`azurerm_web_pubsub_custom_certificate` - performing CustomCertificatesCreateOrUpdate: unexpected status 409 (409 Conflict) with error: Conflict: The resource is not in succeeded state

[mikemadeja]

Is there an existing issue for this?

• I have searched the existing issues

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.47

AzureRM Provider Version

3.101

Affected Resource(s)/Data Source(s)

azurerm_web_pubsub_custom_certificate

Terraform Configuration Files

I am using this along with cloudflare DNS to create a CNAME


data "azurerm_client_config" "current" {}

resource "azurerm_resource_group" "example" {
  name     = "example-resources"
  location = "West Europe"
}

resource "azurerm_web_pubsub_service" "example" {
  name                = "example-webpubsub"
  location            = azurerm_resource_group.test.location
  resource_group_name = azurerm_resource_group.test.name

  sku {
    name     = "Premium_P1"
    capacity = 1
  }

  identity {
    type = "SystemAssigned"
  }
}

resource "azurerm_key_vault" "example" {
  name                = "examplekeyvault"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  tenant_id           = data.azurerm_client_config.current.tenant_id
  sku_name            = "premium"

  access_policy {
    tenant_id = data.azurerm_client_config.current.tenant_id
    object_id = data.azurerm_client_config.current.object_id

    certificate_permissions = [
      "Create",
      "Get",
      "List",
    ]

    secret_permissions = [
      "Get",
      "List",
    ]
  }

  access_policy {
    tenant_id = data.azurerm_client_config.current.tenant_id
    object_id = azurerm_web_pubsub_service.test.identity[0].principal_id

    certificate_permissions = [
      "Create",
      "Get",
      "List",
    ]

    secret_permissions = [
      "Get",
      "List",
    ]
  }
}

resource "azurerm_key_vault_certificate" "example" {
  name         = "imported-cert"
  key_vault_id = azurerm_key_vault.example.id

  certificate {
    contents = filebase64("certificate-to-import.pfx")
    password = ""
  }
}

resource "azurerm_web_pubsub_custom_certificate" "test" {
  name                  = "example-cert"
  web_pubsub_id         = azurerm_web_pubsub_service.example.id
  custom_certificate_id = azurerm_key_vault_certificate.example.id

  depends_on = [azurerm_key_vault_access_policy.example]
}

### Debug Output/Panic Output

```shell
CustomCertificatesCreateOrUpdate: unexpected status 409 (409 Conflict) with error: Conflict: The resource is not in succeeded state

If I re-run the terraform apply, it works on second time and finishes.
I can add sleep for 30 seconds so azurerm_web_pubsub_custom_certificate is delayed and it works.

Expected Behaviour

The certificate should get added

Actual Behaviour

It fails and doesn't load

Steps to Reproduce

No response

Important Factoids

No response

References

No response