Azure Question posted in
The official documentation to get you started can be found here.

Azure – Terraform azapi_resource for Microsoft.Web/certificates@2021-02-01 no longer working

I am using Terraform 1.8.0.

I am trying to create a Azure Managed cert. based on a cert. held in a Azure Key-Vault (stored as a secret).

Terraform locals file…

az_managed_ssl_cert_name = "ssl-wildcard-ds-UK-ABC-certabcdefghijkl"

Terraform main.tf…

    # ASP for Re-Id Function-Apps
module "app_service_plan_03" {
  source               = "../../resource_modules/app_service_plan"
  os_type              = var.os_type_fapps_re_id
  sku_name             = var.sku_name_fapps_re_id
  location             = var.location
  rg                   = local.re_id_rg_name
  name                 = local.app_service_plan_03
  max_worker_count     = var.max_app_service_plan_01_worker_count_re_id
  min_worker_count     = var.min_app_service_plan_01_worker_count_re_id
  law_id               = data.azurerm_log_analytics_workspace.law.id
  enable_resource_lock = var.re_id_enable_asp_resource_lock
}



resource "azapi_resource" "cert" {
          depends_on = [data.azurerm_subscription.current]
          type       = "Microsoft.Web/certificates@2021-02-01"
          name       = var.cert_name
          parent_id  = local.certificate_resource_group # Resource Group name where certificate is created.
    
      body = jsonencode({
        "location" : var.location,
        "properties" : {
          "serverFarmId" : data.azurerm_service_plan.asp.id,
          "keyVaultId" : data.azurerm_key_vault.kv_certs.id, # The Azure Key vault that stores the SSL certificates is in the 'Production' subscription.
          "keyVaultSecretName" : local.az_managed_ssl_cert_name
        }
      })
    }

When I build the Terraform it reports an error. I then stripped the code back to just…

    resource "azapi_resource" "cert" {
  depends_on = [data.azurerm_subscription.current, module.app_service_plan_03, data.azurerm_key_vault.kv_certs]
  type       = "Microsoft.Web/certificates@2021-02-01"
  name       = local.cert_name
  parent_id  = module.create_resource_group.id

  body = jsonencode({
    "location" : var.location,
    "properties" : {
      "keyVaultSecretName" : "abcdef"
    }
  })
}

The error reported is with the body…

    │ Error: Invalid body
    │ 
    │   with azapi_resource.cert,
    │   on main.tf line 206, in resource "azapi_resource" "cert":
    │  206: resource "azapi_resource" "cert" {
    │ 
    │ The argument "body" is invalid: unmarshaling failed: value:
    │ "{"location":"uksouth","properties":{"keyVaultSecretName":"abcdef"}}",
    │ err: json: cannot unmarshal string into Go value of type
    │ map[string]interface {}
    ╵
    ╷
    │ Error: Invalid Type
    │ 
    │   with azapi_resource.cert,
    │   on main.tf line 212, in resource "azapi_resource" "cert":
    │  212:   body = jsonencode({
    │  213:     "location" : var.location,
    │  214:     "properties" : {
    │  215:       "keyVaultSecretName" : "abcdef"
    │  216:     }
    │  217:   })

│ 
│ The value must not be a string

I don’t understand where I am going wrong – any advice would be appreciated?

Tags:

2

Answers


  1. 0

    I encountered a similar error on another resource.

    Recently (21-10-2024) a new version of the azapi provider has been released (2.0.1) try fixing the version to 1.15.0.

    azapi = {
  source = "azure/azapi"
  version = "1.15.0"
}
    Login or Signup to reply.
  2. 0

    The answer provided by ‘Nthrack’ fixed the issue.

    Upgrade azapi to 1.15.0.

    azapi = {
  source = "azure/azapi"
  version = "1.15.0"
}

    I have tried to award the points ‘Nthrack’ but can’t seem to do this.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search