Skip to content

Commit

Permalink
d/azurerm_kubernetes_cluster: Support local_account_disabled setu…
Browse files Browse the repository at this point in the history
…p in data source (hashicorp#13260)

Fixes hashicorp#13248
  • Loading branch information
aristosvo authored Sep 8, 2021
1 parent c0c4616 commit 3a99c8b
Show file tree
Hide file tree
Showing 3 changed files with 43 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -691,8 +691,8 @@ func dataSourceKubernetesClusterRead(d *pluginsdk.ResourceData, meta interface{}
return fmt.Errorf("setting `service_principal`: %+v", err)
}

// adminProfile is only available for RBAC enabled clusters with AAD
if props.AadProfile != nil {
// adminProfile is only available for RBAC enabled clusters with AAD and without local accounts disabled
if props.AadProfile != nil && (props.DisableLocalAccounts == nil || !*props.DisableLocalAccounts) {
adminProfile, err := client.GetAccessProfile(ctx, resourceGroup, name, "clusterAdmin")
if err != nil {
return fmt.Errorf("retrieving Admin Access Profile for Managed Kubernetes Cluster %q (Resource Group %q): %+v", name, resourceGroup, err)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ var kubernetesDataSourceTests = map[string]func(t *testing.T){
"basic": testAccDataSourceKubernetesCluster_basic,
"roleBasedAccessControl": testAccDataSourceKubernetesCluster_roleBasedAccessControl,
"roleBasedAccessControlAAD": testAccDataSourceKubernetesCluster_roleBasedAccessControlAAD,
"localAccountDisabled": testAccDataSourceKubernetesCluster_localAccountDisabled,
"internalNetwork": testAccDataSourceKubernetesCluster_internalNetwork,
"advancedNetworkingAzure": testAccDataSourceKubernetesCluster_advancedNetworkingAzure,
"advancedNetworkingAzureCalicoPolicy": testAccDataSourceKubernetesCluster_advancedNetworkingAzureCalicoPolicy,
Expand Down Expand Up @@ -145,6 +146,33 @@ func testAccDataSourceKubernetesCluster_roleBasedAccessControlAAD(t *testing.T)
})
}

func TestAccDataSourceKubernetesCluster_localAccountDisabled(t *testing.T) {
checkIfShouldRunTestsIndividually(t)
testAccDataSourceKubernetesCluster_localAccountDisabled(t)
}

func testAccDataSourceKubernetesCluster_localAccountDisabled(t *testing.T) {
data := acceptance.BuildTestData(t, "data.azurerm_kubernetes_cluster", "test")
r := KubernetesClusterDataSource{}
clientData := data.Client()

data.DataSourceTest(t, []acceptance.TestStep{
{
Config: r.localAccountDisabled(data, clientData.TenantID),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).Key("role_based_access_control.#").HasValue("1"),
check.That(data.ResourceName).Key("role_based_access_control.0.enabled").HasValue("true"),
check.That(data.ResourceName).Key("role_based_access_control.0.azure_active_directory.#").HasValue("1"),
check.That(data.ResourceName).Key("role_based_access_control.0.azure_active_directory.0.managed").HasValue("true"),
check.That(data.ResourceName).Key("kube_config.#").HasValue("1"),
check.That(data.ResourceName).Key("kube_config_raw").Exists(),
check.That(data.ResourceName).Key("kube_admin_config.#").HasValue("0"),
check.That(data.ResourceName).Key("kube_admin_config_raw").HasValue(""),
),
},
})
}

func TestAccDataSourceKubernetesCluster_internalNetwork(t *testing.T) {
checkIfShouldRunTestsIndividually(t)
testAccDataSourceKubernetesCluster_internalNetwork(t)
Expand Down Expand Up @@ -638,6 +666,17 @@ data "azurerm_kubernetes_cluster" "test" {
`, KubernetesClusterResource{}.roleBasedAccessControlConfig(data))
}

func (KubernetesClusterDataSource) localAccountDisabled(data acceptance.TestData, tenantId string) string {
return fmt.Sprintf(`
%s
data "azurerm_kubernetes_cluster" "test" {
name = azurerm_kubernetes_cluster.test.name
resource_group_name = azurerm_kubernetes_cluster.test.resource_group_name
}
`, KubernetesClusterResource{}.roleBasedAccessControlAADManagedConfigWithLocalAccountDisabled(data, tenantId))
}

func (KubernetesClusterDataSource) roleBasedAccessControlAADConfig(data acceptance.TestData, clientId, clientSecret, tenantId string) string {
return fmt.Sprintf(`
%s
Expand Down
4 changes: 2 additions & 2 deletions website/docs/d/kubernetes_cluster.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -52,9 +52,9 @@ The following attributes are exported:

-> **NOTE:** At this time Private Link is in Public Preview.

* `kube_admin_config` - A `kube_admin_config` block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled.
* `kube_admin_config` - A `kube_admin_config` block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts are not disabled.

* `kube_admin_config_raw` - Raw Kubernetes config for the admin account to be used by [kubectl](https://kubernetes.io/docs/reference/kubectl/overview/) and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled.
* `kube_admin_config_raw` - Raw Kubernetes config for the admin account to be used by [kubectl](https://kubernetes.io/docs/reference/kubectl/overview/) and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts are not disabled.

* `kube_config` - A `kube_config` block as defined below.

Expand Down

0 comments on commit 3a99c8b

Please sign in to comment.