How Do I Add Active Directory To APIM Using Terraf

2019-08-29 00:01发布

问题:

Following this article you can link Azure API Management to Users/Groups in Azure Active Directory.

At the moment I am creating the APIM instance with Terraform

resource "azurerm_api_management" "test" {
  name                = "example-apim"
  location            = "${azurerm_resource_group.test.location}"
  resource_group_name = "${azurerm_resource_group.test.name}"
  publisher_name      = "My Company"
  publisher_email     = "company@terraform.io"

  sku {
    name     = "Developer"
    capacity = 1
  }
}

How do I add the Active Directory Identity Provider to this?

回答1:

This doesn't seem to be possible with terraform, however, it can be added by calling the REST API from the Azure CLI.

az rest -m put -u "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/my-resource-group/providers/Microsoft.ApiManagement/service/my-apim/identityProviders/aad?api-version=2019-01-01" -b "{'properties':{'clientId':'xxxxx-xxx-xxxx-xxxx-xxxxxxxxxx','clientSecret':'super-secret-password','allowedTenants':['mysite.com']}}"

The body -b is json that has been formatted to a single line.

You need to look up the clientId from active directory and know what the clientSecret is.

You can embedd this command in terraform if you wish:

resource "null_resource" "add-ad-identity-provider" {
  provisioner "local-exec" {
    command = "az rest -m put -u \"https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/my-resource-group/providers/Microsoft.ApiManagement/service/my-apim/identityProviders/aad?api-version=2019-01-01\" -b \"{'properties':{'clientId':'xxxxx-xxx-xxxx-xxxx-xxxxxxxxxx','clientSecret':'super-secret-password','allowedTenants':['mysite.com']}}\""
  }
  depends_on = ["azurerm_api_management.test"]
}