Skip to content

Commit

Permalink
chore: Extend error handling and test cases
Browse files Browse the repository at this point in the history
  • Loading branch information
mkilchhofer committed Jan 8, 2023
1 parent 50e9bc6 commit 44bcf48
Show file tree
Hide file tree
Showing 2 changed files with 73 additions and 18 deletions.
24 changes: 17 additions & 7 deletions internal/services/containers/kubernetes_cluster_resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -1358,7 +1358,10 @@ func resourceKubernetesClusterCreate(d *pluginsdk.ResourceData, meta interface{}
}

azureKeyVaultKmsRaw := d.Get("key_vault_kms").([]interface{})
securityProfile.AzureKeyVaultKms = expandKubernetesClusterAzureKeyVaultKms(d, azureKeyVaultKmsRaw)
securityProfile.AzureKeyVaultKms, err = expandKubernetesClusterAzureKeyVaultKms(d, azureKeyVaultKmsRaw)
if err != nil {
return err
}

parameters := managedclusters.ManagedCluster{
Name: utils.String(id.ResourceName),
Expand Down Expand Up @@ -1857,7 +1860,7 @@ func resourceKubernetesClusterUpdate(d *pluginsdk.ResourceData, meta interface{}
if d.HasChanges("key_vault_kms") {
updateCluster = true
azureKeyVaultKmsRaw := d.Get("key_vault_kms").([]interface{})
azureKeyVaultKms := expandKubernetesClusterAzureKeyVaultKms(d, azureKeyVaultKmsRaw)
azureKeyVaultKms, _ := expandKubernetesClusterAzureKeyVaultKms(d, azureKeyVaultKmsRaw)
existing.Model.Properties.SecurityProfile.AzureKeyVaultKms = azureKeyVaultKms
}

Expand Down Expand Up @@ -3328,24 +3331,31 @@ func expandKubernetesClusterAutoScalerProfile(input []interface{}) *managedclust
}
}

func expandKubernetesClusterAzureKeyVaultKms(d *pluginsdk.ResourceData, input []interface{}) *managedclusters.AzureKeyVaultKms {
func expandKubernetesClusterAzureKeyVaultKms(d *pluginsdk.ResourceData, input []interface{}) (*managedclusters.AzureKeyVaultKms, error) {
if ((input == nil) || len(input) == 0) && d.HasChanges("key_vault_kms") {
return &managedclusters.AzureKeyVaultKms{
Enabled: utils.Bool(false),
}
}, nil
} else if (input == nil) || len(input) == 0 {
return nil
return nil, nil
}

raw := input[0].(map[string]interface{})
kvAccess := managedclusters.KeyVaultNetworkAccessTypes(*utils.String(raw["key_vault_network_access"].(string)))
kvAccess := managedclusters.KeyVaultNetworkAccessTypes(raw["key_vault_network_access"].(string))

return &managedclusters.AzureKeyVaultKms{
azureKeyVaultKms := &managedclusters.AzureKeyVaultKms{
Enabled: utils.Bool(raw["enabled"].(bool)),
KeyId: utils.String(raw["key_id"].(string)),
KeyVaultNetworkAccess: &kvAccess,
KeyVaultResourceId: utils.String(raw["key_vault_resource_id"].(string)),
}

private := managedclusters.KeyVaultNetworkAccessTypesPrivate
if kvAccess == private && len(*azureKeyVaultKms.KeyVaultResourceId) == 0 {
return nil, fmt.Errorf("a valid `key_vault_resource_id` is required when `key_vault_network_access` is `%s`", private)
}

return azureKeyVaultKms, nil
}

func expandKubernetesClusterMaintenanceConfiguration(input []interface{}) *maintenanceconfigurations.MaintenanceConfigurationProperties {
Expand Down
67 changes: 56 additions & 11 deletions internal/services/containers/kubernetes_cluster_resource_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,13 @@ func TestAccKubernetesCluster_keyVaultKms(t *testing.T) {

data.ResourceTest(t, r, []acceptance.TestStep{
{
Config: r.azureKeyVaultKms(data, currentKubernetesVersion),
Config: r.azureKeyVaultKms(data, currentKubernetesVersion, true),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
),
},
{
Config: r.azureKeyVaultKms(data, currentKubernetesVersion, false),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
),
Expand Down Expand Up @@ -527,23 +533,62 @@ resource "azurerm_kubernetes_cluster" "test" {
`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, controlPlaneVersion, tag)
}

func (KubernetesClusterResource) azureKeyVaultKms(data acceptance.TestData, controlPlaneVersion string) string {
func (KubernetesClusterResource) azureKeyVaultKms(data acceptance.TestData, controlPlaneVersion string, enabled bool) string {
return fmt.Sprintf(`
provider "azurerm" {
features {}
}
data "azurerm_client_config" "current" {}
resource "azurerm_resource_group" "test" {
name = "acctestRG-aks-%d"
location = "%s"
name = "acctestRG-aks-%[1]d"
location = "%[2]s"
}
resource "azurerm_key_vault" "test" {
name = substr("acctestRG-kv-%[1]d", 0, 24)
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
tenant_id = data.azurerm_client_config.current.tenant_id
enable_rbac_authorization = true
sku_name = "standard"
}
resource "azurerm_role_assignment" "test_admin" {
scope = azurerm_key_vault.test.id
role_definition_name = "Key Vault Administrator"
principal_id = data.azurerm_client_config.current.object_id
}
resource "azurerm_role_assignment" "test" {
scope = azurerm_key_vault.test.id
role_definition_name = "Key Vault Crypto User"
principal_id = azurerm_user_assigned_identity.test.principal_id
}
resource "azurerm_key_vault_key" "test" {
name = "etcd-encryption"
key_vault_id = azurerm_key_vault.test.id
key_type = "RSA"
key_size = 2048
key_opts = ["decrypt", "encrypt", "sign", "unwrapKey", "verify", "wrapKey"]
depends_on = [azurerm_role_assignment.test_admin]
}
resource "azurerm_user_assigned_identity" "test" {
name = "acctest%[2]s"
resource_group_name = azurerm_resource_group.test.name
location = azurerm_resource_group.test.location
}
resource "azurerm_kubernetes_cluster" "test" {
name = "acctestaks%d"
name = "acctestaks%[1]d"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
dns_prefix = "acctestaks%d"
kubernetes_version = %q
dns_prefix = "acctestaks%[1]d"
kubernetes_version = %[3]q
default_node_pool {
name = "default"
Expand All @@ -553,15 +598,15 @@ resource "azurerm_kubernetes_cluster" "test" {
identity {
type = "UserAssigned"
identity_ids = ["/subscriptions/11111111-1111-1111-1111-111111111111/resourceGroups/acctestRG-aks-%d/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id-acctestaks"]
identity_ids = [azurerm_user_assigned_identity.test.id]
}
key_vault_kms {
enabled = true
key_id = "https://kv-acctestaks.vault.azure.net/keys/acctestaks/dummykeyversion"
enabled = %[4]t
key_id = azurerm_key_vault_key.test.id
}
}
`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, controlPlaneVersion, data.RandomInteger)
`, data.RandomInteger, data.Locations.Primary, controlPlaneVersion, enabled)
}

func (KubernetesClusterResource) storageProfile(data acceptance.TestData, controlPlaneVersion string) string {
Expand Down

0 comments on commit 44bcf48

Please sign in to comment.