From 8ddc5127f02f8f19de11d03ef9efb01cf46647ab Mon Sep 17 00:00:00 2001 From: Carlos Mendible <266546+cmendible@users.noreply.github.com> Date: Wed, 10 Apr 2024 10:50:28 +0200 Subject: [PATCH] improved sp redirect uris configuration --- infra/main.tf | 2 ++ infra/modules/ca-aihub/auth_config.tf | 27 +++------------------------ infra/modules/ca-aihub/variables.tf | 1 + infra/modules/ca-chat/auth_config.tf | 27 +++------------------------ infra/modules/ca-chat/variables.tf | 1 + infra/modules/sp/main.tf | 2 +- infra/modules/sp/variables.tf | 6 +++++- 7 files changed, 16 insertions(+), 50 deletions(-) diff --git a/infra/main.tf b/infra/main.tf index 3619340..8d46a67 100644 --- a/infra/main.tf +++ b/infra/main.tf @@ -156,6 +156,7 @@ module "ca_chat" { resource_group_id = azurerm_resource_group.rg.id ca_name = local.ca_chat_name cae_id = module.cae.cae_id + cae_default_domain = module.cae.default_domain managed_identity_id = module.mi.mi_id chat_gpt_deployment = module.openai.gpt_deployment_name chat_gpt_model = module.openai.gpt_deployment_model_name @@ -196,6 +197,7 @@ module "ca_aihub" { resource_group_id = azurerm_resource_group.rg.id ca_name = local.ca_aihub_name cae_id = module.cae.cae_id + cae_default_domain = module.cae.default_domain managed_identity_id = module.mi.mi_id chat_gpt_deployment = module.openai.gpt_deployment_name chat_gpt_model = module.openai.gpt_deployment_model_name diff --git a/infra/modules/ca-aihub/auth_config.tf b/infra/modules/ca-aihub/auth_config.tf index 6b4cbe7..b98d84b 100644 --- a/infra/modules/ca-aihub/auth_config.tf +++ b/infra/modules/ca-aihub/auth_config.tf @@ -1,11 +1,10 @@ -locals { - redirect_fqdn = jsondecode(azapi_resource.ca_back.output).properties.configuration.ingress.fqdn -} - module "sp" { count = var.enable_entra_id_authentication ? 1 : 0 source = "../sp" sp_name = var.ca_name + redirect_uris = [ + "https://${var.ca_name}.${var.cae_default_domain}/.auth/login/aad/callback" + ] } resource "azapi_resource" "current" { @@ -45,23 +44,3 @@ resource "azapi_resource" "current" { } }) } - -locals { - fqdn = jsondecode(azapi_resource.ca_back.output).properties.configuration.ingress.fqdn - update_redirect_uris_command = var.enable_entra_id_authentication ? "az ad app update --id ${module.sp[0].client_id} --web-redirect-uris https://${local.fqdn}/.auth/login/aad/callback" : "" -} - -resource "null_resource" "update_redirect_uris" { - count = var.enable_entra_id_authentication ? 1 : 0 - provisioner "local-exec" { - command = local.update_redirect_uris_command - } - depends_on = [ - module.sp, - azapi_resource.ca_back, - azapi_resource.current - ] - triggers = { - always_run = timestamp() - } -} diff --git a/infra/modules/ca-aihub/variables.tf b/infra/modules/ca-aihub/variables.tf index b48eaa9..3161cfc 100644 --- a/infra/modules/ca-aihub/variables.tf +++ b/infra/modules/ca-aihub/variables.tf @@ -2,6 +2,7 @@ variable "resource_group_id" {} variable "location" {} variable "ca_name" {} variable "cae_id" {} +variable "cae_default_domain" {} variable "managed_identity_id" {} variable "managed_identity_client_id" {} variable "tenant_id" {} diff --git a/infra/modules/ca-chat/auth_config.tf b/infra/modules/ca-chat/auth_config.tf index 6b4cbe7..b98d84b 100644 --- a/infra/modules/ca-chat/auth_config.tf +++ b/infra/modules/ca-chat/auth_config.tf @@ -1,11 +1,10 @@ -locals { - redirect_fqdn = jsondecode(azapi_resource.ca_back.output).properties.configuration.ingress.fqdn -} - module "sp" { count = var.enable_entra_id_authentication ? 1 : 0 source = "../sp" sp_name = var.ca_name + redirect_uris = [ + "https://${var.ca_name}.${var.cae_default_domain}/.auth/login/aad/callback" + ] } resource "azapi_resource" "current" { @@ -45,23 +44,3 @@ resource "azapi_resource" "current" { } }) } - -locals { - fqdn = jsondecode(azapi_resource.ca_back.output).properties.configuration.ingress.fqdn - update_redirect_uris_command = var.enable_entra_id_authentication ? "az ad app update --id ${module.sp[0].client_id} --web-redirect-uris https://${local.fqdn}/.auth/login/aad/callback" : "" -} - -resource "null_resource" "update_redirect_uris" { - count = var.enable_entra_id_authentication ? 1 : 0 - provisioner "local-exec" { - command = local.update_redirect_uris_command - } - depends_on = [ - module.sp, - azapi_resource.ca_back, - azapi_resource.current - ] - triggers = { - always_run = timestamp() - } -} diff --git a/infra/modules/ca-chat/variables.tf b/infra/modules/ca-chat/variables.tf index 56e4700..64b61e5 100644 --- a/infra/modules/ca-chat/variables.tf +++ b/infra/modules/ca-chat/variables.tf @@ -2,6 +2,7 @@ variable "resource_group_id" {} variable "location" {} variable "ca_name" {} variable "cae_id" {} +variable "cae_default_domain" {} variable "managed_identity_id" {} variable "managed_identity_client_id" {} variable "tenant_id" {} diff --git a/infra/modules/sp/main.tf b/infra/modules/sp/main.tf index 230abe7..22da1ab 100644 --- a/infra/modules/sp/main.tf +++ b/infra/modules/sp/main.tf @@ -14,7 +14,7 @@ resource "azuread_application" "sp" { implicit_grant { id_token_issuance_enabled = true } - redirect_uris = [] + redirect_uris = var.redirect_uris } api { diff --git a/infra/modules/sp/variables.tf b/infra/modules/sp/variables.tf index cd20d1d..a59225f 100644 --- a/infra/modules/sp/variables.tf +++ b/infra/modules/sp/variables.tf @@ -1 +1,5 @@ -variable "sp_name" {} \ No newline at end of file +variable "sp_name" {} +variable "redirect_uris" { + type = list(string) + default = [] +} \ No newline at end of file