Skip to content

Commit

Permalink
chore: Apply changes from code review
Browse files Browse the repository at this point in the history
- nullable=false on `kms_enabled`
- Validate kms_enabled and UserAssigned identity
  • Loading branch information
mkilchhofer committed Jan 23, 2023
1 parent 2058adc commit 54029b0
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 0 deletions.
4 changes: 4 additions & 0 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -291,6 +291,10 @@ resource "azurerm_kubernetes_cluster" "main" {
condition = var.role_based_access_control_enabled || !var.rbac_aad
error_message = "Enabling Azure Active Directory integration requires that `role_based_access_control_enabled` be set to true."
}
precondition {
condition = var.kms_enabled && var.identity_type != "UserAssigned"
error_message = "KMS etcd encryption doesn't work with system-assigned managed identity."
}
}
}

Expand Down
1 change: 1 addition & 0 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -339,6 +339,7 @@ variable "kms_enabled" {
type = bool
description = "(Optional) Enable Azure KeyVault Key Management Service."
default = false
nullable = false
}

variable "kms_key_vault_key_id" {
Expand Down

0 comments on commit 54029b0

Please sign in to comment.