Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSL upload, bind, unbind commands broken when a web app and its service plan are in different resource groups #2750

Closed
phekmat opened this issue Apr 4, 2017 · 0 comments

Comments

@phekmat
Copy link
Contributor

commented Apr 4, 2017

Environment summary

Install Method: How did you install the CLI? (e.g. pip, interactive script, apt-get, Docker, MSI, nightly)
Interactive
CLI Version: What version of the CLI and modules are installed? (Available with az --version)
2.0.2
OS Version: What OS and version are you using?
Mac OSX 10.11.6
Shell Type: What shell are you using? (e.g. bash, cmd.exe, PowerShell)
Bash

Description

When an app service plan is in resource group A and the web app is in resource group B, the az appservice web config ssl bind|unbind|upload commands will not work as expected. You'll be able to upload, but not bind or unbind any certs.

Judging from how the Azure Portal behaves, the commands should be using the resource group of the app service plan rather than the web app for storing/retrieving the cert, e.g.

def upload_ssl_cert(resource_group_name, name, certificate_password, certificate_file):
should look more like

def upload_ssl_cert(resource_group_name, name, certificate_password, certificate_file):
    client = web_client_factory()
    webapp = _generic_site_operation(resource_group_name, name, 'get')
    cert_resource_group_name = _get_resource_group_name_by_resource_id(webapp.server_farm_id)
    cert_file = open(certificate_file, 'rb')
    cert_contents = cert_file.read()
    hosting_environment_profile_param = webapp.hosting_environment_profile
    if hosting_environment_profile_param is None:
        hosting_environment_profile_param = ""

    thumb_print = _get_cert(certificate_password, certificate_file)
    cert_name = _generate_cert_name(thumb_print, hosting_environment_profile_param,
                                    webapp.location, cert_resource_group_name)
    cert = Certificate(password=certificate_password, pfx_blob=cert_contents,
                       location=webapp.location)
    return client.certificates.create_or_update(cert_resource_group_name, cert_name, cert)

def _get_resource_group_name_by_resource_id(resource_id):
    '''Returns the resource group name from parsing the resource id.
    :param str resource_id: The resource id
    '''
    resource_id = resource_id.lower()
    resource_group_keyword = '/resourcegroups/'
    return resource_id[resource_id.index(resource_group_keyword) + len(resource_group_keyword):
                       resource_id.index('/providers/')]

@tjprescott tjprescott added the Web Apps label Apr 4, 2017

phekmat pushed a commit to phekmat/azure-cli that referenced this issue Apr 4, 2017
Payam Hekmat
Use the app service plan's resource group for cert operations
SSL certificates are associated with the the app service plan/server farm in
Azure, so use the web app's `server_farm_id` to extract the associated resource
group for any `bind`, `unbind`, or `upload` actions. Fixes Azure#2750
phekmat pushed a commit to phekmat/azure-cli that referenced this issue Apr 4, 2017
Payam Hekmat
Use the app service plan's resource group for cert operations
SSL certificates are associated with the the app service plan/server farm in
Azure, so use the web app's `server_farm_id` to extract the associated resource
group for any `bind`, `unbind`, or `upload` actions. Fixes Azure#2750
phekmat pushed a commit to phekmat/azure-cli that referenced this issue Apr 4, 2017
Payam Hekmat
Use the app service plan's resource group for cert operations
SSL certificates are associated with the the app service plan/server farm in
Azure, so use the web app's `server_farm_id` to extract the associated resource
group for any `bind`, `unbind`, or `upload` actions. Fixes Azure#2750
phekmat pushed a commit to phekmat/azure-cli that referenced this issue Apr 5, 2017
Payam Hekmat
Use the app service plan's resource group for cert operations
SSL certificates are associated with the the app service plan/server farm in
Azure, so use the web app's `server_farm_id` to extract the associated resource
group for any `bind`, `unbind`, or `upload` actions. Fixes Azure#2750
phekmat pushed a commit to phekmat/azure-cli that referenced this issue Apr 6, 2017
Payam Hekmat
Use the app service plan's resource group for cert operations
SSL certificates are associated with the the app service plan/server farm in
Azure, so use the web app's `server_farm_id` to extract the associated resource
group for any `bind`, `unbind`, or `upload` actions. Fixes Azure#2750
yugangw-msft added a commit that referenced this issue Apr 10, 2017
Use the app service plan's resource group for cert operations (#2755)
SSL certificates are associated with the the app service plan/server farm in
Azure, so use the web app's `server_farm_id` to extract the associated resource
group for any `bind`, `unbind`, or `upload` actions. Fixes #2750
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.