oidc_issuer_enabled must be set to true to enable Azure AD Workload Identity

zioproto · zioproto · commit ab1e4aa01cf1 · 2023-05-25T14:07:18.000+02:00
diff --git a/main.tf b/main.tf
@@ -451,6 +451,10 @@ resource "azurerm_kubernetes_cluster" "main" {
       condition     = !(var.kms_enabled && var.identity_type != "UserAssigned")
       error_message = "KMS etcd encryption doesn't work with system-assigned managed identity."
     }
+    precondition {
+      condition     = var.workload_identity_enabled ? var.oidc_issuer_enabled : true
+      error_message = "`oidc_issuer_enabled` must be set to `true` to enable Azure AD Workload Identity"
+    }
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -451,6 +451,10 @@ resource "azurerm_kubernetes_cluster" "main" {`
`451`	`451`	`condition = !(var.kms_enabled && var.identity_type != "UserAssigned")`
`452`	`452`	`error_message = "KMS etcd encryption doesn't work with system-assigned managed identity."`
`453`	`453`	`}`
	`454`	`+ precondition {`
	`455`	`+ condition = var.workload_identity_enabled ? var.oidc_issuer_enabled : true`
	`456`	+ error_message = "`oidc_issuer_enabled` must be set to `true` to enable Azure AD Workload Identity"
	`457`	`+ }`
`454`	`458`	`}`
`455`	`459`	`}`
`456`	`460`