如何使用Terraform创建Azure应用程序注册和客户端密钥

huangapple
go评论90阅读模式
英文:

How to create azure app registration and client secret using terraform

问题

我正在尝试创建一个用于Azure应用注册和客户端密钥的Terraform代码(具有对订阅的读取访问权限的服务主体)。

基本上,我正在尝试将Azuresafe与Terraform集成,并尝试逐步了解如何配置。这里有文档。如果已经有任何Terraform代码可供审查等等,将会很有帮助,或者关于我想了解如何创建应用注册和客户端密钥

# 创建新的应用注册
resource "azuread_application" "app" {
  display_name = var.azuread_app_display_name
}

# 创建服务主体
resource "azuread_service_principal" "app" {
  application_id = azuread_application.app.application_id
}

# 创建服务主体密码
resource "azuread_service_principal_password" "app" {
  application_object_id = azuread_application.app.object_id
}
英文:

I am trying to create an Terraform code for Azure app registration and client secret (A service principal with Read access to the subscription)

Basically, I am trying to Integrate Azuresafe with Terraform and trying to identify how to configure step by step.https://docs.safe.security/docs/azure. If there is already any terrafrom code out there to review etc.. will be helpful or for this I would like to understand how to create a app registration and clien secret.

# Create new app registration
resource "azuread_application" "app" {
  display_name = var.azuread_app_display_name
}

# Create a service principal
resource "azuread_service_principal" "app" {
  application_id = azuread_application.app.application_id
}

# Create Service Principal password
resource "azuread_service_principal_password" "app" {
  application_object_id = azuread_application.app.object_id
}

答案1

得分: 1

我尝试使用Terraform创建Azure应用程序注册、服务主体和客户端密钥,并成功完成了它们的配置。

根据需求,我们需要在我们的活动订阅中为Azure应用程序注册及其密钥、服务主体提供只读访问权限。为此,我们需要赋予贡献者级别的访问权限。

我的Terraform代码如下:

main.tf

resource "azuread_application" "app" {
  display_name = "Azuresafe Application VK"
}

resource "azuread_service_principal" "app" {
  application_id = azuread_application.app.application_id
}

resource "azuread_application_password" "example" {
  application_object_id = azuread_application.app.object_id
}

# 输出服务主体和密码
output "app" {
  value     = azuread_application.app.id
  sensitive = true
}

output "app_password" {
  value     = azuread_application_password.example.value
  sensitive = true
}

输出:

如何使用Terraform创建Azure应用程序注册和客户端密钥

现在执行terraform_output命令来检查应用程序和应用程序密钥。

terraform_output

如何使用Terraform创建Azure应用程序注册和客户端密钥

如何使用Terraform创建Azure应用程序注册和客户端密钥

门户输出:

应用程序注册

如何使用Terraform创建Azure应用程序注册和客户端密钥

应用程序注册密码

如何使用Terraform创建Azure应用程序注册和客户端密钥

英文:

> I tried to create Azure app registration, Service principal & client secret using Terraform and I was successfully able to provision them

Here as per the requirement, we need need to provision Azure App registration & its secret, Service principal in read-only access. For this, we need contributor-level access to our active subscription.

my terraform code

main.tf

resource  "azuread_application"  "app" {

display_name  =  "Azuresafe Application VK"

}

 
resource  "azuread_service_principal"  "app" {

application_id  =  azuread_application.app.application_id

}

 
resource  "azuread_application_password"  "example" {

application_object_id  =  azuread_application.app.object_id

}

   
# Output the Service Principal and password

output  "app" {

value  =  azuread_application.app.id

sensitive  =  true

}


output  "app_password" {

value  =  azuread_application_password.example.value

sensitive  =  true

}

Output:

如何使用Terraform创建Azure应用程序注册和客户端密钥

now execute the terrafrom_output command to check the app and app_secret

terraform_output

如何使用Terraform创建Azure应用程序注册和客户端密钥

如何使用Terraform创建Azure应用程序注册和客户端密钥

Portal Output:

App Registration

如何使用Terraform创建Azure应用程序注册和客户端密钥

App registration password

如何使用Terraform创建Azure应用程序注册和客户端密钥

huangapple
  • 本文由 发表于 2023年7月31日 22:32:48
  • 转载请务必保留本文链接:https://go.coder-hub.com/76804627.html
  • terraform
  • terraform-provider-azure
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定