From 66a3e552bea19ed3b9192cf4bcb0762179a99319 Mon Sep 17 00:00:00 2001 From: aristosvo <8375124+aristosvo@users.noreply.github.com> Date: Tue, 26 May 2020 00:30:46 +0200 Subject: [PATCH] d/azurerm_kubernetes_cluster extended with kubelet_identity and identity (#6527) Co-authored-by: kt Fixes #6514 --- .../kubernetes_cluster_data_source.go | 106 ++++++++++++++++++ .../kubernetes_cluster_data_source_test.go | 6 + .../docs/d/kubernetes_cluster.html.markdown | 24 ++++ 3 files changed, 136 insertions(+) diff --git a/azurerm/internal/services/containers/kubernetes_cluster_data_source.go b/azurerm/internal/services/containers/kubernetes_cluster_data_source.go index c4b2933bbe200..603fc0f2331ac 100644 --- a/azurerm/internal/services/containers/kubernetes_cluster_data_source.go +++ b/azurerm/internal/services/containers/kubernetes_cluster_data_source.go @@ -251,6 +251,27 @@ func dataSourceArmKubernetesCluster() *schema.Resource { Computed: true, }, + "identity": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "type": { + Type: schema.TypeString, + Computed: true, + }, + "principal_id": { + Type: schema.TypeString, + Computed: true, + }, + "tenant_id": { + Type: schema.TypeString, + Computed: true, + }, + }, + }, + }, + "kubernetes_version": { Type: schema.TypeString, Computed: true, @@ -338,6 +359,27 @@ func dataSourceArmKubernetesCluster() *schema.Resource { Sensitive: true, }, + "kubelet_identity": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "client_id": { + Type: schema.TypeString, + Computed: true, + }, + "object_id": { + Type: schema.TypeString, + Computed: true, + }, + "user_assigned_identity_id": { + Type: schema.TypeString, + Computed: true, + }, + }, + }, + }, + "linux_profile": { Type: schema.TypeList, Computed: true, @@ -536,6 +578,11 @@ func dataSourceArmKubernetesClusterRead(d *schema.ResourceData, meta interface{} return fmt.Errorf("Error setting `agent_pool_profile`: %+v", err) } + kubeletIdentity := flattenKubernetesClusterDataSourceIdentityProfile(props.IdentityProfile) + if err := d.Set("kubelet_identity", kubeletIdentity); err != nil { + return fmt.Errorf("setting `kubelet_identity`: %+v", err) + } + linuxProfile := flattenKubernetesClusterDataSourceLinuxProfile(props.LinuxProfile) if err := d.Set("linux_profile", linuxProfile); err != nil { return fmt.Errorf("Error setting `linux_profile`: %+v", err) @@ -579,6 +626,10 @@ func dataSourceArmKubernetesClusterRead(d *schema.ResourceData, meta interface{} } } + if err := d.Set("identity", flattenKubernetesClusterDataSourceManagedClusterIdentity(resp.Identity)); err != nil { + return fmt.Errorf("setting `identity`: %+v", err) + } + kubeConfigRaw, kubeConfig := flattenKubernetesClusterDataSourceAccessProfile(profile) d.Set("kube_config_raw", kubeConfigRaw) if err := d.Set("kube_config", kubeConfig); err != nil { @@ -839,6 +890,38 @@ func flattenKubernetesClusterDataSourceAgentPoolProfiles(input *[]containerservi return agentPoolProfiles } +func flattenKubernetesClusterDataSourceIdentityProfile(profile map[string]*containerservice.ManagedClusterPropertiesIdentityProfileValue) []interface{} { + if profile == nil { + return []interface{}{} + } + + kubeletIdentity := make([]interface{}, 0) + if kubeletidentity := profile["kubeletidentity"]; kubeletidentity != nil { + clientId := "" + if clientid := kubeletidentity.ClientID; clientid != nil { + clientId = *clientid + } + + objectId := "" + if objectid := kubeletidentity.ObjectID; objectid != nil { + objectId = *objectid + } + + userAssignedIdentityId := "" + if resourceid := kubeletidentity.ResourceID; resourceid != nil { + userAssignedIdentityId = *resourceid + } + + kubeletIdentity = append(kubeletIdentity, map[string]interface{}{ + "client_id": clientId, + "object_id": objectId, + "user_assigned_identity_id": userAssignedIdentityId, + }) + } + + return kubeletIdentity +} + func flattenKubernetesClusterDataSourceLinuxProfile(input *containerservice.LinuxProfile) []interface{} { values := make(map[string]interface{}) sshKeys := make([]interface{}, 0) @@ -959,3 +1042,26 @@ func flattenKubernetesClusterDataSourceKubeConfigAAD(config kubernetes.KubeConfi return []interface{}{values} } + +func flattenKubernetesClusterDataSourceManagedClusterIdentity(input *containerservice.ManagedClusterIdentity) []interface{} { + // if it's none, omit the block + if input == nil || input.Type == containerservice.None { + return []interface{}{} + } + + identity := make(map[string]interface{}) + + identity["principal_id"] = "" + if input.PrincipalID != nil { + identity["principal_id"] = *input.PrincipalID + } + + identity["tenant_id"] = "" + if input.TenantID != nil { + identity["tenant_id"] = *input.TenantID + } + + identity["type"] = string(input.Type) + + return []interface{}{identity} +} diff --git a/azurerm/internal/services/containers/tests/kubernetes_cluster_data_source_test.go b/azurerm/internal/services/containers/tests/kubernetes_cluster_data_source_test.go index 853dea1e4ec84..cc7924e88a58c 100644 --- a/azurerm/internal/services/containers/tests/kubernetes_cluster_data_source_test.go +++ b/azurerm/internal/services/containers/tests/kubernetes_cluster_data_source_test.go @@ -36,6 +36,12 @@ func testAccDataSourceAzureRMKubernetesCluster_basic(t *testing.T) { resource.TestCheckResourceAttrSet(data.ResourceName, "kube_config.0.password"), resource.TestCheckResourceAttr(data.ResourceName, "kube_admin_config.#", "0"), resource.TestCheckResourceAttr(data.ResourceName, "kube_admin_config_raw", ""), + resource.TestCheckResourceAttrSet(data.ResourceName, "kubelet_identity.0.object_id"), + resource.TestCheckResourceAttrSet(data.ResourceName, "kubelet_identity.0.client_id"), + resource.TestCheckResourceAttrSet(data.ResourceName, "kubelet_identity.0.user_assigned_identity_id"), + resource.TestCheckResourceAttr(data.ResourceName, "identity.0.type", "SystemAssigned"), + resource.TestCheckResourceAttrSet(data.ResourceName, "identity.0.principal_id"), + resource.TestCheckResourceAttrSet(data.ResourceName, "identity.0.tenant_id"), ), }, }, diff --git a/website/docs/d/kubernetes_cluster.html.markdown b/website/docs/d/kubernetes_cluster.html.markdown index abe26ed544b5b..1f5f4a1c85888 100644 --- a/website/docs/d/kubernetes_cluster.html.markdown +++ b/website/docs/d/kubernetes_cluster.html.markdown @@ -78,6 +78,10 @@ The following attributes are exported: * `service_principal` - A `service_principal` block as documented below. +* `identity` - A `identity` block as documented below. + +* `kubelet_identity` - A `kubelet_identity` block as documented below. + * `tags` - A mapping of tags assigned to this resource. --- @@ -251,6 +255,26 @@ A `service_principal` block supports the following: --- +The `identity` block exports the following: + +* `type` - The type of identity used for the managed cluster. + +* `principal_id` - The principal id of the system assigned identity which is used by master components. + +* `tenant_id` - The tenant id of the system assigned identity which is used by master components. + +--- + +The `kubelet_identity` block exports the following: + +* `client_id` - The Client ID of the user-defined Managed Identity assigned to the Kubelets. + +* `object_id` - The Object ID of the user-defined Managed Identity assigned to the Kubelets. + +* `user_assigned_identity_id` - The ID of the User Assigned Identity assigned to the Kubelets. + +--- + A `ssh_key` block exports the following: * `key_data` - The Public SSH Key used to access the cluster.