Adding AppRole required config (#58)

Author: shibayan

example/main.tf

@@ -48,6 +48,22 @@ resource "azuread_application" "default" {
     }
   }
 
+  app_role {
+    allowed_member_types = ["User", "Application"]
+    description          = "Allow new and renew certificate"
+    display_name         = "Acmebot.IssueCertificate"
+    is_enabled           = true
+    value                = "Acmebot.IssueCertificate"
+  }
+
+  app_role {
+    allowed_member_types = ["User", "Application"]
+    description          = "Allow revoke certificate"
+    display_name         = "Acmebot.RevokeCertificate"
+    is_enabled           = true
+    value                = "Acmebot.RevokeCertificate"
+  }
+
   web {
     redirect_uris = ["https://func-acmebot-${random_string.random.result}.azurewebsites.net/.auth/login/aad/callback"]
 

variables.tf

@@ -85,6 +85,12 @@ variable "mitigate_chain_order" {
   default     = false
 }
 
+variable "app_role_required" {
+  type        = bool
+  description = "Specify whether additional App Role assignment is required during Azure AD authentication."
+  default     = false
+}
+
 variable "external_account_binding" {
   type = object({
     key_id    = string
@@ -227,6 +233,7 @@ locals {
     "Acmebot:VaultBaseUrl"       = var.vault_uri
     "Acmebot:Environment"        = var.environment
     "Acmebot:MitigateChainOrder" = var.mitigate_chain_order
+    "Acmebot:AppRoleRequired"    = var.app_role_required
   }
 
   acmebot_app_settings = merge(