hashicorp · tombuildsstuff · Apr 16, 2020 · Apr 7, 2020 · Apr 7, 2020 · Apr 8, 2020
diff --git a/azurerm/internal/services/containers/resource_arm_kubernetes_cluster.go b/azurerm/internal/services/containers/resource_arm_kubernetes_cluster.go
@@ -120,6 +120,42 @@ func resourceArmKubernetesCluster() *schema.Resource {
  },
  },
 
+ "identity_profile": {
+ Type: schema.TypeList,
+ Optional: true,
+ Computed: true,
+ MaxItems: 1,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "kubelet_identity": {
+ Type: schema.TypeList,
+ Optional: true,
+ Computed: true,
+ MaxItems: 1,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "client_id": {
+ Type: schema.TypeString,
+ Optional: true,
+ Computed: true,
+ },
+ "object_id": {
+ Type: schema.TypeString,
+ Optional: true,
+ Computed: true,
+ },
+ "resource_id": {
+ Type: schema.TypeString,
+ Optional: true,
+ Computed: true,
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+
  "linux_profile": {
  Type: schema.TypeList,
  Optional: true,
@@ -909,6 +945,11 @@ func resourceArmKubernetesClusterRead(d *schema.ResourceData, meta interface{})
  return fmt.Errorf("setting `default_node_pool`: %+v", err)
  }
 
+ identityProfile := flattenKubernetesClusterIdentityProfile(props.IdentityProfile)
+ if err := d.Set("identity_profile", identityProfile); err != nil {
+ return fmt.Errorf("setting `identity_profile`: %+v", err)
+ }
+
  linuxProfile := flattenKubernetesClusterLinuxProfile(props.LinuxProfile)
  if err := d.Set("linux_profile", linuxProfile); err != nil {
  return fmt.Errorf("setting `linux_profile`: %+v", err)
@@ -1042,6 +1083,42 @@ func expandKubernetesClusterLinuxProfile(input []interface{}) *containerservice.
  }
 }
 
+func flattenKubernetesClusterIdentityProfile(profile map[string]*containerservice.ManagedClusterPropertiesIdentityProfileValue) []interface{} {
+ if profile == nil {
+ return []interface{}{}
+ }
+
+ kubeletIdentity := make([]interface{}, 0)
+ if kubeletidentity := profile["kubeletidentity"]; kubeletidentity != nil {
+ clientId := ""
+ if clientid := kubeletidentity.ClientID; clientid != nil {
+ clientId = *clientid
+ }
+
+ objectId := ""
+ if objectid := kubeletidentity.ObjectID; objectid != nil {
+ objectId = *objectid
+ }
+
+ resourceId := ""
+ if resourceid := kubeletidentity.ResourceID; resourceid != nil {
+ resourceId = *resourceid
+ }
+
+ kubeletIdentity = append(kubeletIdentity, map[string]interface{}{
+ "client_id": clientId,
+ "object_id": objectId,
+ "resource_id": resourceId,
+ })
+ }
+
+ return []interface{}{
+ map[string]interface{}{
+ "kubelet_identity": kubeletIdentity,
+ },
+ }
+}
+
 func flattenKubernetesClusterLinuxProfile(profile *containerservice.LinuxProfile) []interface{} {
  if profile == nil {
  return []interface{}{}

diff --git a/azurerm/internal/services/containers/tests/resource_arm_kubernetes_cluster_auth_test.go b/azurerm/internal/services/containers/tests/resource_arm_kubernetes_cluster_auth_test.go
@@ -88,6 +88,9 @@ func testAccAzureRMKubernetesCluster_managedClusterIdentity(t *testing.T) {
  Check: resource.ComposeTestCheckFunc(
  testCheckAzureRMKubernetesClusterExists(data.ResourceName),
  resource.TestCheckResourceAttr(data.ResourceName, "identity.0.type", "SystemAssigned"),
+ resource.TestCheckResourceAttrSet(data.ResourceName, "identity_profile.0.kubelet_identity.0.client_id"),
+ resource.TestCheckResourceAttrSet(data.ResourceName, "identity_profile.0.kubelet_identity.0.object_id"),
+ resource.TestCheckResourceAttrSet(data.ResourceName, "identity_profile.0.kubelet_identity.0.resource_id"),
  resource.TestCheckResourceAttr(data.ResourceName, "service_principal.%", "0"),
  ),
  },

diff --git a/website/docs/r/kubernetes_cluster.html.markdown b/website/docs/r/kubernetes_cluster.html.markdown
@@ -360,6 +360,8 @@ The following attributes are exported:
 
 * `node_resource_group` - The auto-generated Resource Group which contains the resources for this Managed Kubernetes Cluster.
 
+* `identity_profile` - A `identity_profile` block as defined below. 
+
 ---
 
 A `http_application_routing` block exports the following:
@@ -382,6 +384,22 @@ The `identity` block exports the following:
 
 ---
 
+The `identity_profile` block exports the following:
+
+* `kubelet_identity` - A `kubelet_identity` block as defined below.
+
+---
+
+The `kubelet_identity` block exports the following:
+
+* `client_id` - The client id of the user-defined Managed Identity assigned to the kubelets.
+
+* `object_id` - The object id of the user-defined Managed Identity assigned to the kubelets.
+
+* `resource_id` - The resource id of the user-defined Managed Identity assigned to the kubelets.
+
+---
+
 The `kube_admin_config` and `kube_config` blocks export the following:
 
 * `client_key` - Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.