Rename enable_auth -> enable_entra_id_authentication

enable_auth is ambiguous and when set to false looks scary. This
variable turns the entra_id authentication that we use to prevent web
access in non-production environments on or off. Renaming for clarity.

Author: gpeng

infrastructure/environments/dev/variables.tfvars

@@ -1,6 +1,6 @@
 api_oauth_token_url                   = "https://int.api.service.nhs.uk/oauth2/token"
 dns_zone_name                         = "manage-breast-screening.non-live.screening.nhs.uk"
-enable_auth                           = false
+enable_entra_id_authentication        = false
 fetch_secrets_from_app_key_vault      = true
 front_door_profile                    = "afd-nonlive-hub-manbrs"
 postgres_backup_retention_days        = 7

infrastructure/environments/preprod/variables.tfvars

@@ -1,6 +1,6 @@
 api_oauth_token_url                   = "https://int.api.service.nhs.uk/oauth2/token"
 dns_zone_name                         = "manage-breast-screening.screening.nhs.uk"
-enable_auth                           = false
+enable_entra_id_authentication        = false
 fetch_secrets_from_app_key_vault      = true
 front_door_profile                    = "afd-live-hub-manbrs"
 postgres_backup_retention_days        = 7

infrastructure/environments/review/variables.tfvars

@@ -1,6 +1,6 @@
 api_oauth_token_url                   = "https://int.api.service.nhs.uk/oauth2/token"
 dns_zone_name                         = "manage-breast-screening.non-live.screening.nhs.uk"
-enable_auth                           = true
+enable_entra_id_authentication        = true
 fetch_secrets_from_app_key_vault      = true
 front_door_profile                    = "afd-nonlive-hub-manbrs"
 postgres_backup_retention_days        = 7

infrastructure/modules/container-apps/main.tf

@@ -24,7 +24,7 @@ module "webapp" {
   fetch_secrets_from_app_key_vault = var.fetch_secrets_from_app_key_vault
   infra_key_vault_name             = var.infra_key_vault_name
   infra_key_vault_rg               = var.infra_key_vault_rg
-  enable_auth                      = var.enable_auth
+  entra_id_authentication_enabled  = var.enable_entra_id_authentication
   app_key_vault_id                 = var.app_key_vault_id
   docker_image                     = var.docker_image
   user_assigned_identity_ids       = var.deploy_database_as_container ? [] : [module.db_connect_identity[0].id]

infrastructure/modules/container-apps/variables.tf

@@ -39,7 +39,7 @@ variable "docker_image" {
   type        = string
 }
 
-variable "enable_auth" {
+variable "enable_entra_id_authentication" {
   description = "Enable authentication for the container app. If true, the app will use Azure AD authentication."
   type        = bool
 }

infrastructure/terraform/main.tf

@@ -49,7 +49,7 @@ module "container-apps" {
   dns_zone_name                         = var.dns_zone_name
   docker_image                          = var.docker_image
   deploy_database_as_container          = var.deploy_database_as_container
-  enable_auth                           = var.enable_auth
+  enable_entra_id_authentication        = var.enable_entra_id_authentication
   environment                           = var.environment
   env_config                            = var.env_config
   fetch_secrets_from_app_key_vault      = var.fetch_secrets_from_app_key_vault

infrastructure/terraform/variables.tf

@@ -102,8 +102,11 @@ variable "postgres_storage_tier" {
   type        = string
 }
 
-variable "enable_auth" {
-  description = "Enable authentication for the container app. If true, the app will use Azure AD authentication."
+variable "enable_entra_id_authentication" {
+  description = <<EOT
+    Enable Entra ID authentication for the container app. If true, authentication will be required to access the application.
+    This is used in non-production environments to disable unauthenticated web access"
+    EOT
   type        = bool
   default     = false
 }