Skip to content

[App Service] Fix #29403, #28722, #27950, #30357, #18697: SSL cert pagination, bind, and --wait flag #33058

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
seligj95 wants to merge 6 commits into
base: dev
Choose a base branch
from
+304 −34
Open

[App Service] Fix #29403, #28722, #27950, #30357, #18697: SSL cert pagination, bind, and --wait flag #33058

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
e0c957a
[App Service] Fix #29403, #28722, #27950: Fix SSL certificate pagination
seligj95 Mar 26, 2026
63ce9a1
Address Copilot review: add early break in _update_ssl_binding, impro…
seligj95 Mar 26, 2026
be2f4ca
[App Service] Fix #30357: `az webapp config ssl bind`: Use full Site …
seligj95 Mar 26, 2026
84e3c7a
Address review: fetch slot Site and use property assertions
seligj95 Mar 26, 2026
77a5431
[App Service] Fix #18697: `az webapp config ssl create`: Add `--wait`…
seligj95 Mar 26, 2026
cf391c1
Address review: lazy iteration, early break, fix recording for get_slot
seligj95 Mar 26, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions src/azure-cli/azure/cli/command_modules/appservice/_help.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1776,6 +1776,8 @@
examples:
- name: Create a Managed Certificate for cname.mycustomdomain.com.
text: az webapp config ssl create --resource-group MyResourceGroup --name MyWebapp --hostname cname.mycustomdomain.com
- name: Create a Managed Certificate and wait for it to complete (up to 10 minutes).
text: az webapp config ssl create --resource-group MyResourceGroup --name MyWebapp --hostname cname.mycustomdomain.com --wait
"""

helps['webapp config storage-account'] = """
Expand Down
3 changes: 3 additions & 0 deletions src/azure-cli/azure/cli/command_modules/appservice/_params.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -521,6 +521,9 @@ def load_arguments(self, _):
c.argument('hostname', help='The custom domain name')
c.argument('name', options_list=['--name', '-n'], help='Name of the web app.')
c.argument('resource-group', options_list=['--resource-group', '-g'], help='Name of resource group.')
c.argument('wait', options_list=['--wait'], action='store_true', default=False,
help='Wait up to 10 minutes for the certificate to be created. '
'Returns an error if creation times out instead of silently returning.')
with self.argument_context(scope + ' config hostname') as c:
c.argument('hostname', completer=get_hostname_completion_list,
help="hostname assigned to the site, such as custom domains", id_part='child_name_1')
Expand Down
46 changes: 27 additions & 19 deletions src/azure-cli/azure/cli/command_modules/appservice/custom.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5860,7 +5860,7 @@ def _get_cert(certificate_password, certificate_file):

def list_ssl_certs(cmd, resource_group_name):
client = web_client_factory(cmd.cli_ctx)
return client.certificates.list_by_resource_group(resource_group_name)
return list(client.certificates.list_by_resource_group(resource_group_name))


def show_ssl_cert(cmd, resource_group_name, certificate_name):
Expand All @@ -5870,8 +5870,7 @@ def show_ssl_cert(cmd, resource_group_name, certificate_name):

def delete_ssl_cert(cmd, resource_group_name, certificate_thumbprint):
client = web_client_factory(cmd.cli_ctx)
webapp_certs = client.certificates.list_by_resource_group(resource_group_name)
for webapp_cert in webapp_certs:
for webapp_cert in client.certificates.list_by_resource_group(resource_group_name):
if webapp_cert.thumbprint == certificate_thumbprint:
return client.certificates.delete(resource_group_name, webapp_cert.name)
raise ResourceNotFoundError("Certificate for thumbprint '{}' not found".format(certificate_thumbprint))
Expand Down Expand Up @@ -5960,7 +5959,7 @@ def import_ssl_cert(cmd, resource_group_name, key_vault, key_vault_certificate_n
certificate_envelope=kv_cert_def)


def create_managed_ssl_cert(cmd, resource_group_name, name, hostname, slot=None, certificate_name=None):
def create_managed_ssl_cert(cmd, resource_group_name, name, hostname, slot=None, certificate_name=None, wait=False):
Certificate = cmd.get_models('Certificate')
hostname = hostname.lower()
client = web_client_factory(cmd.cli_ctx)
Expand Down Expand Up @@ -5997,7 +5996,8 @@ def create_managed_ssl_cert(cmd, resource_group_name, name, hostname, slot=None,
poll_url = ex.response.headers['Location'] if 'Location' in ex.response.headers else None
if ex.response.status_code == 202 and poll_url:
r = send_raw_request(cmd.cli_ctx, method='get', url=poll_url)
poll_timeout = time.time() + 60 * 2 # 2 minute timeout
poll_timeout_minutes = 10 if wait else 2
poll_timeout = time.time() + 60 * poll_timeout_minutes

while r.status_code != 200 and time.time() < poll_timeout:
time.sleep(5)
Expand All @@ -6008,6 +6008,11 @@ def create_managed_ssl_cert(cmd, resource_group_name, name, hostname, slot=None,
return r.json()
except ValueError:
return r.text
if wait:
raise CLIError("Managed Certificate creation for '{}' timed out after {} minutes. "
"Check status with 'az webapp config ssl show -g {} "
"--certificate-name {}'.".format(hostname, poll_timeout_minutes,
resource_group_name, certificate_name))
logger.warning("Managed Certificate creation in progress. Please use the command "
"'az webapp config ssl show -g %s --certificate-name %s' "
" to view your certificate once it is created", resource_group_name, certificate_name)
Expand Down Expand Up @@ -6042,40 +6047,43 @@ def _check_service_principal_permissions(cmd, resource_group_name, key_vault_nam

def _update_host_name_ssl_state(cmd, resource_group_name, webapp_name, webapp,
host_name, ssl_state, thumbprint, slot=None):
Site, HostNameSslState = cmd.get_models('Site', 'HostNameSslState')
updated_webapp = Site(host_name_ssl_states=[HostNameSslState(name=host_name,
ssl_state=ssl_state,
thumbprint=thumbprint,
to_update=True)],
location=webapp.location, tags=webapp.tags)
HostNameSslState = cmd.get_models('HostNameSslState')
webapp.host_name_ssl_states = [HostNameSslState(name=host_name,
ssl_state=ssl_state,
thumbprint=thumbprint,
to_update=True)]
return _generic_site_operation(cmd.cli_ctx, resource_group_name, webapp_name, 'begin_create_or_update',
slot, updated_webapp)
slot, webapp)


def _update_ssl_binding(cmd, resource_group_name, name, certificate_thumbprint, ssl_type, hostname, slot=None):
client = web_client_factory(cmd.cli_ctx)
webapp = client.web_apps.get(resource_group_name, name)
if slot:
webapp = client.web_apps.get_slot(resource_group_name, name, slot)
else:
webapp = client.web_apps.get(resource_group_name, name)
if not webapp:
raise ResourceNotFoundError("'{}' app doesn't exist".format(name))

cert_resource_group_name = parse_resource_id(webapp.server_farm_id)['resource_group']
webapp_certs = client.certificates.list_by_resource_group(cert_resource_group_name)

found_cert = None
# search for a cert that matches in the app service plan's RG
for webapp_cert in webapp_certs:
for webapp_cert in client.certificates.list_by_resource_group(cert_resource_group_name):
if webapp_cert.thumbprint == certificate_thumbprint:
found_cert = webapp_cert
break
# search for a cert that matches in the webapp's RG
if not found_cert:
webapp_certs = client.certificates.list_by_resource_group(resource_group_name)
for webapp_cert in webapp_certs:
for webapp_cert in client.certificates.list_by_resource_group(resource_group_name):
if webapp_cert.thumbprint == certificate_thumbprint:
found_cert = webapp_cert
break
# search for a cert that matches in the subscription, filtering on the serverfarm
if not found_cert:
sub_certs = client.certificates.list(filter=f"ServerFarmId eq '{webapp.server_farm_id}'")
found_cert = next(iter([c for c in sub_certs if c.thumbprint == certificate_thumbprint]), None)
found_cert = next((c for c in client.certificates.list(
filter=f"ServerFarmId eq '{webapp.server_farm_id}'")
if c.thumbprint == certificate_thumbprint), None)
if found_cert:
if not hostname:
if len(found_cert.host_names) == 1 and not found_cert.host_names[0].startswith('*'):
Expand Down
Loading
Loading