From 575e7a18783ef1b74a0114f68d69127de064d9ba Mon Sep 17 00:00:00 2001
From: Fred-sun <xiuxi.sun@qq.com>
Date: Thu, 14 Oct 2021 18:44:59 +0800
Subject: [PATCH] add new paramter to enable AAD profile

---
 plugins/modules/azure_rm_aks.py                     | 13 ++++++++++++-
 .../targets/azure_rm_aks/tasks/minimal-cluster.yml  |  7 +++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/plugins/modules/azure_rm_aks.py b/plugins/modules/azure_rm_aks.py
index c0331d05e1..65b44e0140 100644
--- a/plugins/modules/azure_rm_aks.py
+++ b/plugins/modules/azure_rm_aks.py
@@ -204,6 +204,15 @@
                 description:
                     - The AAD tenant ID to use for authentication.
                     - If not specified, will use the tenant of the deployment subscription.
+            managed:
+                description:
+                    - Whether to enable manged AAD.
+                type: bool
+                default: false
+            admin_group_object_ids:
+                description:
+                    - AAD group object IDs that will have admin role of the cluster.
+                type: str
     addon:
         description:
             - Profile of managed cluster add-on.
@@ -561,7 +570,9 @@ def create_addon_profiles_spec():
     client_app_id=dict(type='str'),
     server_app_id=dict(type='str'),
     server_app_secret=dict(type='str', no_log=True),
-    tenant_id=dict(type='str')
+    tenant_id=dict(type='str'),
+    managed=dict(type='bool', default='false'),
+    admin_group_object_ids=dict(type='str')
 )
 
 
diff --git a/tests/integration/targets/azure_rm_aks/tasks/minimal-cluster.yml b/tests/integration/targets/azure_rm_aks/tasks/minimal-cluster.yml
index badf956fe9..9fe0d1746a 100644
--- a/tests/integration/targets/azure_rm_aks/tasks/minimal-cluster.yml
+++ b/tests/integration/targets/azure_rm_aks/tasks/minimal-cluster.yml
@@ -13,6 +13,9 @@
     resource_group: "{{ resource_group }}"
     kubernetes_version: "{{ versions.azure_aks_versions[0] }}"
     dns_prefix: "aks{{ rpfx }}"
+    enable_rbac: true
+    aad_profile:
+      managed: true
     agent_pool_profiles:
       - name: default
         count: 1
@@ -37,6 +40,7 @@
     that:
       - "fact.aks | length == 1"
       - fact.aks[0].id == output.id
+      - fact.aks[0].properties.aadProfile.managed == true
 
 - name: Use minimal parameters and system-assigned identity (idempotent)
   azure_rm_aks:
@@ -45,6 +49,9 @@
     resource_group: "{{ resource_group }}"
     kubernetes_version: "{{ versions.azure_aks_versions[0] }}"
     dns_prefix: "aks{{ rpfx }}"
+    enable_rbac: true
+    aad_profile:
+      managed: true
     agent_pool_profiles:
       - name: default
         count: 1