英文:
Terraform - Azure How to create B2C identity provider
问题
我有以下的 `terraform` 代码来创建一个 `azure` - `azurerm_aadb2c_directory` 如下所示:
```hcl
resource "azurerm_aadb2c_directory" "example" {
country_code = var.b2c_country_code
data_residency_location = var.b2c_data_residency_location
display_name = var.b2c_display_name
domain_name = "${var.b2c_display_name}.onmicrosoft.com"
resource_group_name = var.b2c_rg_name
sku_name = var.b2c_sku
}
现在,我想创建一个身份提供者(如下截图所示),但我找不到相应的 terraform 资源。
有人能帮我找到正确的 terraform 资源,以及如何修改/创建/定制如下截图中所示的页面吗?
<details>
<summary>英文:</summary>
I have the following `terraform` code to create an `azure` - `azurerm_aadb2c_directory` as below:
resource "azurerm_aadb2c_directory" "example" {
country_code = var.b2c_country_code
data_residency_location = var.b2c_data_residency_location
display_name = var.b2c_display_name
domain_name = "${var.b2c_display_name}.onmicrosoft.com"
resource_group_name = var.b2c_rg_name
sku_name = var.b2c_sku
}
And Now I want to create one of the Identity Providers (as mentioned in the below screenshot) But I can't find the `terraform` resource for that.
Can someone help me find the right `terraform` resource and how to modify/create/customize the page as show in the below screen snip?
[![enter image description here][1]][1]
[1]: https://i.stack.imgur.com/A3K7j.jpg
</details>
# 答案1
**得分**: 1
I'm here to provide translations for the content you've shared. Here's the translation of the provided content:
默认情况下,Azure Terraform资源提供程序不包含配置以设置Azure AD B2C的身份提供程序。
```hcl
resource "azurerm_aadb2c_directory" "example" {
country_code = "US"
data_residency_location = "United States"
display_name = "example-b2c-tenant"
domain_name = "exampleb2ctenant.onmicrosoft.com"
resource_group_name = "example-rg"
sku_name = "PremiumP1"
}
输出:-
另一个提供程序用于获取现有Azure AD B2C租户的属性。
data "azurerm_aadb2c_directory" "example" {
resource_group_name = "example-rg"
domain_name = "exampleb2ctenant.onmicrosoft.com"
}
output "tenant_id" {
value = data.azurerm_aadb2c_directory.example.tenant_id
}
输出:-
我还尝试通过Microsoft Rest API来更新AAD B2C中的IDP,但没有API调用可以在Azure AD B2C中创建或更新IDP。
但是,您可以使用以下代码调用Rest API来更新Azure AD B2C中应用程序的社交IDP或本地IDP的密码凭据:-
创建了一个Google开发者IDP并从已注册的应用程序获取客户端ID和客户端密钥:-
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.47.0"
}
}
}
provider "azurerm" {
features {}
subscription_id = "<subscription-id>"
}
resource "azurerm_resource_group" "appgrp" {
name = "app-grp"
location = "West Europe"
}
resource "null_resource" "configure_social_idp" {
provisioner "local-exec" {
command = <<EOF
set AZURE_TENANT_ID="<tenant-id>"
set AZURE_CLIENT_ID="<client-id>"
set AZURE_CLIENT_SECRET="<client-secret>"
set AZURE_AD_B2C_APP_ID="<app-id>"
curl -X POST \
-H "Authorization: Bearer $(az account get-access-token --resource https://graph.windows.net | jq -r .accessToken)" \
-H "Content-Type: application/json" \
-d '{
"keyCredential": {
"customKeyIdentifier": null,
"displayName": "Google",
"endDateTime": null,
"key": null,
"startDateTime": null,
"type": "Symmetric",
"usage": "Verify",
"value": "<idp-password>"
},
"passwordCredential": null,
"publicClient": null,
"replyUrls": [],
"requiredResourceAccess": [],
"web": null
}' \
"https://graph.windows.net/<tenant-id>/applications/<object-id>/addKeyCredential?api-version=1.6"
EOF
}
}
输出:-
参考资料:-
azurerm_aadb2c_directory | Data Sources | hashicorp/azurerm | Terraform Registry
B2C Tenants - Create - REST API (Azure Azure AD B2C) | Microsoft Learn
B2C Tenants - Update - REST API (Azure Azure AD B2C) | Microsoft Learn
英文:
By default Azure Terraform Resource provider does not contain configurations to set the Identity Provider for Azure AD B2C.
resource "azurerm_aadb2c_directory" "example" {
country_code = "US"
data_residency_location = "United States"
display_name = "example-b2c-tenant"
domain_name = "exampleb2ctenant.onmicrosoft.com"
resource_group_name = "example-rg"
sku_name = "PremiumP1"
}
Output:-
And other provider is for getting the properties of the existing Azure AD B2C tenant.
data "azurerm_aadb2c_directory" "example" {
resource_group_name = "example-rg"
domain_name = "exampleb2ctenant.onmicrosoft.com"
}
output "tenant_id" {
value = data.azurerm_aadb2c_directory.example.tenant_id
}
Output:-
> I also tried checking Microsoft Rest API to update IDP in AAD B2C via
> terraform, But there’s no API call to create or update IDP in azure AD
> B2C.
But You can call a Rest API to update the password credentials of an App in your Azure AD B2C with social IDP or local IDP by using the code below:-
Created one google developer IDP and got the client ID and Client secret from the registered app:-
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.47.0"
}
}
}
provider "azurerm" {
features {}
subscription_id = "<subscription-id>"
}
resource "azurerm_resource_group" "appgrp" {
name = "app-grp"
location = "West Europe"
}
resource "null_resource" "configure_social_idp" {
provisioner "local-exec" {
command = <<EOF
set AZURE_TENANT_ID="<tenant-id>"
set AZURE_CLIENT_ID="<client-id>"
set AZURE_CLIENT_SECRET="<client-secret>"
set AZURE_AD_B2C_APP_ID="<app-id>"
curl -X POST \
-H "Authorization: Bearer $(az account get-access-token --resource https://graph.windows.net | jq -r .accessToken)" \
-H "Content-Type: application/json" \
-d '{
"keyCredential": {
"customKeyIdentifier": null,
"displayName": "Google",
"endDateTime": null,
"key": null,
"startDateTime": null,
"type": "Symmetric",
"usage": "Verify",
"value": "<idp-password>"
},
"passwordCredential": null,
"publicClient": null,
"replyUrls": [],
"requiredResourceAccess": [],
"web": null
}' \
"https://graph.windows.net/\<tenant-id>/applications/\<object-id>/addKeyCredential?api-version=1.6"
EOF
}
}
Output:-
References:-
azurerm_aadb2c_directory | Data Sources | hashicorp/azurerm | Terraform Registry
B2C Tenants - Create - REST API (Azure Azure AD B2C) | Microsoft Learn
B2C Tenants - Update - REST API (Azure Azure AD B2C) | Microsoft Learn
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论