Turn rbac on for test code.

test/fixture/main.tf

@@ -1,5 +1,9 @@
 provider "azurerm" {
-  features {}
+  features {
+    resource_group {
+      prevent_deletion_if_contains_resources = false
+    }
+  }
 }
 
 resource "random_id" "prefix" {
@@ -31,28 +35,30 @@ resource "azurerm_user_assigned_identity" "test" {
 }
 
 module "aks" {
-  source                          = "../.."
-  prefix                          = "prefix-${random_id.prefix.hex}"
-  resource_group_name             = azurerm_resource_group.main.name
-  client_id                       = var.client_id
-  client_secret                   = var.client_secret
-  network_plugin                  = "azure"
-  vnet_subnet_id                  = azurerm_subnet.test.id
-  os_disk_size_gb                 = 60
-  enable_http_application_routing = true
-  enable_azure_policy             = true
-  enable_host_encryption          = true
-  enable_log_analytics_workspace  = true
-  sku_tier                        = "Paid"
-  private_cluster_enabled         = true
-  enable_auto_scaling             = true
-  agents_min_count                = 1
-  agents_max_count                = 2
-  agents_count                    = null
-  agents_max_pods                 = 100
-  agents_pool_name                = "testnodepool"
-  agents_availability_zones       = ["1", "2"]
-  agents_type                     = "VirtualMachineScaleSets"
+  source                           = "../.."
+  prefix                           = "prefix-${random_id.prefix.hex}"
+  resource_group_name              = azurerm_resource_group.main.name
+  client_id                        = var.client_id
+  client_secret                    = var.client_secret
+  network_plugin                   = "azure"
+  vnet_subnet_id                   = azurerm_subnet.test.id
+  os_disk_size_gb                  = 60
+  enable_http_application_routing  = true
+  enable_azure_policy              = true
+  enable_host_encryption           = true
+  enable_role_based_access_control = true
+  rbac_aad_managed                 = true
+  enable_log_analytics_workspace   = true
+  sku_tier                         = "Paid"
+  private_cluster_enabled          = true
+  enable_auto_scaling              = true
+  agents_min_count                 = 1
+  agents_max_count                 = 2
+  agents_count                     = null
+  agents_max_pods                  = 100
+  agents_pool_name                 = "testnodepool"
+  agents_availability_zones        = ["1", "2"]
+  agents_type                      = "VirtualMachineScaleSets"
 
   agents_labels = {
     "node1" : "label1"
@@ -75,20 +81,24 @@ module "aks" {
 }
 
 module "aks_without_monitor" {
-  source                         = "../.."
-  prefix                         = "prefix2-${random_id.prefix.hex}"
-  resource_group_name            = azurerm_resource_group.main.name
+  source                           = "../.."
+  prefix                           = "prefix2-${random_id.prefix.hex}"
+  resource_group_name              = azurerm_resource_group.main.name
+  enable_role_based_access_control = true
+  rbac_aad_managed                 = true
   #checkov:skip=CKV_AZURE_4:The logging is turn off for demo purpose. DO NOT DO THIS IN PRODUCTION ENVIRONMENT!
-  enable_log_analytics_workspace = false
-  net_profile_pod_cidr           = "10.1.0.0/16"
-  depends_on                     = [azurerm_resource_group.main]
+  enable_log_analytics_workspace   = false
+  net_profile_pod_cidr             = "10.1.0.0/16"
+  depends_on                       = [azurerm_resource_group.main]
 }
 
 module "aks_cluster_name" {
   source                               = "../.."
   cluster_name                         = "test-cluster"
   prefix                               = "prefix"
   resource_group_name                  = azurerm_resource_group.main.name
+  enable_role_based_access_control     = true
+  rbac_aad_managed                     = true
   enable_log_analytics_workspace       = true
   # Not necessary, just for demo purpose.
   admin_username                       = "azureuser"