[App Service] az webapp config ssl list: List site-scoped certificates for Flex Consumption apps#33571
Open
ElleTojaroon wants to merge 2 commits into
Open
[App Service] az webapp config ssl list: List site-scoped certificates for Flex Consumption apps#33571ElleTojaroon wants to merge 2 commits into
az webapp config ssl list: List site-scoped certificates for Flex Consumption apps#33571ElleTojaroon wants to merge 2 commits into
Conversation
️✔️AzureCLI-FullTest
|
️✔️AzureCLI-BreakingChangeTest
|
microsoft-github-policy-service
Bot
requested review from
jsntcy,
wangzelin007,
yanzhudd,
yonzhan and
zhoxing-ms
microsoft-github-policy-service
Bot
added
Web Apps
Contributor
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
This PR updates SSL certificate listing to include per-site certificates for Flex Consumption function apps so az webapp config ssl list returns a complete view within a resource group.
Changes:
- Expands resource-group certificate listing to also enumerate web apps in the RG.
- Detects Flex Consumption function apps and merges their site-level certificates into the result set.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+6853
to
+6855
| for app in client.web_apps.list_by_resource_group(resource_group_name): | ||
| if app.kind and 'functionapp' in app.kind and \n is_flex_functionapp(cmd.cli_ctx, resource_group_name, app.name): | ||
| certs.extend(client.site_certificates.list(resource_group_name=resource_group_name, name=app.name)) |
| # Resource-group-level listing. Classic certificates are managed at the resource group level, | ||
| # but certificates for Flex Consumption function apps are stored per-site and are not returned | ||
| # by certificates.list_by_resource_group. Include those so the listing is complete. | ||
| certs = list(client.certificates.list_by_resource_group(resource_group_name)) |
| for app in client.web_apps.list_by_resource_group(resource_group_name): | ||
| if app.kind and 'functionapp' in app.kind and \n is_flex_functionapp(cmd.cli_ctx, resource_group_name, app.name): | ||
| certs.extend(client.site_certificates.list(resource_group_name=resource_group_name, name=app.name)) | ||
| return certs |
| # by certificates.list_by_resource_group. Include those so the listing is complete. | ||
| certs = list(client.certificates.list_by_resource_group(resource_group_name)) | ||
| for app in client.web_apps.list_by_resource_group(resource_group_name): | ||
| if app.kind and 'functionapp' in app.kind and \n is_flex_functionapp(cmd.cli_ctx, resource_group_name, app.name): |
Collaborator
|
webapp |
Contributor
Author
|
Thanks for the review. Pushed a fix:
On the |
yanzhudd
changed the title
az webapp config ssl listaz webapp config ssl list: List site-scoped certificates for Flex Consumption apps
Contributor
|
Please follow the instruction in future PRs: https://github.com/Azure/azure-cli/tree/dev/doc/authoring_command_modules#submitting-pull-requests |
Contributor
|
Please fix the style check failures. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
az webapp config ssl list --resource-group <rg>(without--name) only enumerates classic resource-group-scoped certificates viacertificates.list_by_resource_group. Certificates for Flex Consumption function apps are stored per-site asMicrosoft.Web/sites/{app}/certificatesand are only reachable through thesite_certificatesAPI, whichlist_ssl_certsqueries solely when--nameis supplied (and that argument is restricted to Flex apps). As a result a certificate that is imported and bound to a Flex Consumption function app does not appear in the resource-group-level listing at all, even though it exists and is in use.This change makes the resource-group-level listing also enumerate the site-scoped certificates for any Flex Consumption function app in the resource group, so the output is complete.
Testing
Reproduced by importing a Key Vault certificate to a Flex Consumption (FC1) function app:
az webapp config ssl list --resource-group <rg>returned an empty list while the certificate was present (Microsoft.Web/sites/{app}/certificates) and bound. With this change the certificate is listed.Draft pending changelog and test additions.