0

I want to create a App Registration with Azuread Provider and use the applictionid output for a Configuration in my appservice. Everytime I plan, i got a Error Message. If i remove the Configuration Line, everything works fine.

I tried to put the App-Registration in a Module and work with the output but I got the same error.

Does anyone have an advise?

//Azure App Registration
 resource "azuread_application" "appregistration" {
 name = "${var.state}Site-${var.typ}-ar"
 reply_urls = ["https://${azurerm_app_service.appservice.default_site_hostname}/signin-callback"]
 available_to_other_tenants = false
 oauth2_allow_implicit_flow = true
}
resource "azuread_application_password" "AppRegistrationPwd" {
 application_object_id = "${azuread_application.appregistration.id}"
 value = "SOMECODE"
 end_date = "2020-01-01T01:02:03Z"
}
resource "azuread_service_principal" "serviceprincipal" {
 application_id = "${azuread_application.appregistration.application_id}"
 app_role_assignment_required = false
}

Appservice

resource "azurerm_app_service" "appservice" {
 name = "${var.state}-Site-${var.typ}-as"
 location = "${var.location}"
 resource_group_name = "${azurerm_app_service_plan.serviceplan.resource_group_name}"
 app_service_plan_id = "${azurerm_app_service_plan.serviceplan.id}"
 site_config {
 dotnet_framework_version = "v4.0"
 scm_type = "LocalGit"
 }
 app_settings = {
 "AzureAd:ClientId" = "${azuread_service_principal.serviceprincipal.application_id}"
 }
 }

Error:

Error: Cycle: module.devcentralhub.azuread_service_principal.serviceprincipal, module.devcentralhub.azurerm_app_service.appservice, module.devcentralhub.azuread_application.appregistration
asked Sep 5, 2019 at 9:56
1
  • 1
    I think I got it. The problem is "which" comes first. The Appservice need the ClientID and the Application Service need the primary URL from the appservice, right? Commented Sep 5, 2019 at 10:57

1 Answer 1

2

Your understanding is right as your comment, the resource azurerm_app_service needs the application_id from the resource azuread_service_principal while the resource azuread_service_principal needs the app service name in the reply_urls, so it causes the cycle.

To break the cycle, you could specify ${azurerm_app_service.appservice.default_site_hostname} via ${var.state}-Site-${var.typ}-as.azurewebsites.net since usually both values are the same.

Change to reply_urls = ["https://${var.state}-Site-${var.typ}-as.azurewebsites.net/signin-callback"] in your code.

answered Sep 6, 2019 at 9:20
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.