Search code examples
azuressl-certificateazure-bicepazure-container-apps

Managed certificate azure container environment

I am using managed certificates for my Azure Container Apps. I use Bicep to deploy the resources into Azure. However, I am getting the following error when I deploy subsequent releases (I have redacted the actual names of the resources.:

":"Another managed certificate with subject name 'redacted' and certificate name 'redacted' available in environment 'redacted'"

Below is the code from my Bicep file for deploying the app environment. Does anyone know how to prevent this and ensure the cert creation is idempotent?:

param namePrefix string
param location string
param lawClientId string
param apiHostName string

@secure()
param lawClientSecret string

resource env 'Microsoft.App/managedEnvironments@2023-05-01' = {
  name: '${namePrefix}-env'
  location: location

  properties: {
    appLogsConfiguration: {
      destination: 'log-analytics'
      logAnalyticsConfiguration: {
        customerId: lawClientId
        sharedKey: lawClientSecret
      }
    }

  }
}

resource managedCert 'Microsoft.App/managedEnvironments/managedCertificates@2023-05-02-preview' = {
  parent: env
  location: location
  name: 'ta-cert'
  properties: {
    subjectName: apiHostName
    domainControlValidation: 'CNAME'
    
  }
}

output id string = env.id
output certificateId string = managedCert.id
Solution

  • How to prevent this and ensure the cert creation is idempotent:

    To meet your requirement, I used if(!resourceExists) condition to check if the managed certificate is already existed or not.

    Modified code:

    param namePrefix string = 'xx'
param location string = resourceGroup().location
param apiHostName string = 'newh'
var  resourceExists= 'existed resource here'
param name string = 'jahnelaw'

resource law 'Microsoft.OperationalInsights/workspaces@2020-03-01-preview' = {
  name: name
  location: location
  properties: any({
    retentionInDays: 30
    features: {
      searchVersion: 1
    }
    sku: {
      name: 'PerGB2018'
    }
  })
}
output clientId string = law.properties.customerId
output clientSecret string = law.listKeys().primarySharedKey

resource env 'Microsoft.App/managedEnvironments@2023-05-01' = {
  name: '${namePrefix}-env'
  location: location

  properties: {
    appLogsConfiguration: {
      destination: 'log-analytics'
      logAnalyticsConfiguration: {
        customerId: law.properties.customerId
        sharedKey: law.listKeys().primarySharedKey
      }
    }

  }
}

resource managedCert 'Microsoft.App/managedEnvironments/managedCertificates@2023-05-02-preview' = if(!resourceExists){
  parent: env
  location: location
  name: 'ta-cert'
  properties: {
    subjectName: apiHostName
    domainControlValidation: 'CNAME'
    
  }
}

    Deployment succeeded:

    enter image description here

    Refer blog by @Alex for other similar approaches.