From 214ae4b0d68821ee7b202571d380e7e13c1503bd Mon Sep 17 00:00:00 2001 From: Adrian Stobbe Date: Mon, 31 Jul 2023 15:55:48 +0200 Subject: [PATCH] fix azure ccm config with correct uami client_id --- cli/internal/terraform/terraform/azure/main.tf | 7 +++++++ cli/internal/terraform/terraform/azure/outputs.tf | 2 +- cli/internal/terraform/terraform/azure/variables.tf | 2 +- cli/internal/terraform/terraform/iam/azure/outputs.tf | 1 + 4 files changed, 10 insertions(+), 2 deletions(-) diff --git a/cli/internal/terraform/terraform/azure/main.tf b/cli/internal/terraform/terraform/azure/main.tf index 18d64e3c680..85d437362a6 100644 --- a/cli/internal/terraform/terraform/azure/main.tf +++ b/cli/internal/terraform/terraform/azure/main.tf @@ -38,6 +38,8 @@ locals { // wildcard_lb_dns_name is the DNS name of the load balancer with a wildcard for the name. // example: given "name-1234567890.location.cloudapp.azure.com" it will return "*.location.cloudapp.azure.com" wildcard_lb_dns_name = replace(data.azurerm_public_ip.loadbalancer_ip.fqdn, "/^[^.]*\\./", "*.") + uai_resource_group = element(split("/", var.user_assigned_identity), 4) // deduce from format /$ID/resourceGroups/$RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$NAME" + uai_name = element(split("/",var.user_assigned_identity), length(split("/", var.user_assigned_identity)) - 1) // deduce as above } resource "random_id" "uid" { @@ -280,6 +282,11 @@ module "scale_set_group" { data "azurerm_subscription" "current" { } +data "azurerm_user_assigned_identity" "uaid" { + name = local.uai_name + resource_group_name = local.uai_resource_group +} + moved { from = module.scale_set_control_plane to = module.scale_set_group["control_plane_default"] diff --git a/cli/internal/terraform/terraform/azure/outputs.tf b/cli/internal/terraform/terraform/azure/outputs.tf index c857f31135e..77a3819d715 100644 --- a/cli/internal/terraform/terraform/azure/outputs.tf +++ b/cli/internal/terraform/terraform/azure/outputs.tf @@ -29,7 +29,7 @@ output "loadbalancer_name" { output "user_assigned_identity" { - value = var.user_assigned_identity + value = data.azurerm_user_assigned_identity.uaid.client_id } output "resource_group" { diff --git a/cli/internal/terraform/terraform/azure/variables.tf b/cli/internal/terraform/terraform/azure/variables.tf index 76d68555bb8..053837f8357 100644 --- a/cli/internal/terraform/terraform/azure/variables.tf +++ b/cli/internal/terraform/terraform/azure/variables.tf @@ -59,7 +59,7 @@ variable "resource_group" { } variable "user_assigned_identity" { type = string - description = "The name of the user assigned identity to attache to the nodes of the cluster." + description = "The name of the user assigned identity to attach to the nodes of the cluster. Should be of format: /subscriptions/$ID/resourceGroups/$RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$NAME" } variable "custom_endpoint" { diff --git a/cli/internal/terraform/terraform/iam/azure/outputs.tf b/cli/internal/terraform/terraform/iam/azure/outputs.tf index 7e13fabb0dd..8e6b7b98f77 100644 --- a/cli/internal/terraform/terraform/iam/azure/outputs.tf +++ b/cli/internal/terraform/terraform/iam/azure/outputs.tf @@ -7,5 +7,6 @@ output "tenant_id" { } output "uami_id" { + description = "Outputs the id in the format: /$ID/resourceGroups/$RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$NAME. Not to be confused with the client_id" value = azurerm_user_assigned_identity.identity_uami.id }