chore(azurerm): upgrade to 3.3.0

README.md

@@ -67,8 +67,8 @@ module "aks" {
     "Agent" : "defaultnodepoolagent"
   }
 
-  enable_ingress_application_gateway = true
-  ingress_application_gateway_name = "aks-agw"
+  enable_ingress_application_gateway      = true
+  ingress_application_gateway_name        = "aks-agw"
   ingress_application_gateway_subnet_cidr = "10.52.1.0/24"
 
   network_policy                 = "azure"

main.tf

@@ -39,7 +39,7 @@ resource "azurerm_kubernetes_cluster" "main" {
       max_count              = null
       min_count              = null
       enable_node_public_ip  = var.enable_node_public_ip
-      availability_zones     = var.agents_availability_zones
+      zones                  = var.agents_availability_zones
       node_labels            = var.agents_labels
       type                   = var.agents_type
       tags                   = merge(var.tags, var.agents_tags)
@@ -60,7 +60,7 @@ resource "azurerm_kubernetes_cluster" "main" {
       max_count              = var.agents_max_count
       min_count              = var.agents_min_count
       enable_node_public_ip  = var.enable_node_public_ip
-      availability_zones     = var.agents_availability_zones
+      zones                  = var.agents_availability_zones
       node_labels            = var.agents_labels
       type                   = var.agents_type
       tags                   = merge(var.tags, var.agents_tags)
@@ -80,60 +80,49 @@ resource "azurerm_kubernetes_cluster" "main" {
   dynamic "identity" {
     for_each = var.client_id == "" || var.client_secret == "" ? ["identity"] : []
     content {
-      type                      = var.identity_type
-      user_assigned_identity_id = var.user_assigned_identity_id
+      type         = var.identity_type
+      identity_ids = var.identity_ids
     }
   }
 
-  addon_profile {
-    http_application_routing {
-      enabled = var.enable_http_application_routing
-    }
+  http_application_routing_enabled = var.enable_http_application_routing
 
-    kube_dashboard {
-      enabled = var.enable_kube_dashboard
-    }
+  azure_policy_enabled = var.enable_azure_policy
 
-    azure_policy {
-      enabled = var.enable_azure_policy
-    }
-
-    oms_agent {
-      enabled                    = var.enable_log_analytics_workspace
+  dynamic "oms_agent" {
+    for_each = var.enable_log_analytics_workspace ? ["oms_agent"] : []
+    content {
       log_analytics_workspace_id = var.enable_log_analytics_workspace ? azurerm_log_analytics_workspace.main[0].id : null
     }
+  }
 
-    dynamic "ingress_application_gateway" {
-      for_each = var.enable_ingress_application_gateway == null ? [] : ["ingress_application_gateway"]
-      content {
-        enabled      = var.enable_ingress_application_gateway
-        gateway_id   = var.ingress_application_gateway_id
-        gateway_name = var.ingress_application_gateway_name
-        subnet_cidr  = var.ingress_application_gateway_subnet_cidr
-        subnet_id    = var.ingress_application_gateway_subnet_id
-      }
+  dynamic "ingress_application_gateway" {
+    for_each = var.enable_ingress_application_gateway == null ? [] : ["ingress_application_gateway"]
+    content {
+      gateway_id   = var.ingress_application_gateway_id
+      gateway_name = var.ingress_application_gateway_name
+      subnet_cidr  = var.ingress_application_gateway_subnet_cidr
+      subnet_id    = var.ingress_application_gateway_subnet_id
     }
   }
 
-  role_based_access_control {
-    enabled = var.enable_role_based_access_control
+  role_based_access_control_enabled = var.enable_role_based_access_control
 
-    dynamic "azure_active_directory" {
-      for_each = var.enable_role_based_access_control && var.rbac_aad_managed ? ["rbac"] : []
-      content {
-        managed                = true
-        admin_group_object_ids = var.rbac_aad_admin_group_object_ids
-      }
+  dynamic "azure_active_directory_role_based_access_control" {
+    for_each = var.enable_role_based_access_control && var.rbac_aad_managed ? ["rbac"] : []
+    content {
+      managed                = true
+      admin_group_object_ids = var.rbac_aad_admin_group_object_ids
     }
+  }
 
-    dynamic "azure_active_directory" {
-      for_each = var.enable_role_based_access_control && !var.rbac_aad_managed ? ["rbac"] : []
-      content {
-        managed           = false
-        client_app_id     = var.rbac_aad_client_app_id
-        server_app_id     = var.rbac_aad_server_app_id
-        server_app_secret = var.rbac_aad_server_app_secret
-      }
+  dynamic "azure_active_directory_role_based_access_control" {
+    for_each = var.enable_role_based_access_control && !var.rbac_aad_managed ? ["rbac"] : []
+    content {
+      managed           = false
+      client_app_id     = var.rbac_aad_client_app_id
+      server_app_id     = var.rbac_aad_server_app_id
+      server_app_secret = var.rbac_aad_server_app_secret
     }
   }
 

outputs.tf

@@ -1,25 +1,32 @@
+
 output "client_key" {
-  value = azurerm_kubernetes_cluster.main.kube_config[0].client_key
+  sensitive = true
+  value     = azurerm_kubernetes_cluster.main.kube_config[0].client_key
 }
 
 output "client_certificate" {
-  value = azurerm_kubernetes_cluster.main.kube_config[0].client_certificate
+  sensitive = true
+  value     = azurerm_kubernetes_cluster.main.kube_config[0].client_certificate
 }
 
 output "cluster_ca_certificate" {
-  value = azurerm_kubernetes_cluster.main.kube_config[0].cluster_ca_certificate
+  sensitive = true
+  value     = azurerm_kubernetes_cluster.main.kube_config[0].cluster_ca_certificate
 }
 
 output "host" {
-  value = azurerm_kubernetes_cluster.main.kube_config[0].host
+  sensitive = true
+  value     = azurerm_kubernetes_cluster.main.kube_config[0].host
 }
 
 output "username" {
-  value = azurerm_kubernetes_cluster.main.kube_config[0].username
+  sensitive = true
+  value     = azurerm_kubernetes_cluster.main.kube_config[0].username
 }
 
 output "password" {
-  value = azurerm_kubernetes_cluster.main.kube_config[0].password
+  sensitive = true
+  value     = azurerm_kubernetes_cluster.main.kube_config[0].password
 }
 
 output "node_resource_group" {
@@ -45,7 +52,7 @@ output "kube_admin_config_raw" {
 }
 
 output "http_application_routing_zone_name" {
-  value = length(azurerm_kubernetes_cluster.main.addon_profile) > 0 && length(azurerm_kubernetes_cluster.main.addon_profile[0].http_application_routing) > 0 ? azurerm_kubernetes_cluster.main.addon_profile[0].http_application_routing[0].http_application_routing_zone_name : ""
+  value = azurerm_kubernetes_cluster.main.http_application_routing_enabled ? azurerm_kubernetes_cluster.main.http_application_routing_zone_name : ""
 }
 
 output "system_assigned_identity" {

test/fixture/main.tf

@@ -61,8 +61,8 @@ module "aks" {
     "Agent" : "agentTag"
   }
 
-  enable_ingress_application_gateway = true
-  ingress_application_gateway_name = "${random_id.prefix.hex}-agw"
+  enable_ingress_application_gateway      = true
+  ingress_application_gateway_name        = "${random_id.prefix.hex}-agw"
   ingress_application_gateway_subnet_cidr = "10.52.1.0/24"
 
   network_policy                 = "azure"
@@ -93,6 +93,6 @@ module "aks_cluster_name" {
   enable_kube_dashboard                = false
   net_profile_pod_cidr                 = "10.1.0.0/16"
   identity_type                        = "UserAssigned"
-  user_assigned_identity_id            = azurerm_user_assigned_identity.test.id
+  identity_ids                         = [azurerm_user_assigned_identity.test.id]
   depends_on                           = [azurerm_resource_group.main]
-}
+}

test/fixture/outputs.tf

@@ -35,30 +35,36 @@ output "test_admin_password" {
 }
 
 output "test_client_key" {
-  value = module.aks.client_key
+  sensitive = true
+  value     = module.aks.client_key
 }
 
 output "test_client_certificate" {
-  value = module.aks.client_certificate
+  sensitive = true
+  value     = module.aks.client_certificate
 }
 
 output "test_cluster_ca_certificate" {
-  value = module.aks.client_certificate
+  sensitive = true
+  value     = module.aks.client_certificate
 }
 
 output "test_host" {
-  value = module.aks.host
+  sensitive = true
+  value     = module.aks.host
 }
 
 output "test_username" {
-  value = module.aks.username
+  sensitive = true
+  value     = module.aks.username
 }
 
 output "test_password" {
-  value = module.aks.password
+  sensitive = true
+  value     = module.aks.password
 }
 
 output "test_kube_raw" {
   sensitive = true
   value     = module.aks.kube_config_raw
-}
+}

variables.tf

@@ -301,15 +301,16 @@ variable "ingress_application_gateway_subnet_id" {
   type        = string
   default     = null
 }
+
 variable "identity_type" {
   description = "(Optional) The type of identity used for the managed cluster. Conflict with `client_id` and `client_secret`. Possible values are `SystemAssigned` and `UserAssigned`. If `UserAssigned` is set, a `user_assigned_identity_id` must be set as well."
   type        = string
   default     = "SystemAssigned"
 }
 
-variable "user_assigned_identity_id" {
-  description = "(Optional) The ID of a user assigned identity."
-  type        = string
+variable "identity_ids" {
+  description = "(Optional) Specifies a list of User Assigned Managed Identity IDs to be assigned to this Kubernetes Cluster."
+  type        = list(string)
   default     = null
 }
 

versions.tf

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "~> 2.46"
+      version = "~> 3.3"
     }
   }