fix azure ccm config with correct uami client_id

edgelesssys · Jul 31, 2023 · 03a1a16 · 03a1a16
1 parent 26305e8
commit 03a1a16
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 3 deletions.
diff --git a/cli/internal/terraform/terraform/azure/main.tf b/cli/internal/terraform/terraform/azure/main.tf
@@ -38,6 +38,8 @@ locals {
   // wildcard_lb_dns_name is the DNS name of the load balancer with a wildcard for the name.
   // example: given "name-1234567890.location.cloudapp.azure.com" it will return "*.location.cloudapp.azure.com"
   wildcard_lb_dns_name = replace(data.azurerm_public_ip.loadbalancer_ip.fqdn, "/^[^.]*\\./", "*.")
+  uai_resource_group   = element(split("/", var.user_assigned_identity), 4)                                                  // deduce from format /$ID/resourceGroups/$RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$NAME"
+  uai_name             = element(split("/", var.user_assigned_identity), length(split("/", var.user_assigned_identity)) - 1) // deduce as above
 }
 
 resource "random_id" "uid" {
@@ -280,6 +282,11 @@ module "scale_set_group" {
 data "azurerm_subscription" "current" {
 }
 
+data "azurerm_user_assigned_identity" "uaid" {
+  name                = local.uai_name
+  resource_group_name = local.uai_resource_group
+}
+
 moved {
   from = module.scale_set_control_plane
   to   = module.scale_set_group["control_plane_default"]

diff --git a/cli/internal/terraform/terraform/azure/outputs.tf b/cli/internal/terraform/terraform/azure/outputs.tf
@@ -29,7 +29,7 @@ output "loadbalancer_name" {
 
 
 output "user_assigned_identity" {
-  value = var.user_assigned_identity
+  value = data.azurerm_user_assigned_identity.uaid.client_id
 }
 
 output "resource_group" {

diff --git a/cli/internal/terraform/terraform/azure/variables.tf b/cli/internal/terraform/terraform/azure/variables.tf
@@ -59,7 +59,7 @@ variable "resource_group" {
 }
 variable "user_assigned_identity" {
   type        = string
-  description = "The name of the user assigned identity to attache to the nodes of the cluster."
+  description = "The name of the user assigned identity to attach to the nodes of the cluster. Should be of format: /subscriptions/$ID/resourceGroups/$RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$NAME"
 }
 
 variable "custom_endpoint" {

diff --git a/cli/internal/terraform/terraform/iam/azure/outputs.tf b/cli/internal/terraform/terraform/iam/azure/outputs.tf
@@ -7,5 +7,6 @@ output "tenant_id" {
 }
 
 output "uami_id" {
-  value = azurerm_user_assigned_identity.identity_uami.id
+  description = "Outputs the id in the format: /$ID/resourceGroups/$RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$NAME. Not to be confused with the client_id"
+  value       = azurerm_user_assigned_identity.identity_uami.id
 }