prod/keyvault-acmebot.tf: sync with ground truth after setup
This commit is contained in:
Родитель
a45f8bc4bb
Коммит
6fc01a36fa
|
@ -55,6 +55,19 @@ module "keyvault_acmebot" {
|
|||
azure_dns = {
|
||||
subscription_id = data.azurerm_client_config.current.subscription_id
|
||||
}
|
||||
|
||||
additional_app_settings = {
|
||||
"WEBSITE_AUTH_AAD_ALLOWED_TENANTS" = data.azurerm_client_config.current.tenant_id
|
||||
}
|
||||
|
||||
auth_settings = {
|
||||
enabled = true
|
||||
active_directory = {
|
||||
client_id = var.keyvaultAcmebotAuthClientId
|
||||
client_secret = "unused"
|
||||
tenant_auth_endpoint = "https://sts.windows.net/${data.azurerm_client_config.current.tenant_id}/v2.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource "azurerm_resource_group" "kvacmebot" {
|
||||
|
|
|
@ -129,3 +129,8 @@ variable "googleSiteVerificationTag1" {
|
|||
variable "googleSiteVerificationTag2" {
|
||||
description = "A Google site verification tag (2)"
|
||||
}
|
||||
|
||||
variable "keyvaultAcmebotAuthClientId" {
|
||||
// get value from: func-wwtprod-kvacmebot Function App -> Authentication -> Microsoft identity provider
|
||||
description = "The client ID for the keyvault-acmebot Active Directory connection"
|
||||
}
|
||||
|
|
Загрузка…
Ссылка в новой задаче