Skip to content

Commit

Permalink
azurerm_kubernetes_cluster: pass service_pricipal.client_secret… (has…
Browse files Browse the repository at this point in the history 
…hicorp#4339)
  • Loading branch information
@katbyte
katbyte authored Sep 17, 2019
1 parent f553926 commit 01c1ca9
Show file tree
Hide file tree
Showing 2 changed files with 64 additions and 44 deletions.
10 changes: 6 additions & 4 deletions azurerm/resource_arm_kubernetes_cluster.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -792,7 +792,7 @@ func resourceArmKubernetesClusterRead(d *schema.ResourceData, meta interface{})
return fmt.Errorf("Error setting `role_based_access_control`: %+v", err)
}

servicePrincipal := flattenAzureRmKubernetesClusterServicePrincipalProfile(props.ServicePrincipalProfile)
servicePrincipal := flattenAzureRmKubernetesClusterServicePrincipalProfile(props.ServicePrincipalProfile, d)
if err := d.Set("service_principal", servicePrincipal); err != nil {
return fmt.Errorf("Error setting `service_principal`: %+v", err)
}
Expand Down Expand Up @@ -1442,7 +1442,7 @@ func expandAzureRmKubernetesClusterServicePrincipal(d *schema.ResourceData) *con
return &principal
}

func flattenAzureRmKubernetesClusterServicePrincipalProfile(profile *containerservice.ManagedClusterServicePrincipalProfile) []interface{} {
func flattenAzureRmKubernetesClusterServicePrincipalProfile(profile *containerservice.ManagedClusterServicePrincipalProfile, d *schema.ResourceData) []interface{} {
if profile == nil {
return []interface{}{}
}
Expand All @@ -1452,8 +1452,10 @@ func flattenAzureRmKubernetesClusterServicePrincipalProfile(profile *containerse
if clientId := profile.ClientID; clientId != nil {
values["client_id"] = *clientId
}
if secret := profile.Secret; secret != nil {
values["client_secret"] = *secret

// client secret isn't returned by the API so pass the existing value along
if v, ok := d.GetOk("service_principal.0.client_secret"); ok {
values["client_secret"] = v.(string)
}

return []interface{}{values}
Expand Down
98 changes: 58 additions & 40 deletions azurerm/resource_arm_kubernetes_cluster_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,13 +40,14 @@ func TestAccAzureRMKubernetesCluster_basic(t *testing.T) {
resource.TestCheckResourceAttr(resourceName, "kube_admin_config.#", "0"),
resource.TestCheckResourceAttr(resourceName, "kube_admin_config_raw", ""),
resource.TestCheckResourceAttrSet(resourceName, "agent_pool_profile.0.max_pods"),
resource.TestCheckResourceAttr(resourceName, "network_profile.0.load_balancer_sku", "basic"),
resource.TestCheckResourceAttr(resourceName, "network_profile.0.load_balancer_sku", "Basic"),
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"service_principal.0.client_secret"},
},
},
})
Expand Down Expand Up @@ -107,9 +108,10 @@ func TestAccAzureRMKubernetesCluster_roleBasedAccessControl(t *testing.T) {
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"service_principal.0.client_secret"},
},
},
})
Expand Down Expand Up @@ -144,10 +146,13 @@ func TestAccAzureRMKubernetesCluster_roleBasedAccessControlAAD(t *testing.T) {
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"role_based_access_control.0.azure_active_directory.0.server_app_secret"},
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{
"service_principal.0.client_secret",
"role_based_access_control.0.azure_active_directory.0.server_app_secret",
},
},
{
// should be no changes since the default for Tenant ID comes from the Provider block
Expand All @@ -158,10 +163,13 @@ func TestAccAzureRMKubernetesCluster_roleBasedAccessControlAAD(t *testing.T) {
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"role_based_access_control.0.azure_active_directory.0.server_app_secret"},
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{
"service_principal.0.client_secret",
"role_based_access_control.0.azure_active_directory.0.server_app_secret",
},
},
},
})
Expand Down Expand Up @@ -194,9 +202,10 @@ func TestAccAzureRMKubernetesCluster_linuxProfile(t *testing.T) {
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"service_principal.0.client_secret"},
},
},
})
Expand Down Expand Up @@ -231,10 +240,13 @@ func TestAccAzureRMKubernetesCluster_windowsProfile(t *testing.T) {
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"windows_profile.0.admin_password"},
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{
"windows_profile.0.admin_password",
"service_principal.0.client_secret",
},
},
},
})
Expand Down Expand Up @@ -690,9 +702,10 @@ func TestAccAzureRMKubernetesCluster_apiServerAuthorizedIPRanges(t *testing.T) {
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"service_principal.0.client_secret"},
},
},
})
Expand Down Expand Up @@ -730,9 +743,10 @@ func TestAccAzureRMKubernetesCluster_virtualMachineScaleSets(t *testing.T) {
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"service_principal.0.client_secret"},
},
},
})
Expand Down Expand Up @@ -761,9 +775,10 @@ func TestAccAzureRMKubernetesCluster_autoScalingNoAvailabilityZones(t *testing.T
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"service_principal.0.client_secret"},
},
},
})
Expand Down Expand Up @@ -795,9 +810,10 @@ func TestAccAzureRMKubernetesCluster_autoScalingWithAvailabilityZones(t *testing
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"service_principal.0.client_secret"},
},
},
})
Expand Down Expand Up @@ -869,9 +885,10 @@ func TestAccAzureRMKubernetesCluster_nodeResourceGroup(t *testing.T) {
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"service_principal.0.client_secret"},
},
},
})
Expand All @@ -897,9 +914,10 @@ func TestAccAzureRMKubernetesCluster_enablePodSecurityPolicy(t *testing.T) {
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"service_principal.0.client_secret"},
},
},
})
Expand Down

0 comments on commit 01c1ca9

Please sign in to comment.