从Terraform脚本打开Azure Active Directory的“应用程序服务身份验证" [英] Turn on 'App Service Authentication' for Azure Active Directory from terraform script
问题描述
需要从我的terraform脚本中为Active Directory启用应用程序服务身份验证".
当我使用我正在创建的app_service的client_id将auth_settings部分添加到我的azurerm_app_service资源中时,出现错误
不允许自我参考"
有道理,但是我是否要为正在创建的商品打开身份验证?
名称="$ {var.prefix}-$ {var.environment_code}-$ {var.environment_segment_code} -web"location ="$ {azurerm_resource_group.my_resource_group.location}"resource_group_name ="$ {azurerm_resource_group.my_resource_group.name}"app_service_plan_id ="$ {azurerm_app_service_plan.my_app_service_plan.id}"app_settings = {APPINSIGHTS_INSTRUMENTATIONKEY ="$ {azurerm_application_insights.my_insights.instrumentation_key}"}标签= {my-Environment ="$ {var.environment}"my-Location ="$ {var.country}"my-Stack ="$ {var.stack}"}生命周期 {ignore_changes = ["app_settings"]}auth_settings {启用=真活动目录 {client_id ="$ {azurerm_app_service.web.client_id}"}default_provider ="AzureActiveDirectory"}}`我希望在地形转换时为我的网站启用广告身份验证. 来自
Need to turn on 'App Service Authentication' for Active Directory from my terraform script.
When I add the auth_settings section to my azurerm_app_service resource using the client_id of the app_service I am creating I get the error
'self reference not allowed'
Makes sense but then were to I turn on authentication for the item I am creating?
name = "${var.prefix}-${var.environment_code}-${var.environment_segment_code}-web"
location = "${azurerm_resource_group.my_resource_group.location}"
resource_group_name = "${azurerm_resource_group.my_resource_group.name}"
app_service_plan_id = "${azurerm_app_service_plan.my_app_service_plan.id}"
app_settings = {
APPINSIGHTS_INSTRUMENTATIONKEY = "${azurerm_application_insights.my_insights.instrumentation_key}"
}
tags = {
my-Environment = "${var.environment}"
my-Location = "${var.country}"
my-Stack = "${var.stack}"
}
lifecycle {
ignore_changes = [
"app_settings"
]
}
auth_settings {
enabled = true
active_directory {
client_id = "${azurerm_app_service.web.client_id}"
}
default_provider = "AzureActiveDirectory"
}
}```
I'd like to have ad authentication enabled for my website when I terraform.
From azurerm_app_service
A active_directory block supports the following:
client_id - (Required) The Client ID of this relying party application. Enables OpenIDConnection authentication with Azure Active Directory.
There is no direct client_id attribute in the azurerm_app_service block, you need to register the App Service app in Azure Active Directory then add the Application (client) ID on the Azure portal in the active_directory block. See the details about configure your App Service app to use Azure Active Directory sign-in.
The Azure Active Directory resources have been split out into a new AzureAD Provider - as such the AzureAD resources within the AzureRM Provider are deprecated and will be removed in the next major version (2.0). You could do it with azuread_application block.
For example, this works for me with Terraform v0.12.5 + provider.azuread v0.5.1 + provider.azurerm v1.32.0
# Configure the Microsoft Azure Active Directory Provider
provider "azuread" {
version = "~> 0.3"
}
# Create an application
resource "azuread_application" "example" {
name = "${var.prefix}-app-service"
homepage = "https://${var.prefix}-app-service"
identifier_uris = ["https://${var.prefix}-app-service"]
reply_urls = ["https://${var.prefix}-app-service.azurewebsites.net/.auth/login/aad/callback"]
available_to_other_tenants = false
oauth2_allow_implicit_flow = true
}
and
auth_settings {
enabled = true
active_directory {
client_id = "${azuread_application.example.application_id}"
}
default_provider = "AzureActiveDirectory"
issuer = "https://sts.windows.net/xxxxxxx-xxxx-xxx-xxxx-xxxtenantID/"
}
Result
这篇关于从Terraform脚本打开Azure Active Directory的“应用程序服务身份验证"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
