From 5413bbfcf7ff980fd399608a6d2e0ce24ea7970d Mon Sep 17 00:00:00 2001
From: Yuping Wei <56525716+yupwei68@users.noreply.github.com>
Date: Mon, 24 May 2021 16:33:57 +0800
Subject: [PATCH] Add variable `identity_type` and `user_assigned_identity_id`
 (#100)

* Update docker file to use the current terraform-test image

* Remove deprecated  -check-variables from test script

* Add init step to validation test

* update

* update

* update

* update

* updatwe

* update

* update

* r1

* update README

* update

* update

* identity

* update

* update

Co-authored-by: Malte Lantin <malantin@microsoft.com>
Co-authored-by: Ubuntu <weiyuping@ubuntu-wyp.4smfdm3ngeyufpdz0muw5zebpc.bx.internal.cloudapp.net>
Co-authored-by: root <root@ubuntu-wyp.4smfdm3ngeyufpdz0muw5zebpc.bx.internal.cloudapp.net>
Co-authored-by: Ubuntu <weiyuping@wyp-ubuntu.qiq11x12zo3e5gy3a0w4i3oaya.xx.internal.cloudapp.net>
---
 main.tf              |  5 +++--
 test/fixture/main.tf |  8 ++++++++
 variables.tf         | 12 ++++++++++++
 3 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/main.tf b/main.tf
index 0a5fb8b5..440025d7 100644
--- a/main.tf
+++ b/main.tf
@@ -77,7 +77,8 @@ resource "azurerm_kubernetes_cluster" "main" {
   dynamic "identity" {
     for_each = var.client_id == "" || var.client_secret == "" ? ["identity"] : []
     content {
-      type = "SystemAssigned"
+      type                      = var.identity_type
+      user_assigned_identity_id = var.user_assigned_identity_id
     }
   }
 
@@ -112,7 +113,7 @@ resource "azurerm_kubernetes_cluster" "main" {
     }
 
     dynamic "azure_active_directory" {
-      for_each = var.enable_role_based_access_control && !var.rbac_aad_managed ? ["rbac"] : []
+      for_each = var.enable_role_based_access_control && ! var.rbac_aad_managed ? ["rbac"] : []
       content {
         managed           = false
         client_app_id     = var.rbac_aad_client_app_id
diff --git a/test/fixture/main.tf b/test/fixture/main.tf
index 892e60e8..244cf1d7 100644
--- a/test/fixture/main.tf
+++ b/test/fixture/main.tf
@@ -24,6 +24,12 @@ resource "azurerm_subnet" "test" {
   address_prefixes     = ["10.52.0.0/24"]
 }
 
+resource "azurerm_user_assigned_identity" "test" {
+  resource_group_name = azurerm_resource_group.main.name
+  location            = azurerm_resource_group.main.location
+  name                = "${random_id.prefix.hex}-identity"
+}
+
 module "aks" {
   source                          = "../.."
   prefix                          = "prefix-${random_id.prefix.hex}"
@@ -81,5 +87,7 @@ module "aks_cluster_name" {
   cluster_log_analytics_workspace_name = "test-cluster"
   enable_kube_dashboard                = false
   net_profile_pod_cidr                 = "10.1.0.0/16"
+  identity_type                        = "UserAssigned"
+  user_assigned_identity_id            = azurerm_user_assigned_identity.test.id
   depends_on                           = [azurerm_resource_group.main]
 }
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
index 5aedf2c7..073414e6 100644
--- a/variables.tf
+++ b/variables.tf
@@ -271,3 +271,15 @@ variable "agents_max_pods" {
   type        = number
   default     = null
 }
+
+variable "identity_type" {
+  description = "(Optional) The type of identity used for the managed cluster. Conflict with `client_id` and `client_secret`. Possible values are `SystemAssigned` and `UserAssigned`. If `UserAssigned` is set, a `user_assigned_identity_id` must be set as well."
+  type        = string
+  default     = "SystemAssigned"
+}
+
+variable "user_assigned_identity_id" {
+  description = "(Optional) The ID of a user assigned identity."
+  type        = string
+  default     = null
+}