👽 Do not replace azuread:clientId or azuread:tenantId in stack option…

…s since these set the provider information in the state file and cannot be changed
alan-turing-institute · Oct 25, 2024 · 3d5f21a · 3d5f21a
1 parent 810d86e
commit 3d5f21a
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/data_safe_haven/commands/sre.py b/data_safe_haven/commands/sre.py
@@ -98,15 +98,17 @@ def deploy(
         if not application:
             msg = f"No Entra application '{context.entra_application_name}' was found. Please redeploy your SHM."
             raise DataSafeHavenConfigError(msg)
-        stack.add_option("azuread:clientId", application.get("appId", ""), replace=True)
+        stack.add_option(
+            "azuread:clientId", application.get("appId", ""), replace=False
+        )
         if not context.entra_application_secret:
             msg = f"No Entra application secret '{context.entra_application_secret_name}' was found. Please redeploy your SHM."
             raise DataSafeHavenConfigError(msg)
         stack.add_secret(
             "azuread:clientSecret", context.entra_application_secret, replace=True
         )
         stack.add_option(
-            "azuread:tenantId", shm_config.shm.entra_tenant_id, replace=True
+            "azuread:tenantId", shm_config.shm.entra_tenant_id, replace=False
         )
         # Load SHM outputs
         stack.add_option(