Skip to content

Commit

Permalink
Add conditional judgment for aadProfile parameters
Browse files Browse the repository at this point in the history
  • Loading branch information
Menghua1 committed Nov 22, 2024
1 parent b462fa9 commit 3de5818
Show file tree
Hide file tree
Showing 3 changed files with 36 additions and 19 deletions.
9 changes: 9 additions & 0 deletions avm/res/container-service/managed-cluster/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2684,6 +2684,7 @@ param tags = {
| [`dnsPrefix`](#parameter-dnsprefix) | string | Specifies the DNS prefix specified when creating the managed cluster. |
| [`dnsServiceIP`](#parameter-dnsserviceip) | string | Specifies the IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. |
| [`dnsZoneResourceId`](#parameter-dnszoneresourceid) | string | Specifies the resource ID of connected DNS zone. It will be ignored if `webApplicationRoutingEnabled` is set to `false`. |
| [`enableAad`](#parameter-enableaad) | bool | Enable Azure Active Directory integration. |
| [`enableAzureDefender`](#parameter-enableazuredefender) | bool | Whether to enable Azure Defender. |
| [`enableAzureMonitorProfileMetrics`](#parameter-enableazuremonitorprofilemetrics) | bool | Whether the metric state of the kubenetes cluster is enabled. |
| [`enableContainerInsights`](#parameter-enablecontainerinsights) | bool | Indicates if Azure Monitor Container Insights Logs Addon is enabled. |
Expand Down Expand Up @@ -4063,6 +4064,14 @@ Specifies the resource ID of connected DNS zone. It will be ignored if `webAppli
- Required: No
- Type: string

### Parameter: `enableAad`

Enable Azure Active Directory integration.

- Required: No
- Type: bool
- Default: `False`

### Parameter: `enableAzureDefender`

Whether to enable Azure Defender.
Expand Down
7 changes: 5 additions & 2 deletions avm/res/container-service/managed-cluster/main.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,9 @@ param adminUsername string = 'azureuser'
@description('Optional. Specifies the SSH RSA public key string for the Linux nodes.')
param sshPublicKey string?

@description('Optional. Enable Azure Active Directory integration.')
param enableAad bool = false

@description('Conditional. Information about a service principal identity for the cluster to use for manipulating Azure APIs. Required if no managed identities are assigned to the cluster.')
param aksServicePrincipalProfile object?

Expand Down Expand Up @@ -739,15 +742,15 @@ resource managedCluster 'Microsoft.ContainerService/managedClusters@2024-03-02-p
}
}
publicNetworkAccess: publicNetworkAccess
aadProfile: {
aadProfile: enableAad ? {
clientAppID: aadProfileClientAppID
serverAppID: aadProfileServerAppID
serverAppSecret: aadProfileServerAppSecret
managed: aadProfileManaged
enableAzureRBAC: aadProfileEnableAzureRBAC
adminGroupObjectIDs: aadProfileAdminGroupObjectIDs
tenantID: aadProfileTenantId
}
} : null
autoScalerProfile: {
'balance-similar-node-groups': toLower(string(autoScalerProfileBalanceSimilarNodeGroups))
expander: autoScalerProfileExpander
Expand Down
39 changes: 22 additions & 17 deletions avm/res/container-service/managed-cluster/main.json
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.34.60546",
"templateHash": "178765084464759811"
"version": "0.30.23.60470",
"templateHash": "13500053223041210958"
},
"name": "Azure Kubernetes Service (AKS) Managed Clusters",
"description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster.",
Expand Down Expand Up @@ -926,6 +926,13 @@
"description": "Optional. Specifies the SSH RSA public key string for the Linux nodes."
}
},
"enableAad": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Optional. Enable Azure Active Directory integration."
}
},
"aksServicePrincipalProfile": {
"type": "object",
"nullable": true,
Expand Down Expand Up @@ -1678,7 +1685,10 @@
"apiVersion": "2023-02-01",
"subscriptionId": "[split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), '//'), '/')[2]]",
"resourceGroup": "[split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), '////'), '/')[4]]",
"name": "[format('{0}/{1}', last(split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), 'dummyVault'), '/')), coalesce(tryGet(parameters('customerManagedKey'), 'keyName'), 'dummyKey'))]"
"name": "[format('{0}/{1}', last(split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), 'dummyVault'), '/')), coalesce(tryGet(parameters('customerManagedKey'), 'keyName'), 'dummyKey'))]",
"dependsOn": [
"cMKKeyVault"
]
},
"avmTelemetry": {
"condition": "[parameters('enableTelemetry')]",
Expand Down Expand Up @@ -1803,15 +1813,7 @@
}
},
"publicNetworkAccess": "[parameters('publicNetworkAccess')]",
"aadProfile": {
"clientAppID": "[parameters('aadProfileClientAppID')]",
"serverAppID": "[parameters('aadProfileServerAppID')]",
"serverAppSecret": "[parameters('aadProfileServerAppSecret')]",
"managed": "[parameters('aadProfileManaged')]",
"enableAzureRBAC": "[parameters('aadProfileEnableAzureRBAC')]",
"adminGroupObjectIDs": "[parameters('aadProfileAdminGroupObjectIDs')]",
"tenantID": "[parameters('aadProfileTenantId')]"
},
"aadProfile": "[if(parameters('enableAad'), createObject('clientAppID', parameters('aadProfileClientAppID'), 'serverAppID', parameters('aadProfileServerAppID'), 'serverAppSecret', parameters('aadProfileServerAppSecret'), 'managed', parameters('aadProfileManaged'), 'enableAzureRBAC', parameters('aadProfileEnableAzureRBAC'), 'adminGroupObjectIDs', parameters('aadProfileAdminGroupObjectIDs'), 'tenantID', parameters('aadProfileTenantId')), null())]",
"autoScalerProfile": {
"balance-similar-node-groups": "[toLower(string(parameters('autoScalerProfileBalanceSimilarNodeGroups')))]",
"expander": "[parameters('autoScalerProfileExpander')]",
Expand Down Expand Up @@ -2005,8 +2007,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.34.60546",
"templateHash": "3191846535289543816"
"version": "0.30.23.60470",
"templateHash": "2505380725266419010"
},
"name": "Azure Kubernetes Service (AKS) Managed Cluster Maintenance Configurations",
"description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster Maintenance Configurations.",
Expand Down Expand Up @@ -2202,8 +2204,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.31.34.60546",
"templateHash": "13504241837980660061"
"version": "0.30.23.60470",
"templateHash": "13856766172443517827"
},
"name": "Azure Kubernetes Service (AKS) Managed Cluster Agent Pools",
"description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster Agent Pool.",
Expand Down Expand Up @@ -2552,7 +2554,10 @@
"vmSize": "[parameters('vmSize')]",
"vnetSubnetID": "[parameters('vnetSubnetResourceId')]",
"workloadRuntime": "[parameters('workloadRuntime')]"
}
},
"dependsOn": [
"managedCluster"
]
}
},
"outputs": {
Expand Down

0 comments on commit 3de5818

Please sign in to comment.