Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update r/azurerm_kubernetes_cluster: add support for kubelet_identity #6393

Merged
merged 4 commits into from
Apr 16, 2020
Merged

Update r/azurerm_kubernetes_cluster: add support for kubelet_identity #6393

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
09050f0
kubelet_profile added
Apr 7, 2020
3fb8f72
docs
Apr 7, 2020
2f1d5d3
resolve comments
Apr 8, 2020
326e16a
remove identity_profile nest
Apr 8, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 58 additions & 0 deletions azurerm/internal/services/containers/resource_arm_kubernetes_cluster.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,27 @@ func resourceArmKubernetesCluster() *schema.Resource {
},
},

"kubelet_identity": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"client_id": {
Type: schema.TypeString,
Computed: true,
},
"object_id": {
Type: schema.TypeString,
Computed: true,
},
"user_assigned_identity_id": {
Type: schema.TypeString,
Computed: true,
},
},
},
},

"linux_profile": {
Type: schema.TypeList,
Optional: true,
Expand Down Expand Up @@ -909,6 +930,11 @@ func resourceArmKubernetesClusterRead(d *schema.ResourceData, meta interface{})
return fmt.Errorf("setting `default_node_pool`: %+v", err)
}

kubeletIdentity := flattenKubernetesClusterIdentityProfile(props.IdentityProfile)
if err := d.Set("kubelet_identity", kubeletIdentity); err != nil {
return fmt.Errorf("setting `kubelet_identity`: %+v", err)
}
tombuildsstuff marked this conversation as resolved.
Show resolved Hide resolved

linuxProfile := flattenKubernetesClusterLinuxProfile(props.LinuxProfile)
if err := d.Set("linux_profile", linuxProfile); err != nil {
return fmt.Errorf("setting `linux_profile`: %+v", err)
Expand Down Expand Up @@ -1042,6 +1068,38 @@ func expandKubernetesClusterLinuxProfile(input []interface{}) *containerservice.
}
}

func flattenKubernetesClusterIdentityProfile(profile map[string]*containerservice.ManagedClusterPropertiesIdentityProfileValue) []interface{} {
if profile == nil {
return []interface{}{}
}

kubeletIdentity := make([]interface{}, 0)
if kubeletidentity := profile["kubeletidentity"]; kubeletidentity != nil {
clientId := ""
if clientid := kubeletidentity.ClientID; clientid != nil {
clientId = *clientid
}

objectId := ""
if objectid := kubeletidentity.ObjectID; objectid != nil {
objectId = *objectid
}

userAssignedIdentityId := ""
if resourceid := kubeletidentity.ResourceID; resourceid != nil {
userAssignedIdentityId = *resourceid
}

kubeletIdentity = append(kubeletIdentity, map[string]interface{}{
"client_id": clientId,
"object_id": objectId,
"user_assigned_identity_id": userAssignedIdentityId,
})
}

return kubeletIdentity
}

func flattenKubernetesClusterLinuxProfile(profile *containerservice.LinuxProfile) []interface{} {
if profile == nil {
return []interface{}{}
Expand Down
3 changes: 3 additions & 0 deletions azurerm/internal/services/containers/tests/resource_arm_kubernetes_cluster_auth_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,9 @@ func testAccAzureRMKubernetesCluster_managedClusterIdentity(t *testing.T) {
Check: resource.ComposeTestCheckFunc(
testCheckAzureRMKubernetesClusterExists(data.ResourceName),
resource.TestCheckResourceAttr(data.ResourceName, "identity.0.type", "SystemAssigned"),
resource.TestCheckResourceAttrSet(data.ResourceName, "kubelet_identity.0.client_id"),
resource.TestCheckResourceAttrSet(data.ResourceName, "kubelet_identity.0.object_id"),
resource.TestCheckResourceAttrSet(data.ResourceName, "kubelet_identity.0.user_assigned_identity_id"),
resource.TestCheckResourceAttr(data.ResourceName, "service_principal.%", "0"),
),
},
Expand Down
12 changes: 12 additions & 0 deletions website/docs/r/kubernetes_cluster.html.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -360,6 +360,8 @@ The following attributes are exported:

* `node_resource_group` - The auto-generated Resource Group which contains the resources for this Managed Kubernetes Cluster.

* `kubelet_identity` - A `kubelet_identity` block as defined below.

---

A `http_application_routing` block exports the following:
Expand All @@ -382,6 +384,16 @@ The `identity` block exports the following:

---

The `kubelet_identity` block exports the following:

* `client_id` - The Client ID of the user-defined Managed Identity assigned to the Kubelets.

* `object_id` - The Object ID of the user-defined Managed Identity assigned to the Kubelets.

* `user_assigned_identity_id` - The ID of the User Assigned Identity assigned to the Kubelets.

---

The `kube_admin_config` and `kube_config` blocks export the following:

* `client_key` - Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
Expand Down