i want to add auth_settings into my Azure App Service. I am using this provider:
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/windows_function_app
And this is my code. Module:
resource "azurerm_windows_function_app" "function_app" {
name = var.name
resource_group_name = var.resource_group_name
location = var.location
storage_account_name = var.storage_account_name
service_plan_id = var.service_plan_id
app_settings = var.app_settings
auth_settings {
enabled = var.auth_settings_enabled
active_directory = var.auth_active_directory
}
}
And variables.tf file:
// ommited the rest
variable "auth_settings_enabled" {
type = bool
default = false
}
variable "auth_active_directory" {
default = null
type = object({
client_id = optional(string)
client_secret = optional(string)
allowed_audiences = optional(list(string))
})
}
Then, i declare my module in main.tf
///
module "function_app_1" {
source = "./function-app-module"
// standard vars like name etc here...
auth_settings_enabled = true
auth_active_directory = {
client_id = var.clientid
client_secret = var.clientsecret
allowed_audiences = [ var.audience ]
}
}
module "function_app_2" {
source = "./function-app-module"
// standard vars like name etc here...
auth_active_directory = {}
}
And after terraform plan commend i am getting this error:
│ Error: Unsupported argument
│
│ on function-app\main.tf line 28, in resource "azurerm_windows_function_app" "function_app":
│ 28: active_directory = var.auth_active_directory
│
│ An argument named "active_directory" is not expected here. Did you mean to define a block of type "active_directory"?
╵
╷
│ Error: Unsupported argument
│
│ on function-app\main.tf line 28, in resource "azurerm_windows_function_app" "function_app":
│ 28: active_directory = var.auth_active_directory
│
│ An argument named "active_directory" is not expected here. Did you mean to define a block of type "active_directory"?
My question is, how to init active_directory in auth_settings object properly?
>Solution :
Since active_directory is a block and not an argument, you cannot define it the way you are currently trying to. So, there are a couple of things to consider:
- If the
enabledvalue is set totruetheactive_directoryblock should be used - Variable value assignment to a block rather than an argument
Based on the two assumptions, you could refactor the code block in question like this:
auth_settings {
enabled = var.auth_settings_enabled
dynamic "active_directory" {
for_each = auth_settings_enabled ? [1] : []
content {
client_id = var.auth_active_directory.client_id
client_secret = var.auth_active_directory.client_secret
allowed_audiences = var.auth_active_directory.allowed_audiences
}
}
}
In this case, Terraform dynamic block is used [1] to make sure the active_directory block is optional and used only when the auth_settings_enabled variable is equal to true.
[1] https://developer.hashicorp.com/terraform/language/expressions/dynamic-blocks