diff --git a/azurerm/internal/services/containers/kubernetes_addons.go b/azurerm/internal/services/containers/kubernetes_addons.go index 58ef9ea47cf4..becc0910065b 100644 --- a/azurerm/internal/services/containers/kubernetes_addons.go +++ b/azurerm/internal/services/containers/kubernetes_addons.go @@ -127,6 +127,26 @@ func schemaKubernetesAddOnProfiles() *schema.Schema { Optional: true, ValidateFunc: azureHelpers.ValidateResourceID, }, + "oms_agent_identity": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "client_id": { + Type: schema.TypeString, + Computed: true, + }, + "object_id": { + Type: schema.TypeString, + Computed: true, + }, + "user_assigned_identity_id": { + Type: schema.TypeString, + Computed: true, + }, + }, + }, + }, }, }, }, @@ -170,8 +190,8 @@ func expandKubernetesAddOnProfiles(input []interface{}, env azure.Environment) ( config := make(map[string]*string) enabled := value["enabled"].(bool) - if workspaceId, ok := value["log_analytics_workspace_id"]; ok && workspaceId != "" { - config["logAnalyticsWorkspaceResourceID"] = utils.String(workspaceId.(string)) + if workspaceID, ok := value["log_analytics_workspace_id"]; ok && workspaceID != "" { + config["logAnalyticsWorkspaceResourceID"] = utils.String(workspaceID.(string)) } addonProfiles[omsAgentKey] = &containerservice.ManagedClusterAddonProfile{ @@ -330,14 +350,17 @@ func flattenKubernetesAddOnProfiles(profile map[string]*containerservice.Managed enabled = *enabledVal } - workspaceId := "" + workspaceID := "" if workspaceResourceID := omsAgent.Config["logAnalyticsWorkspaceResourceID"]; workspaceResourceID != nil { - workspaceId = *workspaceResourceID + workspaceID = *workspaceResourceID } + omsagentIdentity := flattenKubernetesClusterOmsAgentIdentityProfile(omsAgent.Identity) + omsAgents = append(omsAgents, map[string]interface{}{ "enabled": enabled, - "log_analytics_workspace_id": workspaceId, + "log_analytics_workspace_id": workspaceID, + "oms_agent_identity": omsagentIdentity, }) } @@ -356,3 +379,33 @@ func flattenKubernetesAddOnProfiles(profile map[string]*containerservice.Managed }, } } + +func flattenKubernetesClusterOmsAgentIdentityProfile(profile *containerservice.ManagedClusterAddonProfileIdentity) []interface{} { + if profile == nil { + return []interface{}{} + } + + identity := make([]interface{}, 0) + clientID := "" + if clientid := profile.ClientID; clientid != nil { + clientID = *clientid + } + + objectID := "" + if objectid := profile.ObjectID; objectid != nil { + objectID = *objectid + } + + userAssignedIdentityID := "" + if resourceid := profile.ResourceID; resourceid != nil { + userAssignedIdentityID = *resourceid + } + + identity = append(identity, map[string]interface{}{ + "client_id": clientID, + "object_id": objectID, + "user_assigned_identity_id": userAssignedIdentityID, + }) + + return identity +} diff --git a/azurerm/internal/services/containers/kubernetes_cluster_data_source.go b/azurerm/internal/services/containers/kubernetes_cluster_data_source.go index 813b80323573..c4b2933bbe20 100644 --- a/azurerm/internal/services/containers/kubernetes_cluster_data_source.go +++ b/azurerm/internal/services/containers/kubernetes_cluster_data_source.go @@ -68,6 +68,26 @@ func dataSourceArmKubernetesCluster() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "oms_agent_identity": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "client_id": { + Type: schema.TypeString, + Computed: true, + }, + "object_id": { + Type: schema.TypeString, + Computed: true, + }, + "user_assigned_identity_id": { + Type: schema.TypeString, + Computed: true, + }, + }, + }, + }, }, }, }, @@ -664,14 +684,17 @@ func flattenKubernetesClusterDataSourceAddonProfiles(profile map[string]*contain enabled = *enabledVal } - workspaceId := "" + workspaceID := "" if workspaceResourceID := omsAgent.Config["logAnalyticsWorkspaceResourceID"]; workspaceResourceID != nil { - workspaceId = *workspaceResourceID + workspaceID = *workspaceResourceID } + omsagentIdentity := flattenKubernetesClusterDataSourceOmsAgentIdentityProfile(omsAgent.Identity) + output := map[string]interface{}{ "enabled": enabled, - "log_analytics_workspace_id": workspaceId, + "log_analytics_workspace_id": workspaceID, + "oms_agent_identity": omsagentIdentity, } agents = append(agents, output) } @@ -708,6 +731,36 @@ func flattenKubernetesClusterDataSourceAddonProfiles(profile map[string]*contain return []interface{}{values} } +func flattenKubernetesClusterDataSourceOmsAgentIdentityProfile(profile *containerservice.ManagedClusterAddonProfileIdentity) []interface{} { + if profile == nil { + return []interface{}{} + } + + identity := make([]interface{}, 0) + clientID := "" + if clientid := profile.ClientID; clientid != nil { + clientID = *clientid + } + + objectID := "" + if objectid := profile.ObjectID; objectid != nil { + objectID = *objectid + } + + userAssignedIdentityID := "" + if resourceid := profile.ResourceID; resourceid != nil { + userAssignedIdentityID = *resourceid + } + + identity = append(identity, map[string]interface{}{ + "client_id": clientID, + "object_id": objectID, + "user_assigned_identity_id": userAssignedIdentityID, + }) + + return identity +} + func flattenKubernetesClusterDataSourceAgentPoolProfiles(input *[]containerservice.ManagedClusterAgentPoolProfile) []interface{} { agentPoolProfiles := make([]interface{}, 0) @@ -865,8 +918,8 @@ func flattenKubernetesClusterDataSourceServicePrincipalProfile(profile *containe values := make(map[string]interface{}) - if clientId := profile.ClientID; clientId != nil { - values["client_id"] = *clientId + if clientID := profile.ClientID; clientID != nil { + values["client_id"] = *clientID } return []interface{}{values} diff --git a/azurerm/internal/services/containers/tests/kubernetes_cluster_addons_resource_test.go b/azurerm/internal/services/containers/tests/kubernetes_cluster_addons_resource_test.go index f0d63f801efa..208aca3acf30 100644 --- a/azurerm/internal/services/containers/tests/kubernetes_cluster_addons_resource_test.go +++ b/azurerm/internal/services/containers/tests/kubernetes_cluster_addons_resource_test.go @@ -138,6 +138,9 @@ func testAccAzureRMKubernetesCluster_addonProfileOMS(t *testing.T) { resource.TestCheckResourceAttr(data.ResourceName, "addon_profile.0.oms_agent.#", "1"), resource.TestCheckResourceAttr(data.ResourceName, "addon_profile.0.oms_agent.0.enabled", "true"), resource.TestCheckResourceAttrSet(data.ResourceName, "addon_profile.0.oms_agent.0.log_analytics_workspace_id"), + resource.TestCheckResourceAttrSet(data.ResourceName, "addon_profile.0.oms_agent.0.oms_agent_identity.0.client_id"), + resource.TestCheckResourceAttrSet(data.ResourceName, "addon_profile.0.oms_agent.0.oms_agent_identity.0.object_id"), + resource.TestCheckResourceAttrSet(data.ResourceName, "addon_profile.0.oms_agent.0.oms_agent_identity.0.user_assigned_identity_id"), ), }, data.ImportStep(), diff --git a/azurerm/internal/services/containers/tests/kubernetes_cluster_data_source_test.go b/azurerm/internal/services/containers/tests/kubernetes_cluster_data_source_test.go index 8a2e20e8093f..853dea1e4ec8 100644 --- a/azurerm/internal/services/containers/tests/kubernetes_cluster_data_source_test.go +++ b/azurerm/internal/services/containers/tests/kubernetes_cluster_data_source_test.go @@ -415,6 +415,9 @@ func testAccDataSourceAzureRMKubernetesCluster_addOnProfileOMS(t *testing.T) { resource.TestCheckResourceAttr(data.ResourceName, "addon_profile.0.oms_agent.#", "1"), resource.TestCheckResourceAttr(data.ResourceName, "addon_profile.0.oms_agent.0.enabled", "true"), resource.TestCheckResourceAttrSet(data.ResourceName, "addon_profile.0.oms_agent.0.log_analytics_workspace_id"), + resource.TestCheckResourceAttrSet(data.ResourceName, "addon_profile.0.oms_agent.0.oms_agent_identity.0.client_id"), + resource.TestCheckResourceAttrSet(data.ResourceName, "addon_profile.0.oms_agent.0.oms_agent_identity.0.object_id"), + resource.TestCheckResourceAttrSet(data.ResourceName, "addon_profile.0.oms_agent.0.oms_agent_identity.0.user_assigned_identity_id"), ), }, }, diff --git a/website/docs/d/kubernetes_cluster.html.markdown b/website/docs/d/kubernetes_cluster.html.markdown index 807fa1969d77..abe26ed544b5 100644 --- a/website/docs/d/kubernetes_cluster.html.markdown +++ b/website/docs/d/kubernetes_cluster.html.markdown @@ -211,6 +211,18 @@ A `oms_agent` block exports the following: * `log_analytics_workspace_id` - The ID of the Log Analytics Workspace which the OMS Agent should send data to. +* `oms_agent_identity` - An `oms_agent_identity` block as defined below. + +--- + +The `oms_agent_identity` block exports the following: + +* `client_id` - The Client ID of the user-defined Managed Identity used by the OMS Agents. + +* `object_id` - The Object ID of the user-defined Managed Identity used by the OMS Agents. + +* `user_assigned_identity_id` - The ID of the User Assigned Identity used by the OMS Agents. + --- A `kube_dashboard` block supports the following: diff --git a/website/docs/r/kubernetes_cluster.html.markdown b/website/docs/r/kubernetes_cluster.html.markdown index 949cc86bfeb3..c27b5ff5a4ac 100644 --- a/website/docs/r/kubernetes_cluster.html.markdown +++ b/website/docs/r/kubernetes_cluster.html.markdown @@ -313,6 +313,8 @@ A `oms_agent` block supports the following: * `log_analytics_workspace_id` - (Optional) The ID of the Log Analytics Workspace which the OMS Agent should send data to. Must be present if `enabled` is `true`. +* `oms_agent_identity` - An `oms_agent_identity` block as defined below. + --- A `role_based_access_control` block supports the following: @@ -400,6 +402,16 @@ The `kubelet_identity` block exports the following: --- +The `oms_agent_identity` block exports the following: + +* `client_id` - The Client ID of the user-defined Managed Identity used by the OMS Agents. + +* `object_id` - The Object ID of the user-defined Managed Identity used by the OMS Agents. + +* `user_assigned_identity_id` - The ID of the User Assigned Identity used by the OMS Agents. + +--- + The `kube_admin_config` and `kube_config` blocks export the following: * `client_key` - Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.