Skip to content

Commit

Permalink
Container Service Api server authorized ip ranges (#3262)
Browse files Browse the repository at this point in the history
  • Loading branch information
@katbyte
Fraser Darwent authored and katbyte committed May 6, 2019
1 parent f2cde3b commit 002ea7e
Show file tree
Hide file tree
Showing 14 changed files with 6,138 additions and 25 deletions.
2 changes: 1 addition & 1 deletion azurerm/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ import (
"github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2018-06-01/compute"
"github.com/Azure/azure-sdk-for-go/services/containerinstance/mgmt/2018-10-01/containerinstance"
"github.com/Azure/azure-sdk-for-go/services/containerregistry/mgmt/2017-10-01/containerregistry"
"github.com/Azure/azure-sdk-for-go/services/containerservice/mgmt/2018-03-31/containerservice"
"github.com/Azure/azure-sdk-for-go/services/containerservice/mgmt/2019-02-01/containerservice"
"github.com/Azure/azure-sdk-for-go/services/cosmos-db/mgmt/2015-04-08/documentdb"
"github.com/Azure/azure-sdk-for-go/services/databricks/mgmt/2018-04-01/databricks"
"github.com/Azure/azure-sdk-for-go/services/datafactory/mgmt/2018-06-01/datafactory"
Expand Down
4 changes: 2 additions & 2 deletions azurerm/data_source_kubernetes_cluster.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ import (
"fmt"
"strings"

"github.com/Azure/azure-sdk-for-go/services/containerservice/mgmt/2018-03-31/containerservice"
"github.com/Azure/azure-sdk-for-go/services/containerservice/mgmt/2019-02-01/containerservice"
"github.com/hashicorp/terraform/helper/schema"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/kubernetes"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
Expand Down Expand Up @@ -612,7 +612,7 @@ func flattenKubernetesClusterDataSourceLinuxProfile(input *containerservice.Linu
return []interface{}{values}
}

func flattenKubernetesClusterDataSourceNetworkProfile(profile *containerservice.NetworkProfile) []interface{} {
func flattenKubernetesClusterDataSourceNetworkProfile(profile *containerservice.NetworkProfileType) []interface{} {
values := make(map[string]interface{})

values["network_plugin"] = profile.NetworkPlugin
Expand Down
2 changes: 1 addition & 1 deletion azurerm/resource_arm_container_service.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ import (

"bytes"

"github.com/Azure/azure-sdk-for-go/services/containerservice/mgmt/2018-03-31/containerservice"
"github.com/Azure/azure-sdk-for-go/services/containerservice/mgmt/2019-02-01/containerservice"
"github.com/hashicorp/terraform/helper/hashcode"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/helper/schema"
Expand Down
59 changes: 38 additions & 21 deletions azurerm/resource_arm_kubernetes_cluster.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ import (
"log"
"strings"

"github.com/Azure/azure-sdk-for-go/services/containerservice/mgmt/2018-03-31/containerservice"
"github.com/Azure/azure-sdk-for-go/services/containerservice/mgmt/2019-02-01/containerservice"
"github.com/hashicorp/terraform/helper/hashcode"
"github.com/hashicorp/terraform/helper/schema"
"github.com/hashicorp/terraform/helper/validation"
Expand Down Expand Up @@ -319,8 +319,8 @@ func resourceArmKubernetesCluster() *schema.Resource {
Computed: true,
ForceNew: true,
ValidateFunc: validation.StringInSlice([]string{
string(containerservice.Calico),
string(containerservice.Azure),
string(containerservice.NetworkPolicyCalico),
string(containerservice.NetworkPolicyAzure),
}, false),
},

Expand Down Expand Up @@ -512,6 +512,15 @@ func resourceArmKubernetesCluster() *schema.Resource {
Type: schema.TypeString,
Computed: true,
},

"api_server_authorized_ip_ranges": {
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Schema{
Type: schema.TypeString,
ValidateFunc: validate.CIDR,
},
},
},
}
}
Expand Down Expand Up @@ -566,19 +575,23 @@ func resourceArmKubernetesClusterCreateUpdate(d *schema.ResourceData, meta inter
rbacRaw := d.Get("role_based_access_control").([]interface{})
rbacEnabled, azureADProfile := expandKubernetesClusterRoleBasedAccessControl(rbacRaw, tenantId)

apiServerAuthorizedIPRangesRaw := d.Get("api_server_authorized_ip_ranges").(*schema.Set).List()
apiServerAuthorizedIPRanges := utils.ExpandStringArray(apiServerAuthorizedIPRangesRaw)

parameters := containerservice.ManagedCluster{
Name: &name,
Location: &location,
ManagedClusterProperties: &containerservice.ManagedClusterProperties{
AadProfile: azureADProfile,
AddonProfiles: addonProfiles,
AgentPoolProfiles: &agentProfiles,
DNSPrefix: utils.String(dnsPrefix),
EnableRBAC: utils.Bool(rbacEnabled),
KubernetesVersion: utils.String(kubernetesVersion),
LinuxProfile: linuxProfile,
NetworkProfile: networkProfile,
ServicePrincipalProfile: servicePrincipalProfile,
APIServerAuthorizedIPRanges: apiServerAuthorizedIPRanges,
AadProfile: azureADProfile,
AddonProfiles: addonProfiles,
AgentPoolProfiles: &agentProfiles,
DNSPrefix: utils.String(dnsPrefix),
EnableRBAC: utils.Bool(rbacEnabled),
KubernetesVersion: utils.String(kubernetesVersion),
LinuxProfile: linuxProfile,
NetworkProfile: networkProfile,
ServicePrincipalProfile: servicePrincipalProfile,
},
Tags: expandTags(tags),
}
Expand Down Expand Up @@ -645,6 +658,11 @@ func resourceArmKubernetesClusterRead(d *schema.ResourceData, meta interface{})
d.Set("kubernetes_version", props.KubernetesVersion)
d.Set("node_resource_group", props.NodeResourceGroup)

apiServerAuthorizedIPRanges := utils.FlattenStringArray(props.APIServerAuthorizedIPRanges)
if err := d.Set("api_server_authorized_ip_ranges", apiServerAuthorizedIPRanges); err != nil {
return fmt.Errorf("Error setting `api_server_authorized_ip_ranges`: %+v", err)
}

addonProfiles := flattenKubernetesClusterAddonProfiles(props.AddonProfiles)
if err := d.Set("addon_profile", addonProfiles); err != nil {
return fmt.Errorf("Error setting `addon_profile`: %+v", err)
Expand Down Expand Up @@ -885,12 +903,11 @@ func expandKubernetesClusterAgentPoolProfiles(d *schema.ResourceData) []containe
osType := config["os_type"].(string)

profile := containerservice.ManagedClusterAgentPoolProfile{
Name: utils.String(name),
Count: utils.Int32(count),
VMSize: containerservice.VMSizeTypes(vmSize),
OsDiskSizeGB: utils.Int32(osDiskSizeGB),
StorageProfile: containerservice.ManagedDisks,
OsType: containerservice.OSType(osType),
Name: utils.String(name),
Count: utils.Int32(count),
VMSize: containerservice.VMSizeTypes(vmSize),
OsDiskSizeGB: utils.Int32(osDiskSizeGB),
OsType: containerservice.OSType(osType),
}

if maxPods := int32(config["max_pods"].(int)); maxPods > 0 {
Expand Down Expand Up @@ -1015,7 +1032,7 @@ func flattenKubernetesClusterLinuxProfile(profile *containerservice.LinuxProfile
return []interface{}{values}
}

func expandKubernetesClusterNetworkProfile(d *schema.ResourceData) *containerservice.NetworkProfile {
func expandKubernetesClusterNetworkProfile(d *schema.ResourceData) *containerservice.NetworkProfileType {
configs := d.Get("network_profile").([]interface{})
if len(configs) == 0 {
return nil
Expand All @@ -1027,7 +1044,7 @@ func expandKubernetesClusterNetworkProfile(d *schema.ResourceData) *containerser

networkPolicy := config["network_policy"].(string)

networkProfile := containerservice.NetworkProfile{
networkProfile := containerservice.NetworkProfileType{
NetworkPlugin: containerservice.NetworkPlugin(networkPlugin),
NetworkPolicy: containerservice.NetworkPolicy(networkPolicy),
}
Expand Down Expand Up @@ -1055,7 +1072,7 @@ func expandKubernetesClusterNetworkProfile(d *schema.ResourceData) *containerser
return &networkProfile
}

func flattenKubernetesClusterNetworkProfile(profile *containerservice.NetworkProfile) []interface{} {
func flattenKubernetesClusterNetworkProfile(profile *containerservice.NetworkProfileType) []interface{} {
if profile == nil {
return []interface{}{}
}
Expand Down
73 changes: 73 additions & 0 deletions azurerm/resource_arm_kubernetes_cluster_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -548,6 +548,46 @@ func TestAccAzureRMKubernetesCluster_advancedNetworkingAzureNPMPolicyComplete(t
})
}

func TestAccAzureRMKubernetesCluster_apiServerAuthorizedIPRanges(t *testing.T) {
resourceName := "azurerm_kubernetes_cluster.test"
ri := tf.AccRandTimeInt()
clientId := os.Getenv("ARM_CLIENT_ID")
clientSecret := os.Getenv("ARM_CLIENT_SECRET")
config := testAccAzureRMKubernetesCluster_apiServerAuthorizedIPRanges(ri, clientId, clientSecret, testLocation())

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testCheckAzureRMKubernetesClusterDestroy,
Steps: []resource.TestStep{
{
Config: config,
Check: resource.ComposeTestCheckFunc(
testCheckAzureRMKubernetesClusterExists(resourceName),
resource.TestCheckResourceAttr(resourceName, "role_based_access_control.#", "1"),
resource.TestCheckResourceAttr(resourceName, "role_based_access_control.0.enabled", "false"),
resource.TestCheckResourceAttr(resourceName, "role_based_access_control.0.azure_active_directory.#", "0"),
resource.TestCheckResourceAttrSet(resourceName, "kube_config.0.client_key"),
resource.TestCheckResourceAttrSet(resourceName, "kube_config.0.client_certificate"),
resource.TestCheckResourceAttrSet(resourceName, "kube_config.0.cluster_ca_certificate"),
resource.TestCheckResourceAttrSet(resourceName, "kube_config.0.host"),
resource.TestCheckResourceAttrSet(resourceName, "kube_config.0.username"),
resource.TestCheckResourceAttrSet(resourceName, "kube_config.0.password"),
resource.TestCheckResourceAttr(resourceName, "kube_admin_config.#", "0"),
resource.TestCheckResourceAttr(resourceName, "kube_admin_config_raw", ""),
resource.TestCheckResourceAttrSet(resourceName, "agent_pool_profile.0.max_pods"),
resource.TestCheckResourceAttr(resourceName, "api_server_authorized_ip_ranges.#", "3"),
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
},
},
})
}

func testCheckAzureRMKubernetesClusterExists(resourceName string) resource.TestCheckFunc {
return func(s *terraform.State) error {
// Ensure we have enough information in state to look up in API
Expand Down Expand Up @@ -1358,3 +1398,36 @@ resource "azurerm_kubernetes_cluster" "test" {
}
`, rInt, location, rInt, rInt, rInt, rInt, rInt, rInt, rInt, clientId, clientSecret, networkPlugin, networkPolicy)
}

func testAccAzureRMKubernetesCluster_apiServerAuthorizedIPRanges(rInt int, clientId string, clientSecret string, location string) string {
return fmt.Sprintf(`
resource "azurerm_resource_group" "test" {
name = "acctestRG-%d"
location = "%s"
}
resource "azurerm_kubernetes_cluster" "test" {
name = "acctestaks%d"
location = "${azurerm_resource_group.test.location}"
resource_group_name = "${azurerm_resource_group.test.name}"
dns_prefix = "acctestaks%d"
agent_pool_profile {
name = "default"
count = "1"
vm_size = "Standard_DS2_v2"
}
service_principal {
client_id = "%s"
client_secret = "%s"
}
api_server_authorized_ip_ranges = [
"8.8.8.8/32",
"8.8.4.4/32",
"8.8.2.0/24",
]
}
`, rInt, location, rInt, rInt, clientId, clientSecret)
}
Loading

0 comments on commit 002ea7e

Please sign in to comment.