SSL upload, bind, unbind commands broken when a web app and its service plan are in different resource groups

[phekmat]

Environment summary

Install Method: How did you install the CLI? (e.g. pip, interactive script, apt-get, Docker, MSI, nightly)
Interactive
CLI Version: What version of the CLI and modules are installed? (Available with az --version)
2.0.2
OS Version: What OS and version are you using?
Mac OSX 10.11.6
Shell Type: What shell are you using? (e.g. bash, cmd.exe, PowerShell)
Bash

Description

When an app service plan is in resource group A and the web app is in resource group B, the az appservice web config ssl bind|unbind|upload commands will not work as expected. You'll be able to upload, but not bind or unbind any certs.

Judging from how the Azure Portal behaves, the commands should be using the resource group of the app service plan rather than the web app for storing/retrieving the cert, e.g.

azure-cli/src/command_modules/azure-cli-appservice/azure/cli/command_modules/appservice/custom.py

Line 851 in 2793bcd

def upload_ssl_cert(resource_group_name, name, certificate_password, certificate_file):

should look more like

def upload_ssl_cert(resource_group_name, name, certificate_password, certificate_file):
    client = web_client_factory()
    webapp = _generic_site_operation(resource_group_name, name, 'get')
    cert_resource_group_name = _get_resource_group_name_by_resource_id(webapp.server_farm_id)
    cert_file = open(certificate_file, 'rb')
    cert_contents = cert_file.read()
    hosting_environment_profile_param = webapp.hosting_environment_profile
    if hosting_environment_profile_param is None:
        hosting_environment_profile_param = ""

    thumb_print = _get_cert(certificate_password, certificate_file)
    cert_name = _generate_cert_name(thumb_print, hosting_environment_profile_param,
                                    webapp.location, cert_resource_group_name)
    cert = Certificate(password=certificate_password, pfx_blob=cert_contents,
                       location=webapp.location)
    return client.certificates.create_or_update(cert_resource_group_name, cert_name, cert)

def _get_resource_group_name_by_resource_id(resource_id):
    '''Returns the resource group name from parsing the resource id.
    :param str resource_id: The resource id
    '''
    resource_id = resource_id.lower()
    resource_group_keyword = '/resourcegroups/'
    return resource_id[resource_id.index(resource_group_keyword) + len(resource_group_keyword):
                       resource_id.index('/providers/')]