I'm setting up an azure function with ADAL authentication and I have one issue with pulumi because the function app needs the ad app to be created and then the ad app needs the function app to be created in order to set the reply url.
const adAppName = `${projectName}-${env}`
const adApp = new azuread.Application(adAppName, {
name: adAppName,
requiredResourceAccesses: [
{
resourceAccesses: [
{
id: "311a71cc-e848-46a1-bdf8-97ff7156d8e6",
type: "Scope",
},
],
resourceAppId: "00000002-0000-0000-c000-000000000000",
}
],
replyUrls: [ 'https://myapp.azurewebsites.net/.auth/login/aad/callback' ] // This url is hardcoded
});
const appFunctionName = `${projectName}-${env}`;
const appFunction = new azure.appservice.FunctionApp(appFunctionName, {
...resourceGroupArgs,
name: appFunctionName,
appServicePlanId: appServicePlan.id,
authSettings: {
enabled: true,
unauthenticatedClientAction: 'RedirectToLoginPage',
defaultProvider: 'AzureActiveDirectory',
issuer: `https://sts.windows.net/${azure.config.tenantId}/`,
activeDirectory: {
clientId: adApp.applicationId
}
},
storageConnectionString: storageAccount.primaryConnectionString,
version: '~2',
appSettings: appSettings,
});
How do we solve this kind of circular reference? I'd like to have the replyUrls created with the value of the appFunction url.
Thanks
I think there's no way to fix this circular dependency.
But since you have a fixed name for the App Service, its URL is predictable. You can move your appFunctionName declaration to the top and then use it in the replyUrls assignment:
replyUrls: [ `https://${appFunctionName}.azurewebsites.net/.auth/login/aad/callback` ]
I don't see much downside of doing so. You would have to format this URL regardless, now you only get an extra .azurewebsites.net bit in it compared to using defaultHostName.