Reputation: 2333
Error while trying to run Terraform Apply , Web App Authentication Error
I get the below error while trying to run Terraform Apply.
Error: updating Authentication Settings for App Service "app-cont-sa-fe-predev-cus-bb2e": web.AppsClient#UpdateAuthSettings: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="BadRequest" Message="Cannot execute the request for site app-cont-sa-fe-predev-cus-bb2e because the site is running on auth version v2." Details=[{"Message":"Cannot execute the request for site app-cont-sa-fe-predev-cus-bb2e because the site is running on auth version v2."},{"Code":"BadRequest"},{"ErrorEntity":{"Code":"BadRequest","ExtendedCode":"04534","Message":"Cannot execute the request for site app-cont-sa-fe-predev-cus-bb2e because the site is running on auth version v2.","MessageTemplate":"Cannot execute the request for site {0} because the site is running on auth version {1}.","Parameters":["app-cont-sa-fe-predev-cus-bb2e","v2"]}}]
│
│ with azurerm_app_service.fe,
│ on resources.app.tf line 59, in resource "azurerm_app_service" "fe":
│ 59: resource "azurerm_app_service" "fe" {
Can anyone tell me what do i need to change in my below resource block so that i don't get the error. Thanks
resource "azurerm_app_service" "fe" {
location = module.resourcegroup.resource_group.location
resource_group_name = module.resourcegroup.resource_group.name
tags = module.resourcegroup.resource_group.tags
app_service_plan_id = azurerm_app_service_plan.default.id
name = module.names-web-app-fe.location.app_service.name_unique
identity { type = "SystemAssigned" }
auth_settings {
enabled = true
default_provider = "AzureActiveDirectory"
issuer = format("https://sts.windows.net/%s/", data.azurerm_client_config.default.tenant_id)
runtime_version = "~1"
token_store_enabled = true
unauthenticated_client_action = "RedirectToLoginPage"
additional_login_params = {
"response_type" = "code id_token",
"resource" = azuread_application.app-fe.application_id
}
active_directory {
client_id = azuread_application.app-fe.object_id
client_secret = azuread_application_password.fe-app-sp-secret.application_object_id
allowed_audiences = [format("https://%s.azurewebsites.net", module.names-web-app-fe.location.app_service.name_unique)]
}
}
site_config {
always_on = true
app_command_line = ""
default_documents = []
dotnet_framework_version = "v4.0"
ftps_state = "Disabled"
health_check_path = ""
http2_enabled = true
linux_fx_version = "STATICSITE|1.0"
local_mysql_enabled = false
managed_pipeline_mode = "Integrated"
min_tls_version = "1.2"
#pre_warmed_instance_count = 0
python_version = "3.4"
remote_debugging_enabled = false
remote_debugging_version = "VS2019"
use_32_bit_worker_process = false
websockets_enabled = false
windows_fx_version = ""
cors {
allowed_origins = []
support_credentials = false
}
}
app_settings = {
"WEBSITE_DNS_SERVER" = "168.63.129.16"
"WEBSITE_VNET_ROUTE_ALL" = "1"
}
}
I guess there were changes from Azure side wrt authentication and because of which i am getting this error.
Upvotes: 3
Views: 2682
Answers (1)
Reputation: 4620
Terraform uses Auth V1 Settings instead of using Auth V2 setting for the Web App. Currently only Azure CLI cmdlet and ARM Templates allow the auth_settings_v2 to be configured. This might be available in the upcoming version of azurerm provider i.e. v3.0.0 as mentioned under Feature details: New Data Sources / Resources for App Service & Function Apps .
As for the error which you are getting , I tried creating a App Service in Azure using similar code as yours and it didn't provide any error in the initial creation but after I go to portal and under authentication setting , I upgrade the authentication settings to v2 . I start receiving the same error while trying to update the application from terraform like below :
In order to avoid the error , if you are using terraform to create and manage the web app , then please don't upgrade Web Authentication Settings .
Upvotes: 5
Related Questions
- Terraform azuread_application seems to be missing arguments
- Getting Error related to Azure App Registration using Terraform
- Terraform App Service wont connect to Storage account
- Getting cyclic error with Terraform while doing Azure app registration
- unable to execute terraform apply in azure devops
- AZURE Terraform Service Principal authentication Error
- Is this Terraform code permissions missing or the Azure account (attaching the error) and how to fix it?
- Terraform azure - keyvault key generation - access denied
- Unauthorized error using Terraform to deploy app service on Azure
- terraform application_security_group_ids invalid or unknown key