource group for cert operations (#2755)
4c7e7b7 
SSL certificates are associated with the the app service plan/server farm in
Azure, so use the web app's `server_farm_id` to extract the associated resource
group for any `bind`, `unbind`, or `upload` actions. Fixes #2750
@phekmat phekmat mentioned this issue May 6, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@phekmat @tjprescott @haroldrandom