prod/keyvault-acmebot.tf: sync with ground truth after setup

prod/keyvault-acmebot.tf

@@ -55,6 +55,19 @@ module "keyvault_acmebot" {
   azure_dns = {
     subscription_id = data.azurerm_client_config.current.subscription_id
   }
+
+  additional_app_settings = {
+    "WEBSITE_AUTH_AAD_ALLOWED_TENANTS" = data.azurerm_client_config.current.tenant_id
+  }
+
+  auth_settings = {
+    enabled = true
+    active_directory = {
+      client_id            = var.keyvaultAcmebotAuthClientId
+      client_secret        = "unused"
+      tenant_auth_endpoint = "https://sts.windows.net/${data.azurerm_client_config.current.tenant_id}/v2.0"
+    }
+  }
 }
 
 resource "azurerm_resource_group" "kvacmebot" {

prod/variables.tf

@@ -129,3 +129,8 @@ variable "googleSiteVerificationTag1" {
 variable "googleSiteVerificationTag2" {
   description = "A Google site verification tag (2)"
 }
+
+variable "keyvaultAcmebotAuthClientId" {
+  // get value from: func-wwtprod-kvacmebot Function App -> Authentication -> Microsoft identity provider
+  description = "The client ID for the keyvault-acmebot Active Directory connection"
+}