Move hosting environment profile set

Update docs
hashicorp · May 26, 2020 · 525648f · 525648f
1 parent 0600f5a
commit 525648f
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 9 deletions.
diff --git a/azurerm/internal/services/web/resource_arm_app_service_certificate.go b/azurerm/internal/services/web/resource_arm_app_service_certificate.go
@@ -139,13 +139,6 @@ func resourceArmAppServiceCertificateCreateUpdate(d *schema.ResourceData, meta i
 	hostingEnvironmentProfileId := d.Get("hosting_environment_profile_id").(string)
 	t := d.Get("tags").(map[string]interface{})
 
-	var hep *web.HostingEnvironmentProfile
-	if len(hostingEnvironmentProfileId) > 0 {
-		hep = &web.HostingEnvironmentProfile{
-			ID: &hostingEnvironmentProfileId,
-		}
-	}
-
 	if pfxBlob == "" && keyVaultSecretId == "" {
 		return fmt.Errorf("Either `pfx_blob` or `key_vault_secret_id` must be set")
 	}
@@ -165,13 +158,18 @@ func resourceArmAppServiceCertificateCreateUpdate(d *schema.ResourceData, meta i
 
 	certificate := web.Certificate{
 		CertificateProperties: &web.CertificateProperties{
-			Password:                  utils.String(password),
-			HostingEnvironmentProfile: hep,
+			Password: utils.String(password),
 		},
 		Location: utils.String(location),
 		Tags:     tags.Expand(t),
 	}
 
+	if len(hostingEnvironmentProfileId) > 0 {
+		certificate.CertificateProperties.HostingEnvironmentProfile = &web.HostingEnvironmentProfile{
+			ID: &hostingEnvironmentProfileId,
+		}
+	}
+
 	if pfxBlob != "" {
 		decodedPfxBlob, err := base64.StdEncoding.DecodeString(pfxBlob)
 		if err != nil {

diff --git a/website/docs/r/app_service_certificate.html.markdown b/website/docs/r/app_service_certificate.html.markdown
@@ -47,6 +47,8 @@ The following arguments are supported:
 
 * `password` - (Optional) The password to access the certificate's private key. Changing this forces a new resource to be created.
 
+* `hosting_environment_profile_id` - (Optional) Must be specified when the certificate is for an App Service Environment hosted App Service. Changing this forces a new resource to be created.
+
 * `key_vault_secret_id` - (Optional) The ID of the Key Vault secret. Changing this forces a new resource to be created.
 
 -> **NOTE:** If using `key_vault_secret_id`, the WebApp Service Resource Principal ID `abfa0a7c-a6b6-4736-8310-5855508787cd` must have 'Secret -> get' and 'Certificate -> get' permissions on the Key Vault containing the certificate. (Source: [App Service Blog](https://azure.github.io/AppService/2016/05/24/Deploying-Azure-Web-App-Certificate-through-Key-Vault.html)) If you use Terraform to create the access policy you have to specify the Object ID of this Principal. This Object ID can be retrieved via following data reference, since it is different in every AAD Tenant: