Not able to create multiple custom domain names for API Management with api_management_custom_domain resource

Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.5.4

AzureRM Provider Version

3.114.0

Affected Resource(s)/Data Source(s)

api_management_custom_domain

Terraform Configuration Files

variable "gateway_custom_domains" {
  description = "List of custom domains for the Gateway."
  type = list(object({
    host_name                    = string
    certificate_id               = string
    negotiate_client_certificate = optional(bool, false)
    default_ssl_binding          = optional(bool, false)
    })
  )
  default = []
}

resource "azurerm_api_management_custom_domain" "gateway" {
  for_each   = { for domain in var.gateway_custom_domains : domain.host_name => domain }
  api_management_id = azurerm_api_management.apim.id

  gateway {
    host_name                   = each.value.host_name
    key_vault_id                = each.value.certificate_id
    negotiate_client_certificate = try(each.value.negotiate_client_certificate, false)
    default_ssl_binding          = try(each.value.default_ssl_binding, false)
  }
}

module "apim_01" {
  source              = ...

  ...

  gateway_custom_domains = [
    {
      host_name = "gw1.example.com"
      certificate_id = azurerm_key_vault_certificate.apimgw1.versionless_secret_id
      negotiate_client_certificate    = false
      default_ssl_binding             = true
    },
    {
      host_name = "gw2.example.com"
      certificate_id = azurerm_key_vault_certificate.apimgw2.versionless_secret_id
      negotiate_client_certificate    = false
      default_ssl_binding             = false
}

Debug Output/Panic Output

│ Error: creating/updating Custom Domain: (Name "default" / Service Name "apim-weu-01" / Resource Group "rg-weu-01"): performing CreateOrUpdate: unexpected status 409 (409 Conflict) with error: ServiceLocked: The API Service apim-weu-01 is transitioning at this time. Please try the request again later. 
1865│ 
1866│ with module.apim_01.azurerm_api_management_custom_domain.custom_domains["gw2.example.com"], 
1867│ on .terraform/modules/apim_01/custom-domains.tf line 1, in resource "azurerm_api_management_custom_domain" "custom_domains": 
1868│ 1: resource "azurerm_api_management_custom_domain" "custom_domains" { 
1869│ 
1870╵ 
1871Error: Terraform exited with code 1. 
1872Error: Process completed with exit code 1.

Expected Behaviour

When multiple custom domain names objects are passed to the module it should create multiple custom domain names initiating the calls for the next one when the apim instance is available again to prevent conflicts.

Actual Behaviour

It always starting all the custom domain names in parallel and then just the first one is created and the other(s) fail9s) with a 409 Conflict Error because the APIM instance is in transitioning status. Terraform currently doesn´t support any way of creating instances sequentially using for_each.

Steps to Reproduce

declare apim instance as in the documentation
declare the certificates required as in the documentation
declare the api_management_custom_domain and the list of objects variable with a for_each to iterate and create multiple custom domain names
call the module passing the required arguments
apply the confi1guration

Important Factoids

No response

References

No response

hashicorp / terraform-provider-azurerm