Set Function App Identity Provider as Entra ID in Terraform code

[simonlock]

Hi @shibayan

I'm calling your module in Terraform and would like to set authentication on the function app as code. I would like to authenticate against Azure Entra ID (aka AAD), and, I believe this should be accomplished by selecting AzureActiveDirectory as the identity provider object.

On registry.terraform.io it suggests setting the following optional variable: https://registry.terraform.io/modules/shibayan/keyvault-acmebot/azurerm/latest?tab=inputs

auth_settings object({ enabled = bool active_directory = object({ client_id = string client_secret = string tenant_auth_endpoint = string }) }) Description: Authentication settings for the function app Default: null

It looks like you are setting a variable hard coded to active_directory.

variable "auth_settings" {
  type = object({
    enabled = bool
    active_directory = object({
      client_id            = string
      client_secret        = string
      tenant_auth_endpoint = string
    })
  })
  description = "Authentication settings for the function app"
  default     = null
}

Is it possible to set Azure Entra ID as the authentication provider in Terraform the code? Or am I missing a setting somewhere?

If not then this would be a very welcome feature.

[simonlock]

I managed to get this to work. Maybe the description on registry.terraform.io should be updated to include "provider = string" in its description of the variable auth_settings.

like this:

auth_settings object({ provider = string enabled = bool active_directory = object({ client_id = string client_secret = string tenant_auth_endpoint = string }) })
Description: Authentication settings for the function app
Default: null

setting provider = "AzureAD" seems to work.