问题描述

需要从我的 terraform 脚本中为 Active Directory 开启应用服务身份验证".

当我使用正在创建的 app_service 的 client_id 将 auth_settings 部分添加到我的 azurerm_app_service 资源时，我收到了错误

'不允许自引用'

有道理，但我要为我正在创建的项目打开身份验证吗?

 name = "${var.prefix}-${var.environment_code}-${var.environment_segment_code}-web"位置 = "${azurerm_resource_group.my_resource_group.location}"resource_group_name = "${azurerm_resource_group.my_resource_group.name}"app_service_plan_id = "${azurerm_app_service_plan.my_app_service_plan.id}"app_settings = {APPINSIGHTS_INSTRUMENTATIONKEY = "${azurerm_application_insights.my_insights.instrumentation_key}"}标签 = {我的环境 = "${var.environment}"我的位置 = "${var.country}"我的堆栈 = "${var.stack}"}生命周期 {忽略更改 = [应用程序设置"]}auth_settings {启用 = 真活动目录 {client_id = "${azurerm_app_service.web.client_id}"}default_provider = "AzureActiveDirectory"}}```我想在 terraform 时为我的网站启用广告身份验证.

来自

Need to turn on 'App Service Authentication' for Active Directory from my terraform script.

When I add the auth_settings section to my azurerm_app_service resource using the client_id of the app_service I am creating I get the error

'self reference not allowed'

Makes sense but then were to I turn on authentication for the item I am creating?

  name                = "${var.prefix}-${var.environment_code}-${var.environment_segment_code}-web"
  location            = "${azurerm_resource_group.my_resource_group.location}"
  resource_group_name = "${azurerm_resource_group.my_resource_group.name}"
  app_service_plan_id = "${azurerm_app_service_plan.my_app_service_plan.id}"

  app_settings = {
    APPINSIGHTS_INSTRUMENTATIONKEY = "${azurerm_application_insights.my_insights.instrumentation_key}"
  }

  tags = {
    my-Environment = "${var.environment}"
    my-Location    = "${var.country}"
    my-Stack       = "${var.stack}"
  }

  lifecycle {
    ignore_changes = [
      "app_settings"
    ]
  }

  auth_settings {
    enabled = true
    active_directory {
      client_id = "${azurerm_app_service.web.client_id}"
    }
    default_provider = "AzureActiveDirectory"
  }
}```

I'd like to have ad authentication enabled for my website when I terraform.

From azurerm_app_service

A active_directory block supports the following:

There is no direct client_id attribute in the azurerm_app_service block, you need to register the App Service app in Azure Active Directory then add the Application (client) ID on the Azure portal in the active_directory block. See the details about configure your App Service app to use Azure Active Directory sign-in.

The Azure Active Directory resources have been split out into a new AzureAD Provider - as such the AzureAD resources within the AzureRM Provider are deprecated and will be removed in the next major version (2.0). You could do it with azuread_application block.

For example, this works for me with Terraform v0.12.5+ provider.azuread v0.5.1+ provider.azurerm v1.32.0

# Configure the Microsoft Azure Active Directory Provider
provider "azuread" {
  version = "~> 0.3"
}

# Create an application
resource "azuread_application" "example" {
  name = "${var.prefix}-app-service"
  homepage                   = "https://${var.prefix}-app-service"
  identifier_uris            = ["https://${var.prefix}-app-service"]
  reply_urls                 = ["https://${var.prefix}-app-service.azurewebsites.net/.auth/login/aad/callback"]
  available_to_other_tenants = false
  oauth2_allow_implicit_flow = true

}

and

 auth_settings  {
     enabled = true 

     active_directory  {
         client_id = "${azuread_application.example.application_id}"
     }
     default_provider = "AzureActiveDirectory"
     issuer = "https://sts.windows.net/xxxxxxx-xxxx-xxx-xxxx-xxxtenantID/"

}

Result

这篇关于从 terraform 脚本为 Azure Active Directory 启用“应用服务身份验证"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！