terraform - azurerm_app_service v2 如何为 v2 启用身份验证设置

问题描述

我使用 terraform 创建了一个 azure 应用服务，默认它选择旧式 AUTH 设置。正如微软建议的那样，旧设置将在今年年底被删除，我们希望迁移到新的 AUTH 设置。我没有看到任何有关它的文档。当我为其中一项应用服务手动升级 AUTH 设置时，terraform 无法再更新给定的应用服务

在我用来创建应用服务的代码片段下方。这将创建具有 AUTH 版本 1 的应用服务。

  resource "azurerm_app_service" "as" {
  for_each            = var.appservice
  name                = lookup(each.value, "appservice_name")
  location            = var.location
  resource_group_name = var.resource_group_name
  app_service_plan_id = var.app_service_plan_id
  https_only          = lookup(each.value, "https_only", null)
  client_cert_enabled = lookup(each.value, "client_cert_enabled", false)
  tags                = var.standard_tags

  dynamic "site_config" {
    for_each = lookup(each.value, "site_config",[])
    content {
      always_on                 =  lookup(site_config.value, "always_on", true)
      app_command_line          =  lookup(site_config.value, "app_command_line", null)
      auto_swap_slot_name       =  lookup(site_config.value, "auto_swap_slot_name", null)
  
      dynamic "cors" {
        for_each = lookup(site_config.value, "cors", [])
        content {
          allowed_origins     = lookup(cors.value, "allowed_origins", null)
          support_credentials = lookup(cors.value, "support_credentials", null)
        }
      }

      default_documents         = lookup(site_config.value, "default_documents", ["index.html", "hostingstart.html"])
      dotnet_framework_version  = lookup(site_config.value, "dotnet_framework_version", null)
      ftps_state                = lookup(site_config.value, "ftps_state", "FtpsOnly")
      http2_enabled             = lookup(site_config.value, "http2_enabled", true)
      health_check_path         = lookup(site_config.value, "health_check_path", null)     

      java_container            = lookup(site_config.value, "java_container", null)
      java_container_version    = lookup(site_config.value, "java_container_version", null)
      java_version              = lookup(site_config.value, "java_version", null)
      linux_fx_version          = lookup(site_config.value, "linux_fx_version", null)
      local_mysql_enabled       = lookup(site_config.value, "local_mysql_enabled", null)
      managed_pipeline_mode     = lookup(site_config.value, "managed_pipeline_mode", null)
      min_tls_version           = lookup(site_config.value, "min_tls_version", "1.2")
      php_version               = lookup(site_config.value, "php_version", null)
      python_version            = lookup(site_config.value, "python_version", null)
      remote_debugging_enabled  = lookup(site_config.value, "remote_debugging_enabled", null)
      remote_debugging_version  = lookup(site_config.value, "remote_debugging_version", null)
      scm_type                  = lookup(site_config.value, "scm_type", "VSTSRM")
      use_32_bit_worker_process = lookup(site_config.value, "use_32_bit_worker_process", null)
      websockets_enabled        = lookup(site_config.value, "websockets_enabled", null)
      windows_fx_version        = lookup(site_config.value, "windows_fx_version", null)
    
    }
  }
  app_settings = merge(lookup(each.value, "app_settings", {}), var.custom_app_settings)
  auth_settings  {
      enabled = true
      default_provider = "AzureActiveDirectory"
      issuer = "https://login.microsoftonline.com/XXXXXX/v2.0/"   
      unauthenticated_client_action = "RedirectToLoginPage"
      active_directory  {
          client_id = var.as_client_id
          client_secret = var.as_client_secret
          allowed_audiences = [
            "https://${lookup(each.value, "appservice_name")}.azurewebsites.net"
          ]
      }   
  }

标签： terraformterraform-provider-azure