From 01c1ca9b06000593691cb204edca08ff6785033c Mon Sep 17 00:00:00 2001 From: kt Date: Tue, 17 Sep 2019 13:58:08 -0700 Subject: [PATCH] =?UTF-8?q?azurerm=5Fkubernetes=5Fcluster:=20pass=20servic?= =?UTF-8?q?e=5Fpricipal.client=5Fsecret=E2=80=A6=20(#4339)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- azurerm/resource_arm_kubernetes_cluster.go | 10 +- .../resource_arm_kubernetes_cluster_test.go | 98 +++++++++++-------- 2 files changed, 64 insertions(+), 44 deletions(-) diff --git a/azurerm/resource_arm_kubernetes_cluster.go b/azurerm/resource_arm_kubernetes_cluster.go index 8bca133fc86c..417f71744713 100644 --- a/azurerm/resource_arm_kubernetes_cluster.go +++ b/azurerm/resource_arm_kubernetes_cluster.go @@ -792,7 +792,7 @@ func resourceArmKubernetesClusterRead(d *schema.ResourceData, meta interface{}) return fmt.Errorf("Error setting `role_based_access_control`: %+v", err) } - servicePrincipal := flattenAzureRmKubernetesClusterServicePrincipalProfile(props.ServicePrincipalProfile) + servicePrincipal := flattenAzureRmKubernetesClusterServicePrincipalProfile(props.ServicePrincipalProfile, d) if err := d.Set("service_principal", servicePrincipal); err != nil { return fmt.Errorf("Error setting `service_principal`: %+v", err) } @@ -1442,7 +1442,7 @@ func expandAzureRmKubernetesClusterServicePrincipal(d *schema.ResourceData) *con return &principal } -func flattenAzureRmKubernetesClusterServicePrincipalProfile(profile *containerservice.ManagedClusterServicePrincipalProfile) []interface{} { +func flattenAzureRmKubernetesClusterServicePrincipalProfile(profile *containerservice.ManagedClusterServicePrincipalProfile, d *schema.ResourceData) []interface{} { if profile == nil { return []interface{}{} } @@ -1452,8 +1452,10 @@ func flattenAzureRmKubernetesClusterServicePrincipalProfile(profile *containerse if clientId := profile.ClientID; clientId != nil { values["client_id"] = *clientId } - if secret := profile.Secret; secret != nil { - values["client_secret"] = *secret + + // client secret isn't returned by the API so pass the existing value along + if v, ok := d.GetOk("service_principal.0.client_secret"); ok { + values["client_secret"] = v.(string) } return []interface{}{values} diff --git a/azurerm/resource_arm_kubernetes_cluster_test.go b/azurerm/resource_arm_kubernetes_cluster_test.go index 5bdc68749c0a..c675b68f3e65 100644 --- a/azurerm/resource_arm_kubernetes_cluster_test.go +++ b/azurerm/resource_arm_kubernetes_cluster_test.go @@ -40,13 +40,14 @@ func TestAccAzureRMKubernetesCluster_basic(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "kube_admin_config.#", "0"), resource.TestCheckResourceAttr(resourceName, "kube_admin_config_raw", ""), resource.TestCheckResourceAttrSet(resourceName, "agent_pool_profile.0.max_pods"), - resource.TestCheckResourceAttr(resourceName, "network_profile.0.load_balancer_sku", "basic"), + resource.TestCheckResourceAttr(resourceName, "network_profile.0.load_balancer_sku", "Basic"), ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateVerify: true, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"service_principal.0.client_secret"}, }, }, }) @@ -107,9 +108,10 @@ func TestAccAzureRMKubernetesCluster_roleBasedAccessControl(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateVerify: true, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"service_principal.0.client_secret"}, }, }, }) @@ -144,10 +146,13 @@ func TestAccAzureRMKubernetesCluster_roleBasedAccessControlAAD(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"role_based_access_control.0.azure_active_directory.0.server_app_secret"}, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{ + "service_principal.0.client_secret", + "role_based_access_control.0.azure_active_directory.0.server_app_secret", + }, }, { // should be no changes since the default for Tenant ID comes from the Provider block @@ -158,10 +163,13 @@ func TestAccAzureRMKubernetesCluster_roleBasedAccessControlAAD(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"role_based_access_control.0.azure_active_directory.0.server_app_secret"}, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{ + "service_principal.0.client_secret", + "role_based_access_control.0.azure_active_directory.0.server_app_secret", + }, }, }, }) @@ -194,9 +202,10 @@ func TestAccAzureRMKubernetesCluster_linuxProfile(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateVerify: true, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"service_principal.0.client_secret"}, }, }, }) @@ -231,10 +240,13 @@ func TestAccAzureRMKubernetesCluster_windowsProfile(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"windows_profile.0.admin_password"}, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{ + "windows_profile.0.admin_password", + "service_principal.0.client_secret", + }, }, }, }) @@ -690,9 +702,10 @@ func TestAccAzureRMKubernetesCluster_apiServerAuthorizedIPRanges(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateVerify: true, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"service_principal.0.client_secret"}, }, }, }) @@ -730,9 +743,10 @@ func TestAccAzureRMKubernetesCluster_virtualMachineScaleSets(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateVerify: true, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"service_principal.0.client_secret"}, }, }, }) @@ -761,9 +775,10 @@ func TestAccAzureRMKubernetesCluster_autoScalingNoAvailabilityZones(t *testing.T ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateVerify: true, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"service_principal.0.client_secret"}, }, }, }) @@ -795,9 +810,10 @@ func TestAccAzureRMKubernetesCluster_autoScalingWithAvailabilityZones(t *testing ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateVerify: true, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"service_principal.0.client_secret"}, }, }, }) @@ -869,9 +885,10 @@ func TestAccAzureRMKubernetesCluster_nodeResourceGroup(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateVerify: true, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"service_principal.0.client_secret"}, }, }, }) @@ -897,9 +914,10 @@ func TestAccAzureRMKubernetesCluster_enablePodSecurityPolicy(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateVerify: true, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"service_principal.0.client_secret"}, }, }, })