Merge pull request #6393 from aristosvo/kubeletidentity

Update `r/azurerm_kubernetes_cluster`: add support for kubelet_identity
hashicorp · Apr 16, 2020 · 75481a0 · 75481a0
2 parents dd2dfa8 + 326e16a
commit 75481a0
Show file tree

Hide file tree

Showing 3 changed files with 73 additions and 0 deletions.
diff --git a/azurerm/internal/services/containers/resource_arm_kubernetes_cluster.go b/azurerm/internal/services/containers/resource_arm_kubernetes_cluster.go
@@ -120,6 +120,27 @@ func resourceArmKubernetesCluster() *schema.Resource {
  },
  },
 
+ "kubelet_identity": {
+ Type: schema.TypeList,
+ Computed: true,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "client_id": {
+ Type: schema.TypeString,
+ Computed: true,
+ },
+ "object_id": {
+ Type: schema.TypeString,
+ Computed: true,
+ },
+ "user_assigned_identity_id": {
+ Type: schema.TypeString,
+ Computed: true,
+ },
+ },
+ },
+ },
+
  "linux_profile": {
  Type: schema.TypeList,
  Optional: true,
@@ -927,6 +948,11 @@ func resourceArmKubernetesClusterRead(d *schema.ResourceData, meta interface{})
  return fmt.Errorf("setting `default_node_pool`: %+v", err)
  }
 
+ kubeletIdentity := flattenKubernetesClusterIdentityProfile(props.IdentityProfile)
+ if err := d.Set("kubelet_identity", kubeletIdentity); err != nil {
+ return fmt.Errorf("setting `kubelet_identity`: %+v", err)
+ }
+
  linuxProfile := flattenKubernetesClusterLinuxProfile(props.LinuxProfile)
  if err := d.Set("linux_profile", linuxProfile); err != nil {
  return fmt.Errorf("setting `linux_profile`: %+v", err)
@@ -1060,6 +1086,38 @@ func expandKubernetesClusterLinuxProfile(input []interface{}) *containerservice.
  }
 }
 
+func flattenKubernetesClusterIdentityProfile(profile map[string]*containerservice.ManagedClusterPropertiesIdentityProfileValue) []interface{} {
+ if profile == nil {
+ return []interface{}{}
+ }
+
+ kubeletIdentity := make([]interface{}, 0)
+ if kubeletidentity := profile["kubeletidentity"]; kubeletidentity != nil {
+ clientId := ""
+ if clientid := kubeletidentity.ClientID; clientid != nil {
+ clientId = *clientid
+ }
+
+ objectId := ""
+ if objectid := kubeletidentity.ObjectID; objectid != nil {
+ objectId = *objectid
+ }
+
+ userAssignedIdentityId := ""
+ if resourceid := kubeletidentity.ResourceID; resourceid != nil {
+ userAssignedIdentityId = *resourceid
+ }
+
+ kubeletIdentity = append(kubeletIdentity, map[string]interface{}{
+ "client_id": clientId,
+ "object_id": objectId,
+ "user_assigned_identity_id": userAssignedIdentityId,
+ })
+ }
+
+ return kubeletIdentity
+}
+
 func flattenKubernetesClusterLinuxProfile(profile *containerservice.LinuxProfile) []interface{} {
  if profile == nil {
  return []interface{}{}

diff --git a/azurerm/internal/services/containers/tests/resource_arm_kubernetes_cluster_auth_test.go b/azurerm/internal/services/containers/tests/resource_arm_kubernetes_cluster_auth_test.go
@@ -88,6 +88,9 @@ func testAccAzureRMKubernetesCluster_managedClusterIdentity(t *testing.T) {
  Check: resource.ComposeTestCheckFunc(
  testCheckAzureRMKubernetesClusterExists(data.ResourceName),
  resource.TestCheckResourceAttr(data.ResourceName, "identity.0.type", "SystemAssigned"),
+ resource.TestCheckResourceAttrSet(data.ResourceName, "kubelet_identity.0.client_id"),
+ resource.TestCheckResourceAttrSet(data.ResourceName, "kubelet_identity.0.object_id"),
+ resource.TestCheckResourceAttrSet(data.ResourceName, "kubelet_identity.0.user_assigned_identity_id"),
  resource.TestCheckResourceAttr(data.ResourceName, "service_principal.%", "0"),
  ),
  },

diff --git a/website/docs/r/kubernetes_cluster.html.markdown b/website/docs/r/kubernetes_cluster.html.markdown
@@ -362,6 +362,8 @@ The following attributes are exported:
 
 * `node_resource_group` - The auto-generated Resource Group which contains the resources for this Managed Kubernetes Cluster.
 
+* `kubelet_identity` - A `kubelet_identity` block as defined below. 
+
 ---
 
 A `http_application_routing` block exports the following:
@@ -384,6 +386,16 @@ The `identity` block exports the following:
 
 ---
 
+The `kubelet_identity` block exports the following:
+
+* `client_id` - The Client ID of the user-defined Managed Identity assigned to the Kubelets.
+
+* `object_id` - The Object ID of the user-defined Managed Identity assigned to the Kubelets.
+
+* `user_assigned_identity_id` - The ID of the User Assigned Identity assigned to the Kubelets.
+
+---
+
 The `kube_admin_config` and `kube_config` blocks export the following:
 
 * `client_key` - Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.