Terraform Azure function app deployment with auth_settings_v2 is configuring Microsoft (V1)
I am trying to deploy an Azure Linux function app via Terraform. This function app using Microsoft based authentication. Inside my function app resource template I have this block for authentication:
"auth_settings_v2" {
content {
auth_enabled = true
require_authentication = true
microsoft_v2 {
client_id = var.app_registration_client_id
client_secret_setting_name = "MICROSOFT_PROVIDER_AUTHENTICATION_SECRET"
allowed_audiences = ["api://${var.app_registration_client_id}"]
}
login {}
}
}
I also specify an app_setting named MICROSOFT_PROVIDER_AUTHENTICATION_SECRET. I verified in Azure Portal that the authentication does get enabled, but it shows "Microsoft (V1)". I also verified the app setting was added with the correct secret value.
I am using hashicorp/azurerm = 3.104.2. Why is this enabling V1 auth instead of V2?
The Terraform AzureRM provider version you're using mainly focusses on the ADAL library for authentication. Check that you have upgraded the terraform version properly to the latest releases.
If still the issue persists, try adding the runtime_version property under auth_settings_v2 block as shown in the below code.
runtime_version = "~2"
But after I have tried multiple times to enable microsoft_v2 but every time it was deploying v1. It seems like it's a bug in the document.
As a workaround, you can use active_directory_V2 authentication provider instead of microsoft_v2.
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.104.2"
}
}
}
provider "azurerm" {
features {}
}
data "azurerm_resource_group" "example" {
name = "Jahnavi"
}
resource "azurerm_storage_account" "example" {
name = "functionappsajnew"
resource_group_name = data.azurerm_resource_group.example.name
location = data.azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "LRS"
}
resource "azurerm_service_plan" "example" {
name = "jahplannew"
resource_group_name = data.azurerm_resource_group.example.name
location = data.azurerm_resource_group.example.location
os_type = "Linux"
sku_name = "Y1"
}
resource "azurerm_linux_function_app" "example" {
name = "exampleappjnew"
resource_group_name = data.azurerm_resource_group.example.name
location = data.azurerm_resource_group.example.location
storage_account_name = azurerm_storage_account.example.name
storage_account_access_key = azurerm_storage_account.example.primary_access_key
service_plan_id = azurerm_service_plan.example.id
site_config {}
app_settings = {
"MICROSOFT_PROVIDER_AUTHENTICATION_SECRET" = var.client_secret
}
auth_settings_v2 {
auth_enabled = true
runtime_version = "~2"
default_provider = "aad"
require_authentication = true
require_https = true
unauthenticated_action = "RedirectToLoginPage"
active_directory_v2 {
client_id = var.client_Id
client_secret_setting_name = "MICROSOFT_PROVIDER_AUTHENTICATION_SECRET"
tenant_auth_endpoint = "https://login.microsoftonline.com/tenant_ID/v2.0/"
}
login{}
}
}
Output:
- WebJob is stopping due to website shutting down
- Is it possible to change the day returned from startofweek() and endofweek()?
- Handling Audio blobs sent through mediarecorder in JS through python server script for azure service
- Export app registrations with expiring secrets and certificates and send alert in teams
- SQL Azure import slow, hangs, but local import takes 3 minutes
- Issue with Group email address domain when create a new Microsoft 365 Group
- What is the URL for New Page in Azure DevOps Wiki? / How to bookmark New Page?
- Is there a dynamic way to get variables from Variable Group? Even secret ones? and insert in Azure Key Vault
- How do I configure my Bicep scripts to allow a container app to pull an image from an ACR using managed identity across subscriptions
- Azure DevOps. Can't trigger a pipeline in Repo A when a commit is done in repo B
- How to change the default Azure AI Search scoring to be increased when the whole search term is found exactly?
- List and download files in a folder in a blob with blob level SAS token
- How to change the Lease state of Azure Blob to Available
- unable to delete or move first step from logic app?
- Azure Terraform - Encrypt VM OS Disk
- How to temporary stop Azure API Management Service
- Unable to retrieve key vault certificates in azure runbook
- C#: 'A change set cannot include changes to more than '1' source resources' when adding a user To Group using Azure Graph API 2.0
- Set size limt to direct upload to azure blob storage via SAS URL
- Using AddAzureKeyVault makes my application 10 seconds slower
- PostGreSQL pg_dump psql and pg_restore errors with Azure Flexible SQL Server
- How to check signature of a token coming from Azure SSO
- How can I get error details from an if condition activity in Azure Data Factory?
- Getting a 404 for GET /robots933456.txt
- Given an Applications Insight Instrumentation key, get the name of the service in Azure
- How to specify rewrite url for query string parameters in Azure API Management
- Can a normal Azure Function and a Durable Azure Function coexist in the same Function App?
- TenantGuidNotFound when trying to send email using Microsfot GraphAPI
- Can't signin into microsoft account
- Azure Function App Kudu Functions API with empty response