From 332b9f414cd3cf0f454fe92a0fa6ef792b38e471 Mon Sep 17 00:00:00 2001 From: Matthew Date: Thu, 25 Aug 2022 14:00:16 -0700 Subject: [PATCH] Fix issue with kubernetes 1.42.3 --- .../kubernetes_cluster_auth_resource_test.go | 45 +++++++++++++++++++ .../kubernetes_cluster_data_source.go | 2 +- .../kubernetes_cluster_data_source_test.go | 26 +++++++++++ 3 files changed, 72 insertions(+), 1 deletion(-) diff --git a/internal/services/containers/kubernetes_cluster_auth_resource_test.go b/internal/services/containers/kubernetes_cluster_auth_resource_test.go index 01a99adbeb08..6f9907496cce 100644 --- a/internal/services/containers/kubernetes_cluster_auth_resource_test.go +++ b/internal/services/containers/kubernetes_cluster_auth_resource_test.go @@ -810,6 +810,51 @@ resource "azurerm_kubernetes_cluster" "test" { `, tenantId, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger) } +func (KubernetesClusterResource) roleBasedAccessControlAADManagedConfigVOneDotTwoFourDotThree(data acceptance.TestData, tenantId string) string { + return fmt.Sprintf(` +variable "tenant_id" { + default = "%s" +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-aks-%d" + location = "%s" +} + +resource "azurerm_kubernetes_cluster" "test" { + name = "acctestaks%d" + location = "${azurerm_resource_group.test.location}" + resource_group_name = "${azurerm_resource_group.test.name}" + dns_prefix = "acctestaks%d" + kubernetes_version = "1.24.3" + + linux_profile { + admin_username = "acctestuser%d" + + ssh_key { + key_data = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqaZoyiz1qbdOQ8xEf6uEu1cCwYowo5FHtsBhqLoDnnp7KUTEBN+L2NxRIfQ781rxV6Iq5jSav6b2Q8z5KiseOlvKA/RF2wqU0UPYqQviQhLmW6THTpmrv/YkUCuzxDpsH7DUDhZcwySLKVVe0Qm3+5N2Ta6UYH3lsDf9R9wTP2K/+vAnflKebuypNlmocIvakFWoZda18FOmsOoIVXQ8HWFNCuw9ZCunMSN62QGamCe3dL5cXlkgHYv7ekJE15IA9aOJcM7e90oeTqo+7HTcWfdu0qQqPWY5ujyMw/llas8tsXY85LFqRnr3gJ02bAscjc477+X+j/gkpFoN1QEmt terraform@demo.tld" + } + } + + default_node_pool { + name = "default" + node_count = 1 + vm_size = "Standard_DS2_v2" + } + + identity { + type = "SystemAssigned" + } + + azure_active_directory_role_based_access_control { + tenant_id = var.tenant_id + managed = true + azure_rbac_enabled = false + } +} +`, tenantId, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger) +} + func (KubernetesClusterResource) roleBasedAccessControlAADManagedConfigWithLocalAccountDisabled(data acceptance.TestData, tenantId string) string { return fmt.Sprintf(` variable "tenant_id" { diff --git a/internal/services/containers/kubernetes_cluster_data_source.go b/internal/services/containers/kubernetes_cluster_data_source.go index d2e5131835ae..b5497fed1662 100644 --- a/internal/services/containers/kubernetes_cluster_data_source.go +++ b/internal/services/containers/kubernetes_cluster_data_source.go @@ -789,7 +789,7 @@ func flattenKubernetesClusterDataSourceAccessProfile(profile containerservice.Ma rawConfig := string(*kubeConfigRaw) var flattenedKubeConfig []interface{} - if strings.Contains(rawConfig, "apiserver-id:") { + if strings.Contains(rawConfig, "apiserver-id:") || strings.Contains(rawConfig, "exec") { kubeConfigAAD, err := kubernetes.ParseKubeConfigAAD(rawConfig) if err != nil { return utils.String(rawConfig), []interface{}{} diff --git a/internal/services/containers/kubernetes_cluster_data_source_test.go b/internal/services/containers/kubernetes_cluster_data_source_test.go index 21b04a05c315..f1f3ad765f03 100644 --- a/internal/services/containers/kubernetes_cluster_data_source_test.go +++ b/internal/services/containers/kubernetes_cluster_data_source_test.go @@ -70,6 +70,21 @@ func TestAccDataSourceKubernetesCluster_roleBasedAccessControl(t *testing.T) { }) } +func TestAccDataSourceKubernetesCluster_roleBasedAccessControlAAD_VOneDotTwoFourDotThree(t *testing.T) { + data := acceptance.BuildTestData(t, "data.azurerm_kubernetes_cluster", "test") + r := KubernetesClusterDataSource{} + + data.DataSourceTest(t, []acceptance.TestStep{ + { + Config: r.roleBasedAccessControlAADManagedConfigVOneDotTwoFourDotThree(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).Key("kube_config.#").HasValue("1"), + check.That(data.ResourceName).Key("kube_config.0.host").IsSet(), + ), + }, + }) +} + func TestAccDataSourceKubernetesCluster_roleBasedAccessControlAAD(t *testing.T) { data := acceptance.BuildTestData(t, "data.azurerm_kubernetes_cluster", "test") r := KubernetesClusterDataSource{} @@ -568,6 +583,17 @@ data "azurerm_kubernetes_cluster" "test" { `, KubernetesClusterResource{}.roleBasedAccessControlConfig(data)) } +func (KubernetesClusterDataSource) roleBasedAccessControlAADManagedConfigVOneDotTwoFourDotThree(data acceptance.TestData) string { + return fmt.Sprintf(` +%s + +data "azurerm_kubernetes_cluster" "test" { + name = azurerm_kubernetes_cluster.test.name + resource_group_name = azurerm_kubernetes_cluster.test.resource_group_name +} +`, KubernetesClusterResource{}.roleBasedAccessControlAADManagedConfigVOneDotTwoFourDotThree(data, "")) +} + func (KubernetesClusterDataSource) localAccountDisabled(data acceptance.TestData, tenantId string) string { return fmt.Sprintf(` %s