From 0b789c4e45dec4a8fb83ac968c7c5e045148bc9e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= Date: Fri, 31 May 2024 23:10:18 +0200 Subject: [PATCH 1/6] `azurerm_kubernetes_cluster` - Support in-place update of `network_profile.network_policy` --- ...kubernetes_cluster_addons_resource_test.go | 15 ++ ...ubernetes_cluster_network_resource_test.go | 163 ++++++++++++++++++ .../containers/kubernetes_cluster_resource.go | 8 +- 3 files changed, 183 insertions(+), 3 deletions(-) diff --git a/internal/services/containers/kubernetes_cluster_addons_resource_test.go b/internal/services/containers/kubernetes_cluster_addons_resource_test.go index edb9d5e0af82..fa8f70fe6476 100644 --- a/internal/services/containers/kubernetes_cluster_addons_resource_test.go +++ b/internal/services/containers/kubernetes_cluster_addons_resource_test.go @@ -338,6 +338,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -402,6 +403,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -447,6 +449,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -510,6 +513,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -575,6 +579,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -621,6 +626,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -662,6 +668,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -786,6 +793,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -835,6 +843,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -881,6 +890,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -936,6 +946,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -986,6 +997,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -1029,6 +1041,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -1075,6 +1088,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -1120,6 +1134,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" diff --git a/internal/services/containers/kubernetes_cluster_network_resource_test.go b/internal/services/containers/kubernetes_cluster_network_resource_test.go index e8bb0e3cf17d..e7ea766f2be2 100644 --- a/internal/services/containers/kubernetes_cluster_network_resource_test.go +++ b/internal/services/containers/kubernetes_cluster_network_resource_test.go @@ -258,6 +258,66 @@ func TestAccKubernetesCluster_advancedNetworkingAzureCiliumPolicyUpdate(t *testi }) } +func TestAccKubernetesCluster_advancedNetworkingAzureAzurePolicyUpdate(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_kubernetes_cluster", "test") + r := KubernetesClusterResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.advancedNetworkingWithOptionalPolicyConfig(data, ""), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + { + Config: r.advancedNetworkingWithOptionalPolicyConfig(data, "azure"), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("network_profile.0.network_policy").HasValue("azure"), + ), + }, + data.ImportStep(), + { + Config: r.advancedNetworkingWithOptionalPolicyConfig(data, ""), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + }) +} + +func TestAccKubernetesCluster_advancedNetworkingAzureCalicoPolicyUpdate(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_kubernetes_cluster", "test") + r := KubernetesClusterResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.advancedNetworkingWithOptionalPolicyConfig(data, ""), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + { + Config: r.advancedNetworkingWithOptionalPolicyConfig(data, "calico"), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("network_profile.0.network_policy").HasValue("calico"), + ), + }, + data.ImportStep(), + { + Config: r.advancedNetworkingWithOptionalPolicyConfig(data, ""), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + }) +} + func TestAccKubernetesCluster_advancedNetworkingAzureCalicoPolicyComplete(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_kubernetes_cluster", "test") r := KubernetesClusterResource{} @@ -1070,6 +1130,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" api_server_access_profile { vnet_integration_enabled = true @@ -1126,6 +1187,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" api_server_access_profile { vnet_integration_enabled = true @@ -1189,6 +1251,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -1454,6 +1517,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -1518,6 +1582,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -1579,6 +1644,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%[2]d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" @@ -1603,6 +1669,64 @@ resource "azurerm_kubernetes_cluster" "test" { `, data.Locations.Primary, data.RandomInteger) } +func (KubernetesClusterResource) advancedNetworkingWithOptionalPolicyConfig(data acceptance.TestData, networkPolicy string) string { + if networkPolicy != "" { + networkPolicy = fmt.Sprintf("network_policy = %q", networkPolicy) + } + + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-aks-%[2]d" + location = "%[1]s" +} + +resource "azurerm_virtual_network" "test" { + name = "acctestvirtnet%[2]d" + address_space = ["10.1.0.0/16"] + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name +} + +resource "azurerm_subnet" "test" { + name = "acctestsubnet%[2]d" + resource_group_name = azurerm_resource_group.test.name + virtual_network_name = azurerm_virtual_network.test.name + address_prefixes = ["10.1.0.0/24"] +} + +resource "azurerm_kubernetes_cluster" "test" { + name = "acctestaks%[2]d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + dns_prefix = "acctestaks%[2]d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" + + default_node_pool { + name = "default" + node_count = 2 + vm_size = "Standard_DS2_v2" + vnet_subnet_id = azurerm_subnet.test.id + upgrade_settings { + max_surge = "10%%" + } + } + + identity { + type = "SystemAssigned" + } + + network_profile { + network_plugin = "azure" + %[3]s + } +} +`, data.Locations.Primary, data.RandomInteger, networkPolicy) +} + func (KubernetesClusterResource) advancedNetworkingWithCiliumPolicyConfig(data acceptance.TestData) string { return fmt.Sprintf(` provider "azurerm" { @@ -1633,6 +1757,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%[2]d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" @@ -1707,6 +1832,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -1789,6 +1915,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -1839,6 +1966,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" @@ -1887,6 +2015,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -1937,6 +2066,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" @@ -1972,6 +2102,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" @@ -2015,6 +2146,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" @@ -2101,6 +2233,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" @@ -2145,6 +2278,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" @@ -2188,6 +2322,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" private_cluster_enabled = %t linux_profile { @@ -2252,6 +2387,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" private_cluster_enabled = %t private_dns_zone_id = azurerm_private_dns_zone.test.id @@ -2330,6 +2466,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%[1]d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" private_cluster_enabled = %[3]t private_dns_zone_id = azurerm_private_dns_zone.test.id @@ -2397,6 +2534,7 @@ resource "azurerm_kubernetes_cluster" "test" { resource_group_name = azurerm_resource_group.test.name private_cluster_enabled = true private_dns_zone_id = azurerm_private_dns_zone.test.id + node_resource_group = "${azurerm_resource_group.test.name}-nodes" dns_prefix_private_cluster = "prefix" linux_profile { @@ -2448,6 +2586,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" private_cluster_enabled = %t private_dns_zone_id = "System" @@ -2492,6 +2631,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" @@ -2526,6 +2666,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" @@ -2561,6 +2702,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" @@ -2596,6 +2738,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" @@ -2650,6 +2793,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" kubernetes_version = "%s" linux_profile { @@ -2730,6 +2874,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -2793,6 +2938,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" kubernetes_version = "%s" linux_profile { @@ -2866,6 +3012,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" kubernetes_version = "%s" linux_profile { @@ -2931,6 +3078,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%[1]d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" kubernetes_version = "%[3]s" linux_profile { @@ -2998,6 +3146,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" kubernetes_version = "%s" linux_profile { @@ -3070,6 +3219,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" kubernetes_version = "%s" linux_profile { @@ -3146,6 +3296,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" kubernetes_version = "%s" linux_profile { @@ -3221,6 +3372,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" kubernetes_version = "%s" linux_profile { @@ -3296,6 +3448,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" kubernetes_version = "%s" linux_profile { @@ -3371,6 +3524,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" kubernetes_version = "%s" linux_profile { @@ -3536,6 +3690,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" kubernetes_version = "%s" linux_profile { @@ -3706,6 +3861,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" kubernetes_version = "%s" linux_profile { @@ -3870,6 +4026,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" kubernetes_version = "%s" linux_profile { @@ -3985,6 +4142,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" kubernetes_version = "%s" linux_profile { @@ -4065,6 +4223,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%[2]d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" node_count = 1 @@ -4117,6 +4276,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%[2]d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" node_count = 1 @@ -4166,6 +4326,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%[2]d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" node_count = 1 @@ -4209,6 +4370,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%[2]d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" node_count = 1 @@ -4252,6 +4414,7 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%[2]d" + node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" node_count = 1 diff --git a/internal/services/containers/kubernetes_cluster_resource.go b/internal/services/containers/kubernetes_cluster_resource.go index f97b3fa44b3c..af4a3ed786bd 100644 --- a/internal/services/containers/kubernetes_cluster_resource.go +++ b/internal/services/containers/kubernetes_cluster_resource.go @@ -111,9 +111,6 @@ func resourceKubernetesCluster() *pluginsdk.Resource { pluginsdk.ForceNewIfChange("network_profile.0.network_plugin_mode", func(ctx context.Context, _, new, meta interface{}) bool { return !strings.EqualFold(new.(string), string(managedclusters.NetworkPluginModeOverlay)) }), - pluginsdk.ForceNewIfChange("network_profile.0.network_policy", func(ctx context.Context, old, new, meta interface{}) bool { - return old.(string) != "" || new.(string) != string(managedclusters.NetworkPolicyCilium) - }), pluginsdk.ForceNewIfChange("custom_ca_trust_certificates_base64", func(ctx context.Context, old, new, meta interface{}) bool { return len(old.([]interface{})) > 0 && len(new.([]interface{})) == 0 }), @@ -2310,6 +2307,11 @@ func resourceKubernetesClusterUpdate(d *pluginsdk.ResourceData, meta interface{} existing.Model.Properties.NetworkProfile.NetworkDataplane = pointer.To(managedclusters.NetworkDataplane(ebpfDataPlane)) } + if key := "network_profile.0.network_policy"; d.HasChange(key) { + networkPolicy := d.Get(key).(string) + existing.Model.Properties.NetworkProfile.NetworkPolicy = pointer.To(managedclusters.NetworkPolicy(networkPolicy)) + } + if key := "network_profile.0.outbound_type"; d.HasChange(key) { outboundType := managedclusters.OutboundType(d.Get(key).(string)) existing.Model.Properties.NetworkProfile.OutboundType = pointer.To(outboundType) From 8ad0ae8940776ca02fd1bb1c3d50117a380e251a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= Date: Mon, 3 Jun 2024 20:44:46 +0200 Subject: [PATCH 2/6] `azurerm_kubernetes_cluster` - Support in-place update of `network_profile.network_policy` --- ...ubernetes_cluster_network_resource_test.go | 42 ++++++++++++++++++- .../containers/kubernetes_cluster_resource.go | 18 +++++--- 2 files changed, 53 insertions(+), 7 deletions(-) diff --git a/internal/services/containers/kubernetes_cluster_network_resource_test.go b/internal/services/containers/kubernetes_cluster_network_resource_test.go index e7ea766f2be2..314c9d0f5d8e 100644 --- a/internal/services/containers/kubernetes_cluster_network_resource_test.go +++ b/internal/services/containers/kubernetes_cluster_network_resource_test.go @@ -274,10 +274,19 @@ func TestAccKubernetesCluster_advancedNetworkingAzureAzurePolicyUpdate(t *testin Config: r.advancedNetworkingWithOptionalPolicyConfig(data, "azure"), Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("network_profile.0.network_policy").Exists(), check.That(data.ResourceName).Key("network_profile.0.network_policy").HasValue("azure"), ), }, data.ImportStep(), + }) +} + +func TestAccKubernetesCluster_advancedNetworkingAzureCalicoPolicyUpdate(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_kubernetes_cluster", "test") + r := KubernetesClusterResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ { Config: r.advancedNetworkingWithOptionalPolicyConfig(data, ""), Check: acceptance.ComposeTestCheckFunc( @@ -285,25 +294,53 @@ func TestAccKubernetesCluster_advancedNetworkingAzureAzurePolicyUpdate(t *testin ), }, data.ImportStep(), + { + Config: r.advancedNetworkingWithOptionalPolicyConfig(data, "calico"), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("network_profile.0.network_policy").Exists(), + check.That(data.ResourceName).Key("network_profile.0.network_policy").HasValue("calico"), + ), + }, }) } -func TestAccKubernetesCluster_advancedNetworkingAzureCalicoPolicyUpdate(t *testing.T) { +func TestAccKubernetesCluster_advancedNetworkingAzureAzureInPlaceUpdatePolicyUpdate(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_kubernetes_cluster", "test") r := KubernetesClusterResource{} data.ResourceTest(t, r, []acceptance.TestStep{ { - Config: r.advancedNetworkingWithOptionalPolicyConfig(data, ""), + Config: r.advancedNetworkingWithOptionalPolicyConfig(data, "calico"), Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("network_profile.0.network_policy").Exists(), + check.That(data.ResourceName).Key("network_profile.0.network_policy").HasValue("calico"), ), }, data.ImportStep(), + { + Config: r.advancedNetworkingWithOptionalPolicyConfig(data, "azure"), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("network_profile.0.network_policy").Exists(), + check.That(data.ResourceName).Key("network_profile.0.network_policy").HasValue("azure"), + ), + }, + data.ImportStep(), + }) +} + +func TestAccKubernetesCluster_advancedNetworkingAzureAzureRemovePolicyUpdate(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_kubernetes_cluster", "test") + r := KubernetesClusterResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ { Config: r.advancedNetworkingWithOptionalPolicyConfig(data, "calico"), Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("network_profile.0.network_policy").Exists(), check.That(data.ResourceName).Key("network_profile.0.network_policy").HasValue("calico"), ), }, @@ -312,6 +349,7 @@ func TestAccKubernetesCluster_advancedNetworkingAzureCalicoPolicyUpdate(t *testi Config: r.advancedNetworkingWithOptionalPolicyConfig(data, ""), Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("network_profile.0.network_policy").HasValue("azure"), // TODO ), }, data.ImportStep(), diff --git a/internal/services/containers/kubernetes_cluster_resource.go b/internal/services/containers/kubernetes_cluster_resource.go index af4a3ed786bd..2630c96de0da 100644 --- a/internal/services/containers/kubernetes_cluster_resource.go +++ b/internal/services/containers/kubernetes_cluster_resource.go @@ -111,6 +111,19 @@ func resourceKubernetesCluster() *pluginsdk.Resource { pluginsdk.ForceNewIfChange("network_profile.0.network_plugin_mode", func(ctx context.Context, _, new, meta interface{}) bool { return !strings.EqualFold(new.(string), string(managedclusters.NetworkPluginModeOverlay)) }), + pluginsdk.ForceNewIfChange("network_profile.0.network_policy", func(ctx context.Context, old, new, meta interface{}) bool { + // Follow scenarios are not supported as in-place update: + // * Switch from Cilium + // * Switch from network policy to non Cilium network policy + // * Remove network policy property does not uninstall the network policy, forcing new cluster. + // + // Omit network_policy does not uninstall the network policy, since it requires an explicit 'none' value. + // And an uninstallation of network policy engine is not GA yet. + // Once it is GA, an additional logic is needed to handle the uninstallation of network policy. + return old.(string) != string(managedclusters.NetworkPolicyCilium) || + old.(string) != "" && new.(string) != string(managedclusters.NetworkPolicyCilium) || + old.(string) != "" && new.(string) == "" + }), pluginsdk.ForceNewIfChange("custom_ca_trust_certificates_base64", func(ctx context.Context, old, new, meta interface{}) bool { return len(old.([]interface{})) > 0 && len(new.([]interface{})) == 0 }), @@ -2307,11 +2320,6 @@ func resourceKubernetesClusterUpdate(d *pluginsdk.ResourceData, meta interface{} existing.Model.Properties.NetworkProfile.NetworkDataplane = pointer.To(managedclusters.NetworkDataplane(ebpfDataPlane)) } - if key := "network_profile.0.network_policy"; d.HasChange(key) { - networkPolicy := d.Get(key).(string) - existing.Model.Properties.NetworkProfile.NetworkPolicy = pointer.To(managedclusters.NetworkPolicy(networkPolicy)) - } - if key := "network_profile.0.outbound_type"; d.HasChange(key) { outboundType := managedclusters.OutboundType(d.Get(key).(string)) existing.Model.Properties.NetworkProfile.OutboundType = pointer.To(outboundType) From fc19325232b756022d4e398d1985b4e67ecb747c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= Date: Mon, 3 Jun 2024 21:34:52 +0200 Subject: [PATCH 3/6] remove node_resource_group --- ...kubernetes_cluster_addons_resource_test.go | 15 ------ ...ubernetes_cluster_network_resource_test.go | 50 +------------------ 2 files changed, 2 insertions(+), 63 deletions(-) diff --git a/internal/services/containers/kubernetes_cluster_addons_resource_test.go b/internal/services/containers/kubernetes_cluster_addons_resource_test.go index fa8f70fe6476..edb9d5e0af82 100644 --- a/internal/services/containers/kubernetes_cluster_addons_resource_test.go +++ b/internal/services/containers/kubernetes_cluster_addons_resource_test.go @@ -338,7 +338,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -403,7 +402,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -449,7 +447,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -513,7 +510,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -579,7 +575,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -626,7 +621,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -668,7 +662,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -793,7 +786,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -843,7 +835,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -890,7 +881,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -946,7 +936,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -997,7 +986,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -1041,7 +1029,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -1088,7 +1075,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -1134,7 +1120,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" diff --git a/internal/services/containers/kubernetes_cluster_network_resource_test.go b/internal/services/containers/kubernetes_cluster_network_resource_test.go index 314c9d0f5d8e..88fd6b5e63e6 100644 --- a/internal/services/containers/kubernetes_cluster_network_resource_test.go +++ b/internal/services/containers/kubernetes_cluster_network_resource_test.go @@ -305,7 +305,7 @@ func TestAccKubernetesCluster_advancedNetworkingAzureCalicoPolicyUpdate(t *testi }) } -func TestAccKubernetesCluster_advancedNetworkingAzureAzureInPlaceUpdatePolicyUpdate(t *testing.T) { +func TestAccKubernetesCluster_advancedNetworkingAzureInPlacePolicyUpdate(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_kubernetes_cluster", "test") r := KubernetesClusterResource{} @@ -331,7 +331,7 @@ func TestAccKubernetesCluster_advancedNetworkingAzureAzureInPlaceUpdatePolicyUpd }) } -func TestAccKubernetesCluster_advancedNetworkingAzureAzureRemovePolicyUpdate(t *testing.T) { +func TestAccKubernetesCluster_advancedNetworkingAzurePolicyRemove(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_kubernetes_cluster", "test") r := KubernetesClusterResource{} @@ -1168,7 +1168,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" api_server_access_profile { vnet_integration_enabled = true @@ -1225,7 +1224,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" api_server_access_profile { vnet_integration_enabled = true @@ -1289,7 +1287,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -1555,7 +1552,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -1620,7 +1616,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -1682,7 +1677,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%[2]d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" @@ -1741,7 +1735,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%[2]d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" @@ -1795,7 +1788,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%[2]d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" @@ -1870,7 +1862,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -1953,7 +1944,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -2004,7 +1994,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" @@ -2053,7 +2042,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -2104,7 +2092,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" @@ -2140,7 +2127,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" @@ -2184,7 +2170,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" @@ -2271,7 +2256,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" @@ -2316,7 +2300,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" @@ -2360,7 +2343,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" private_cluster_enabled = %t linux_profile { @@ -2425,7 +2407,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" private_cluster_enabled = %t private_dns_zone_id = azurerm_private_dns_zone.test.id @@ -2504,7 +2485,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%[1]d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" private_cluster_enabled = %[3]t private_dns_zone_id = azurerm_private_dns_zone.test.id @@ -2572,7 +2552,6 @@ resource "azurerm_kubernetes_cluster" "test" { resource_group_name = azurerm_resource_group.test.name private_cluster_enabled = true private_dns_zone_id = azurerm_private_dns_zone.test.id - node_resource_group = "${azurerm_resource_group.test.name}-nodes" dns_prefix_private_cluster = "prefix" linux_profile { @@ -2624,7 +2603,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" private_cluster_enabled = %t private_dns_zone_id = "System" @@ -2669,7 +2647,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" @@ -2704,7 +2681,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" @@ -2740,7 +2716,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" @@ -2776,7 +2751,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" @@ -2831,7 +2805,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" kubernetes_version = "%s" linux_profile { @@ -2912,7 +2885,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" linux_profile { admin_username = "acctestuser%d" @@ -2976,7 +2948,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" kubernetes_version = "%s" linux_profile { @@ -3050,7 +3021,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" kubernetes_version = "%s" linux_profile { @@ -3116,7 +3086,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%[1]d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" kubernetes_version = "%[3]s" linux_profile { @@ -3184,7 +3153,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" kubernetes_version = "%s" linux_profile { @@ -3257,7 +3225,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" kubernetes_version = "%s" linux_profile { @@ -3334,7 +3301,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" kubernetes_version = "%s" linux_profile { @@ -3410,7 +3376,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" kubernetes_version = "%s" linux_profile { @@ -3486,7 +3451,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" kubernetes_version = "%s" linux_profile { @@ -3562,7 +3526,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" kubernetes_version = "%s" linux_profile { @@ -3728,7 +3691,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" kubernetes_version = "%s" linux_profile { @@ -3899,7 +3861,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" kubernetes_version = "%s" linux_profile { @@ -4064,7 +4025,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" kubernetes_version = "%s" linux_profile { @@ -4180,7 +4140,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" kubernetes_version = "%s" linux_profile { @@ -4261,7 +4220,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%[2]d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" node_count = 1 @@ -4314,7 +4272,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%[2]d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" node_count = 1 @@ -4364,7 +4321,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%[2]d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" node_count = 1 @@ -4408,7 +4364,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%[2]d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" node_count = 1 @@ -4452,7 +4407,6 @@ resource "azurerm_kubernetes_cluster" "test" { location = azurerm_resource_group.test.location resource_group_name = azurerm_resource_group.test.name dns_prefix = "acctestaks%[2]d" - node_resource_group = "${azurerm_resource_group.test.name}-nodes" default_node_pool { name = "default" node_count = 1 From fa5db36415e9c9b1d3f7686c6711d23cc379550a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= Date: Mon, 3 Jun 2024 22:21:30 +0200 Subject: [PATCH 4/6] Clarify TestAccKubernetesCluster_advancedNetworkingAzurePolicyRemove --- .../containers/kubernetes_cluster_network_resource_test.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/internal/services/containers/kubernetes_cluster_network_resource_test.go b/internal/services/containers/kubernetes_cluster_network_resource_test.go index 88fd6b5e63e6..ba6428817a55 100644 --- a/internal/services/containers/kubernetes_cluster_network_resource_test.go +++ b/internal/services/containers/kubernetes_cluster_network_resource_test.go @@ -349,7 +349,9 @@ func TestAccKubernetesCluster_advancedNetworkingAzurePolicyRemove(t *testing.T) Config: r.advancedNetworkingWithOptionalPolicyConfig(data, ""), Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), - check.That(data.ResourceName).Key("network_profile.0.network_policy").HasValue("azure"), // TODO + check.That(data.ResourceName).Key("network_profile.0.network_policy").Exists(), + // network_policy is a computed value. If omitted, the current value from API is taken. + check.That(data.ResourceName).Key("network_profile.0.network_policy").HasValue("calico"), ), }, data.ImportStep(), From 14737fdf1120e8a2ed7a1874f3d2fb116312da7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= Date: Wed, 5 Jun 2024 11:47:39 +0200 Subject: [PATCH 5/6] Apply suggestions from code review Co-authored-by: stephybun --- ...ubernetes_cluster_network_resource_test.go | 107 ++---------------- .../containers/kubernetes_cluster_resource.go | 3 +- 2 files changed, 10 insertions(+), 100 deletions(-) diff --git a/internal/services/containers/kubernetes_cluster_network_resource_test.go b/internal/services/containers/kubernetes_cluster_network_resource_test.go index ba6428817a55..133535e55e95 100644 --- a/internal/services/containers/kubernetes_cluster_network_resource_test.go +++ b/internal/services/containers/kubernetes_cluster_network_resource_test.go @@ -258,105 +258,73 @@ func TestAccKubernetesCluster_advancedNetworkingAzureCiliumPolicyUpdate(t *testi }) } -func TestAccKubernetesCluster_advancedNetworkingAzureAzurePolicyUpdate(t *testing.T) { +func TestAccKubernetesCluster_advancedNetworkingAzurePolicyUpdate(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_kubernetes_cluster", "test") r := KubernetesClusterResource{} data.ResourceTest(t, r, []acceptance.TestStep{ { - Config: r.advancedNetworkingWithOptionalPolicyConfig(data, ""), + Config: r.advancedNetworkingConfig(data, "azure"), Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), ), }, data.ImportStep(), { - Config: r.advancedNetworkingWithOptionalPolicyConfig(data, "azure"), + Config: r.advancedNetworkingWithPolicyConfig(data, "azure", "azure"), Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), - check.That(data.ResourceName).Key("network_profile.0.network_policy").Exists(), - check.That(data.ResourceName).Key("network_profile.0.network_policy").HasValue("azure"), ), }, data.ImportStep(), }) } -func TestAccKubernetesCluster_advancedNetworkingAzureCalicoPolicyUpdate(t *testing.T) { +func TestAccKubernetesCluster_advancedNetworkingCalicoPolicyUpdate(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_kubernetes_cluster", "test") r := KubernetesClusterResource{} data.ResourceTest(t, r, []acceptance.TestStep{ { - Config: r.advancedNetworkingWithOptionalPolicyConfig(data, ""), + Config: r.advancedNetworkingConfig(data, "azure"), Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), ), }, data.ImportStep(), { - Config: r.advancedNetworkingWithOptionalPolicyConfig(data, "calico"), + Config: r.advancedNetworkingWithPolicyConfig(data, "azure", "calico"), Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), - check.That(data.ResourceName).Key("network_profile.0.network_policy").Exists(), - check.That(data.ResourceName).Key("network_profile.0.network_policy").HasValue("calico"), ), }, }) } -func TestAccKubernetesCluster_advancedNetworkingAzureInPlacePolicyUpdate(t *testing.T) { +func TestAccKubernetesCluster_advancedNetworkingCalicoToAzurePolicyUpdate(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_kubernetes_cluster", "test") r := KubernetesClusterResource{} data.ResourceTest(t, r, []acceptance.TestStep{ { - Config: r.advancedNetworkingWithOptionalPolicyConfig(data, "calico"), + Config: r.advancedNetworkingWithPolicyConfig(data, "azure", "calico"), Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), check.That(data.ResourceName).Key("network_profile.0.network_policy").Exists(), - check.That(data.ResourceName).Key("network_profile.0.network_policy").HasValue("calico"), ), }, data.ImportStep(), { - Config: r.advancedNetworkingWithOptionalPolicyConfig(data, "azure"), + Config: r.advancedNetworkingWithPolicyConfig(data, "azure", "azure"), Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), check.That(data.ResourceName).Key("network_profile.0.network_policy").Exists(), - check.That(data.ResourceName).Key("network_profile.0.network_policy").HasValue("azure"), ), }, data.ImportStep(), }) } -func TestAccKubernetesCluster_advancedNetworkingAzurePolicyRemove(t *testing.T) { - data := acceptance.BuildTestData(t, "azurerm_kubernetes_cluster", "test") - r := KubernetesClusterResource{} - - data.ResourceTest(t, r, []acceptance.TestStep{ - { - Config: r.advancedNetworkingWithOptionalPolicyConfig(data, "calico"), - Check: acceptance.ComposeTestCheckFunc( - check.That(data.ResourceName).ExistsInAzure(r), - check.That(data.ResourceName).Key("network_profile.0.network_policy").Exists(), - check.That(data.ResourceName).Key("network_profile.0.network_policy").HasValue("calico"), - ), - }, - data.ImportStep(), - { - Config: r.advancedNetworkingWithOptionalPolicyConfig(data, ""), - Check: acceptance.ComposeTestCheckFunc( - check.That(data.ResourceName).ExistsInAzure(r), - check.That(data.ResourceName).Key("network_profile.0.network_policy").Exists(), - // network_policy is a computed value. If omitted, the current value from API is taken. - check.That(data.ResourceName).Key("network_profile.0.network_policy").HasValue("calico"), - ), - }, - data.ImportStep(), - }) -} func TestAccKubernetesCluster_advancedNetworkingAzureCalicoPolicyComplete(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_kubernetes_cluster", "test") @@ -1703,63 +1671,6 @@ resource "azurerm_kubernetes_cluster" "test" { `, data.Locations.Primary, data.RandomInteger) } -func (KubernetesClusterResource) advancedNetworkingWithOptionalPolicyConfig(data acceptance.TestData, networkPolicy string) string { - if networkPolicy != "" { - networkPolicy = fmt.Sprintf("network_policy = %q", networkPolicy) - } - - return fmt.Sprintf(` -provider "azurerm" { - features {} -} - -resource "azurerm_resource_group" "test" { - name = "acctestRG-aks-%[2]d" - location = "%[1]s" -} - -resource "azurerm_virtual_network" "test" { - name = "acctestvirtnet%[2]d" - address_space = ["10.1.0.0/16"] - location = azurerm_resource_group.test.location - resource_group_name = azurerm_resource_group.test.name -} - -resource "azurerm_subnet" "test" { - name = "acctestsubnet%[2]d" - resource_group_name = azurerm_resource_group.test.name - virtual_network_name = azurerm_virtual_network.test.name - address_prefixes = ["10.1.0.0/24"] -} - -resource "azurerm_kubernetes_cluster" "test" { - name = "acctestaks%[2]d" - location = azurerm_resource_group.test.location - resource_group_name = azurerm_resource_group.test.name - dns_prefix = "acctestaks%[2]d" - - default_node_pool { - name = "default" - node_count = 2 - vm_size = "Standard_DS2_v2" - vnet_subnet_id = azurerm_subnet.test.id - upgrade_settings { - max_surge = "10%%" - } - } - - identity { - type = "SystemAssigned" - } - - network_profile { - network_plugin = "azure" - %[3]s - } -} -`, data.Locations.Primary, data.RandomInteger, networkPolicy) -} - func (KubernetesClusterResource) advancedNetworkingWithCiliumPolicyConfig(data acceptance.TestData) string { return fmt.Sprintf(` provider "azurerm" { diff --git a/internal/services/containers/kubernetes_cluster_resource.go b/internal/services/containers/kubernetes_cluster_resource.go index 2630c96de0da..9c5074b0c401 100644 --- a/internal/services/containers/kubernetes_cluster_resource.go +++ b/internal/services/containers/kubernetes_cluster_resource.go @@ -121,8 +121,7 @@ func resourceKubernetesCluster() *pluginsdk.Resource { // And an uninstallation of network policy engine is not GA yet. // Once it is GA, an additional logic is needed to handle the uninstallation of network policy. return old.(string) != string(managedclusters.NetworkPolicyCilium) || - old.(string) != "" && new.(string) != string(managedclusters.NetworkPolicyCilium) || - old.(string) != "" && new.(string) == "" + old.(string) != "" && new.(string) != string(managedclusters.NetworkPolicyCilium) }), pluginsdk.ForceNewIfChange("custom_ca_trust_certificates_base64", func(ctx context.Context, old, new, meta interface{}) bool { return len(old.([]interface{})) > 0 && len(new.([]interface{})) == 0 From 802287d936a93dc86228e5e03b19ed65cc4cb406 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= Date: Wed, 5 Jun 2024 11:56:32 +0200 Subject: [PATCH 6/6] make fmt --- .../containers/kubernetes_cluster_network_resource_test.go | 1 - 1 file changed, 1 deletion(-) diff --git a/internal/services/containers/kubernetes_cluster_network_resource_test.go b/internal/services/containers/kubernetes_cluster_network_resource_test.go index 133535e55e95..7577fd31cc15 100644 --- a/internal/services/containers/kubernetes_cluster_network_resource_test.go +++ b/internal/services/containers/kubernetes_cluster_network_resource_test.go @@ -325,7 +325,6 @@ func TestAccKubernetesCluster_advancedNetworkingCalicoToAzurePolicyUpdate(t *tes }) } - func TestAccKubernetesCluster_advancedNetworkingAzureCalicoPolicyComplete(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_kubernetes_cluster", "test") r := KubernetesClusterResource{}