authentication - 如何配置应用服务以使用来自 Terraform 的 Azure AD 登录

问题描述

通过官方文档手动配置 Web 应用服务以使用 Azure AD 登录很容易 但是，如何从 Terraform 实现这一点？我搜索了一段时间没有找到任何示例，如果您碰巧解决了一个，会很高兴与我分享。

以下代码是我创建资源组和配置 Web 应用程序的方式

terraform {
  backend "azurerm" {}
}

terraform {
  required_version = ">= 0.13"
}

resource "azurerm_resource_group" "tf_resource_group" {
  name     = "RG_${var.application_name}_${var.environment}"
  location = var.location

  tags = {
    environment = var.environment
    DeployedBy  = "terraform"
  }
}

resource "azurerm_app_service_plan" "tf_service_plan" {
  name                = "${var.application_name}-${var.environment}-asp"
  location            = azurerm_resource_group.tf_resource_group.location
  resource_group_name = azurerm_resource_group.tf_resource_group.name
  kind                = "Linux"
  reserved            = true

  sku {
    tier = "Standard"
    size = "S1"
  }

  tags = {
    environment = var.environment
    DeployedBy  = "terraform"
  }
}

resource "azurerm_app_service" "tf_app_service" {
  name                = var.application_name
  location            = azurerm_resource_group.tf_resource_group.location
  resource_group_name = azurerm_resource_group.tf_resource_group.name
  app_service_plan_id = azurerm_app_service_plan.tf_service_plan.id

  site_config {
    always_on        = true
    linux_fx_version = "DOCKER|${var.acr_name}.azurecr.io/${var.img_repo_name}:${var.tag}"
  }

  app_settings = {
    DOCKER_REGISTRY_SERVER_URL          = "$DRSRUL"
    WEBSITES_ENABLE_APP_SERVICE_STORAGE = "false"
    DOCKER_REGISTRY_SERVER_USERNAME     = "$ACRNAME"
    DOCKER_REGISTRY_SERVER_PASSWORD     = "$PW"
  }

  identity {
    type = "SystemAssigned"
  }
}

标签： authenticationazure-active-directoryazure-web-app-serviceterraform