Azure Active Directory RBAC enable/disable with var rbac_aad_azure_rbac_enabled

zioproto · zioproto · commit 20193a16287d · 2022-11-14T13:48:48.000+01:00
diff --git a/locals.tf b/locals.tf
@@ -18,4 +18,6 @@ locals {
       name = var.log_analytics_workspace.name
     }
   ) : null # Finally, the Log Analytics Workspace should be disabled.
-}
+  # If var.rbac_aad_azure_rbac_enabled  is null set the local to false. Otherise set the local to the var true/false value
+  rbac_aad_azure_rbac_enabled = var.rbac_aad_azure_rbac_enabled == null ? false : var.rbac_aad_azure_rbac_enabled
+}
diff --git a/main.tf b/main.tf
@@ -95,17 +95,17 @@ resource "azurerm_kubernetes_cluster" "main" {
     }
   }
   dynamic "azure_active_directory_role_based_access_control" {
-    for_each = var.role_based_access_control_enabled && var.rbac_aad_managed ? ["rbac"] : []
+    for_each = var.role_based_access_control_enabled && local.rbac_aad_azure_rbac_enabled && var.rbac_aad_managed ? ["rbac"] : []
 
     content {
       admin_group_object_ids = var.rbac_aad_admin_group_object_ids
-      azure_rbac_enabled     = var.rbac_aad_azure_rbac_enabled
+      azure_rbac_enabled     = local.rbac_aad_azure_rbac_enabled
       managed                = true
       tenant_id              = var.rbac_aad_tenant_id
     }
   }
   dynamic "azure_active_directory_role_based_access_control" {
-    for_each = var.role_based_access_control_enabled && !var.rbac_aad_managed ? ["rbac"] : []
+    for_each = var.role_based_access_control_enabled && local.rbac_aad_azure_rbac_enabled && !var.rbac_aad_managed ? ["rbac"] : []
 
     content {
       client_app_id     = var.rbac_aad_client_app_id
@@ -253,4 +253,4 @@ resource "azurerm_log_analytics_solution" "main" {
     product   = "OMSGallery/ContainerInsights"
     publisher = "Microsoft"
   }
-}
+}

Original file line number	Diff line number	Diff line change
`@@ -18,4 +18,6 @@ locals {`
`18`	`18`	`name = var.log_analytics_workspace.name`
`19`	`19`	`}`
`20`	`20`	`) : null # Finally, the Log Analytics Workspace should be disabled.`
`21`		`-}`
	`21`	`+ # If var.rbac_aad_azure_rbac_enabled is null set the local to false. Otherise set the local to the var true/false value`
	`22`	`+ rbac_aad_azure_rbac_enabled = var.rbac_aad_azure_rbac_enabled == null ? false : var.rbac_aad_azure_rbac_enabled`
	`23`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -95,17 +95,17 @@ resource "azurerm_kubernetes_cluster" "main" {`
`95`	`95`	`}`
`96`	`96`	`}`
`97`	`97`	`dynamic "azure_active_directory_role_based_access_control" {`
`98`		`- for_each = var.role_based_access_control_enabled && var.rbac_aad_managed ? ["rbac"] : []`
	`98`	`+ for_each = var.role_based_access_control_enabled && local.rbac_aad_azure_rbac_enabled && var.rbac_aad_managed ? ["rbac"] : []`
`99`	`99`
`100`	`100`	`content {`
`101`	`101`	`admin_group_object_ids = var.rbac_aad_admin_group_object_ids`
`102`		`- azure_rbac_enabled = var.rbac_aad_azure_rbac_enabled`
	`102`	`+ azure_rbac_enabled = local.rbac_aad_azure_rbac_enabled`
`103`	`103`	`managed = true`
`104`	`104`	`tenant_id = var.rbac_aad_tenant_id`
`105`	`105`	`}`
`106`	`106`	`}`
`107`	`107`	`dynamic "azure_active_directory_role_based_access_control" {`
`108`		`- for_each = var.role_based_access_control_enabled && !var.rbac_aad_managed ? ["rbac"] : []`
	`108`	`+ for_each = var.role_based_access_control_enabled && local.rbac_aad_azure_rbac_enabled && !var.rbac_aad_managed ? ["rbac"] : []`
`109`	`109`
`110`	`110`	`content {`
`111`	`111`	`client_app_id = var.rbac_aad_client_app_id`
`@@ -253,4 +253,4 @@ resource "azurerm_log_analytics_solution" "main" {`
`253`	`253`	`product = "OMSGallery/ContainerInsights"`
`254`	`254`	`publisher = "Microsoft"`
`255`	`255`	`}`
`256`		`-}`
	`256`	`+}`