Search code examples
azureterraformazure-web-app-serviceterraform-provider-azure

Azure Web App auth_settings_v2 not supported

I am creating a new azure web app with terraform and want to enable authorization for the app. It works and can create an app using the old v1 api but I want to use the v2 auth.

This is my basic terraform code:

resource "azurerm_linux_web_app" "webapp" {
  name                  = var.app_service_name
  location              = azurerm_resource_group.rg.location
  resource_group_name   = azurerm_resource_group.rg.name
  service_plan_id       = azurerm_service_plan.appserviceplan.id
  https_only            = true
  
  # Error ! auth v2
  auth_settings_v2 {
    auth_enabled = true
  }
  # This works
  # auth_settings {
  #   enabled = false
  # }
  site_config { }
}

According to terraforms documentation auth_v2 is supported as im using version 3.9 of the azure provider but I cannot seem to get auth_settings_v2 to work. I get error Error: Unsupported block type

Has anyone managed to deploy a auth_settings_v2 for a web app through terraform?

Solution

  • auth_settings_v2 of web app is not supported in previous versions of terraform. You need to have terraform provider 3.93 in your environment.

    Note: Upgrade it using terraform init -upgrade.

    After checking and upgrading it, I tried below terraform code and was able to deploy it successfully as shown below.

    provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "example" {
  name     = "jahnavi-resources"
  location = "West Europe"
}

resource "azurerm_service_plan" "example" {
  name                = "jahexample"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  os_type             = "Linux"
  sku_name            = "P1v2"
}

resource "azurerm_linux_web_app" "example" {
  name                = "jahapp"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_service_plan.example.location
  service_plan_id     = azurerm_service_plan.example.id
  https_only            = true
  
  
auth_settings_v2 {
    auth_enabled             = true
    default_provider         = "aad"
    require_authentication   = true
    require_https            = true
    unauthenticated_action   = "RedirectToLoginPage"
    active_directory_v2 {
      client_id                   = "xxxx"
      tenant_auth_endpoint        = "https://login.microsoftonline.com/<tenant_ID>"
      client_secret_setting_name  = "xxxx"
    }
    login{}
  }
  site_config {}
}

    Output:

    enter image description here

    enter image description here

    Refer Github issue for the relevant information.