chore: Apply changes from code review

- nullable=false on `kms_enabled` - Validate kms_enabled and UserAssigned identity
Azure · Jan 23, 2023 · 0d2123c · 0d2123c
1 parent 25c45a7
commit 0d2123c
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/main.tf b/main.tf
@@ -291,6 +291,10 @@ resource "azurerm_kubernetes_cluster" "main" {
       condition     = var.role_based_access_control_enabled || !var.rbac_aad
       error_message = "Enabling Azure Active Directory integration requires that `role_based_access_control_enabled` be set to true."
     }
+    precondition {
+      condition     = var.kms_enabled && var.identity_type != "UserAssigned"
+      error_message = "KMS etcd encryption doesn't work with system-assigned managed identity."
+    }
   }
 }
 

diff --git a/variables.tf b/variables.tf
@@ -339,6 +339,7 @@ variable "kms_enabled" {
   type        = bool
   description = "(Optional) Enable Azure KeyVault Key Management Service."
   default     = false
+  nullable    = false
 }
 
 variable "kms_key_vault_key_id" {