From e8b06d0ff101e8aa6d433c205ccb462b3ed143bd Mon Sep 17 00:00:00 2001 From: githubofkrishnadhas Date: Sat, 28 Dec 2024 13:59:37 +0530 Subject: [PATCH] DEVOPS-301 added dynamic block for using sp or identity --- kubernetes-cluster/kubernetes.tf | 22 +++++++++++++++++++--- kubernetes-cluster/variables.tf | 11 ++++++++++- 2 files changed, 29 insertions(+), 4 deletions(-) diff --git a/kubernetes-cluster/kubernetes.tf b/kubernetes-cluster/kubernetes.tf index c11fa3b..68d103f 100644 --- a/kubernetes-cluster/kubernetes.tf +++ b/kubernetes-cluster/kubernetes.tf @@ -38,11 +38,27 @@ resource "azurerm_kubernetes_cluster" "aks_cluster" { dns_service_ip = cidrhost((var.service_cidr_subnet), 5) # 5th ip on service cidr subnet } - service_principal { - client_id = data.azurerm_key_vault_secret.appid.value - client_secret = data.azurerm_key_vault_secret.secret.value + dynamic "identity" { + for_each = var.authentication_method == "identity" ? [1] : [] + content { + type = "SystemAssigned" + } + } + + dynamic "service_principal" { + for_each = var.authentication_method == "service_principal" ? [1] : [] + content { + client_id = data.azurerm_key_vault_secret.appid.value + client_secret = data.azurerm_key_vault_secret.secret.value + } } + + # service_principal { + # client_id = data.azurerm_key_vault_secret.appid.value + # client_secret = data.azurerm_key_vault_secret.secret.value + # } + workload_identity_enabled = var.workload_identity_enabled oidc_issuer_enabled = var.workload_identity_enabled ? true : false diff --git a/kubernetes-cluster/variables.tf b/kubernetes-cluster/variables.tf index 6327f71..bfbc82f 100644 --- a/kubernetes-cluster/variables.tf +++ b/kubernetes-cluster/variables.tf @@ -343,4 +343,13 @@ variable "kubernetes_version" { condition = can(regex("^[0-9]+\\.[0-9]+\\.[0-9]+$", var.kubernetes_version)) error_message = "The version must be in the format 'major.minor.patch', where major, minor, and patch are non-negative integers." } -} \ No newline at end of file +} +variable "authentication_method" { + description = "Specify 'identity' to use SystemAssigned identity or 'service_principal' to use service principal" + type = string + default = "" + validation { + condition = contains(["identity", "service_principal"], var.authentication_method) + error_message = "This Value should be either identity or service_principal." + } +}