"containerapp hostname bind" fails to find managed certificates by name #29119
Labels
Auto-Assign
Auto assign by bot
bug
This issue requires a change to an existing behavior in the product in order to be resolved.
ContainerApp
customer-reported
Issues that are reported by GitHub users external to the Azure organization.
Service Attention
This issue is responsible by Azure service team.
Describe the bug
The command fails saying that the cert cannot be found in the container apps environment when it does exist.
All the resources involved are in the same resource group. This is a managed certificate binding to a custom domain already created on the container app using the following commands:
az containerapp hostname add -n $CONTAINER_APP_NAME -g $RESOURCE_GROUP --hostname $CUSTOM_DOMAIN
az containerapp env certificate create -g $RESOURCE_GROUP -n $CONTAINER_APP_ENV_NAME --hostname $CUSTOM_DOMAIN --validation-method CNAME
The reason for the issue can be seen when running the command with --debug, the request URL to find the certificate is
Request URL: 'https://management.azure.com/subscriptions/***/resourceGroups/***/providers/Microsoft.App/managedEnvironments/***/certificates/***?api-version=2024-03-01'
However, the resource id for a managed certificate is of the form:
/subscriptions//resourceGroups//providers/Microsoft.App/managedEnvironments//managedCertificates/
The workaround is to specify the full resource id for the certificate rather than just the name.
Related command
az containerapp hostname bind -g $RESOURCE_GROUP -n $CONTAINER_APP_NAME --hostname $CUSTOM_DOMAIN --environment $CONTAINER_APP_ENV_NAME --certificate $MANAGED_CERTIFICATE_NAME
Errors
The certificate '$MANAGED_CERTIFICATE_NAME' does not exist in Container app environment '$CONTAINER_APP_ENV_NAME'.
Issue script & Debug output
az containerapp hostname bind -g *** -n *** --hostname *** --environment *** --certificate *** --debug
....
cli.azure.cli.core.util: Request URL: 'https://management.azure.com/subscriptions/***/resourceGroups/***/providers/Microsoft.App/managedEnvironments/***/certificates/***?api-version=2024-03-01'
cli.azure.cli.core.util: Request method: 'GET'
cli.azure.cli.core.util: Request headers:
cli.azure.cli.core.util: 'User-Agent': 'python/3.11.8 (Windows-10-10.0.22631-SP0) AZURECLI/2.61.0 (MSI)'
cli.azure.cli.core.util: 'Accept-Encoding': 'gzip, deflate'
cli.azure.cli.core.util: 'Accept': '/'
cli.azure.cli.core.util: 'Connection': 'keep-alive'
cli.azure.cli.core.util: 'x-ms-client-request-id': 'd92561db-81b7-40ce-a61b-d40c45a0d5af'
cli.azure.cli.core.util: 'CommandName': 'containerapp hostname bind'
cli.azure.cli.core.util: 'ParameterSetName': '-g -n --hostname --environment --certificate --debug'
cli.azure.cli.core.util: 'Authorization': 'Bearer eyJ0eXAiOiJKV...'
cli.azure.cli.core.util: Request body:
cli.azure.cli.core.util: None
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions//resourceGroups//providers/Microsoft.App/managedEnvironments//certificates/?api-version=2024-03-01 HTTP/1.1" 404 321
cli.azure.cli.core.util: Response status: 404
cli.azure.cli.core.util: Response headers:
cli.azure.cli.core.util: 'Cache-Control': 'no-cache'
cli.azure.cli.core.util: 'Pragma': 'no-cache'
cli.azure.cli.core.util: 'Content-Length': '321'
cli.azure.cli.core.util: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.util: 'Expires': '-1'
cli.azure.cli.core.util: 'x-ms-failure-cause': 'gateway'
cli.azure.cli.core.util: 'x-ms-request-id': 'eee5e6b2-e59e-4763-8781-cc062addfbbe'
cli.azure.cli.core.util: 'x-ms-correlation-request-id': 'eee5e6b2-e59e-4763-8781-cc062addfbbe'
cli.azure.cli.core.util: 'x-ms-routing-request-id': 'UKSOUTH:20240606T154437Z:eee5e6b2-e59e-4763-8781-cc062addfbbe'
cli.azure.cli.core.util: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.util: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.util: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.util: 'X-MSEdge-Ref': 'Ref A: CB3AA910CBA24C92A0A0532C8B8157BA Ref B: AMS231032607023 Ref C: 2024-06-06T15:44:37Z'
cli.azure.cli.core.util: 'Date': 'Thu, 06 Jun 2024 15:44:37 GMT'
cli.azure.cli.core.util: Response content:
cli.azure.cli.core.util: {"error":{"code":"ResourceNotFound","message":"The Resource 'Microsoft.App/managedEnvironments//certificates/' under resource group '' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix"}}
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 664, in execute
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 731, in _run_jobs_serially
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 723, in _run_job
File "C:\Users*.azure\cliextensions\containerapp\azext_containerapp_client_factory.py", line 28, in _polish_bad_errors
raise ex
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 701, in _run_job
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 334, in call
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 121, in handler
File "C:\Users*.azure\cliextensions\containerapp\azext_containerapp\custom.py", line 1338, in bind_hostname
return bind_hostname_logic(cmd=cmd, resource_group_name=resource_group_name, name=name, hostname=hostname, thumbprint=thumbprint, certificate=certificate, location=location, environment=environment, validation_method=validation_method)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/containerapp/custom.py", line 3895, in bind_hostname_logic
azure.cli.core.azclierror.ResourceNotFoundError: The certificate '' does not exist in Container app environment '*'.
cli.azure.cli.core.azclierror: The certificate '' does not exist in Container app environment ''.
Expected behavior
The command should look for the certificate in both the certificates and managedCertificates endpoints.
Environment Summary
azure-cli 2.61.0
core 2.61.0
telemetry 1.1.0
Extensions:
containerapp 0.3.52
Dependencies:
msal 1.28.0
azure-mgmt-resource 23.1.1
Additional context
No response
The text was updated successfully, but these errors were encountered: