Add variable identity_type and user_assigned_identity_id (#100)

* Update docker file to use the current terraform-test image * Remove deprecated -check-variables from test script * Add init step to validation test * update * update * update * update * updatwe * update * update * r1 * update README * update * update * identity * update * update Co-authored-by: Malte Lantin <malantin@microsoft.com> Co-authored-by: Ubuntu <weiyuping@ubuntu-wyp.4smfdm3ngeyufpdz0muw5zebpc.bx.internal.cloudapp.net> Co-authored-by: root <root@ubuntu-wyp.4smfdm3ngeyufpdz0muw5zebpc.bx.internal.cloudapp.net> Co-authored-by: Ubuntu <weiyuping@wyp-ubuntu.qiq11x12zo3e5gy3a0w4i3oaya.xx.internal.cloudapp.net>
Azure · May 24, 2021 · 5413bbf · 5413bbf
1 parent cb3b833
commit 5413bbf
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 2 deletions.
diff --git a/main.tf b/main.tf
@@ -77,7 +77,8 @@ resource "azurerm_kubernetes_cluster" "main" {
   dynamic "identity" {
     for_each = var.client_id == "" || var.client_secret == "" ? ["identity"] : []
     content {
-      type = "SystemAssigned"
+      type                      = var.identity_type
+      user_assigned_identity_id = var.user_assigned_identity_id
     }
   }
 
@@ -112,7 +113,7 @@ resource "azurerm_kubernetes_cluster" "main" {
     }
 
     dynamic "azure_active_directory" {
-      for_each = var.enable_role_based_access_control && !var.rbac_aad_managed ? ["rbac"] : []
+      for_each = var.enable_role_based_access_control && ! var.rbac_aad_managed ? ["rbac"] : []
       content {
         managed           = false
         client_app_id     = var.rbac_aad_client_app_id

diff --git a/test/fixture/main.tf b/test/fixture/main.tf
@@ -24,6 +24,12 @@ resource "azurerm_subnet" "test" {
   address_prefixes     = ["10.52.0.0/24"]
 }
 
+resource "azurerm_user_assigned_identity" "test" {
+  resource_group_name = azurerm_resource_group.main.name
+  location            = azurerm_resource_group.main.location
+  name                = "${random_id.prefix.hex}-identity"
+}
+
 module "aks" {
   source                          = "../.."
   prefix                          = "prefix-${random_id.prefix.hex}"
@@ -81,5 +87,7 @@ module "aks_cluster_name" {
   cluster_log_analytics_workspace_name = "test-cluster"
   enable_kube_dashboard                = false
   net_profile_pod_cidr                 = "10.1.0.0/16"
+  identity_type                        = "UserAssigned"
+  user_assigned_identity_id            = azurerm_user_assigned_identity.test.id
   depends_on                           = [azurerm_resource_group.main]
 }
diff --git a/variables.tf b/variables.tf
@@ -271,3 +271,15 @@ variable "agents_max_pods" {
   type        = number
   default     = null
 }
+
+variable "identity_type" {
+  description = "(Optional) The type of identity used for the managed cluster. Conflict with `client_id` and `client_secret`. Possible values are `SystemAssigned` and `UserAssigned`. If `UserAssigned` is set, a `user_assigned_identity_id` must be set as well."
+  type        = string
+  default     = "SystemAssigned"
+}
+
+variable "user_assigned_identity_id" {
+  description = "(Optional) The ID of a user assigned identity."
+  type        = string
+  default     = null
+}