bug fixes and remove deprecated attributes (#14)

ishuar · Oct 8, 2023 · 67d935e · 67d935e
1 parent 54333f9
commit 67d935e
Show file tree

Hide file tree

Showing 7 changed files with 56 additions and 32 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,23 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+
+> **INFO:** This file is only maintained after `v2.0.0` due to no initial availability , please refer to release notes for versions equal or older than `v2.0.0`.
+
+
+## [v2.0.1]
+
+### Fixed
+
+- Corrected variable name to `fluxcd_bucket_name` from `fluxcd_bucket_bucket_name` for [`azurerm_kubernetes_flux_configuration/bucket_name`](https://registry.terraform.io/providers/hashicorp/azurerm/3.75.0/docs/resources/kubernetes_flux_configuration#bucket_name)
+- Added missing variable `fluxcd_blob_storage_sas_token` for [`azurerm_kubernetes_flux_configuration/sas_token`](https://registry.terraform.io/providers/hashicorp/azurerm/3.75.0/docs/resources/kubernetes_flux_configuration#sas_token)
+
+### Others
+
+- Removed deprecated attribute `api_server_authorized_ip_ranges` and use the same variable (`api_server_authorized_ip_ranges`) for `api_server_access_profile` to maintain the backward compatibility. **Removed `api_server_access_profile_authorized_ip_ranges` variable.**
+
+>> Switch to `api_server_authorized_ip_ranges` in case removed variable (api_server_access_profile_authorized_ip_ranges) was used.
+
+- Modify the default value for `allowed_maintenance_window_day` to `Saturday` from `Monday` in maintenance window.
diff --git a/README.md b/README.md
@@ -130,11 +130,10 @@ No modules.
 | <a name="input_aad_rbac_unmanaged_server_app_secret"></a> [aad\_rbac\_unmanaged\_server\_app\_secret](#input\_aad\_rbac\_unmanaged\_server\_app\_secret) | (Optional) Required if aad\_rbac\_managed = false. The Server Secret of an Azure Active Directory Application. | `string` | `null` | no |
 | <a name="input_additional_node_pools"></a> [additional\_node\_pools](#input\_additional\_node\_pools) | (optional) Additional node pool configuration for the aks cluster, ref to module for all inputs possible. | `any` | `{}` | no |
 | <a name="input_admin_username"></a> [admin\_username](#input\_admin\_username) | (optional) The Admin Username for the Cluster. Changing this forces a new resource to be created. | `string` | `"aks-admin"` | no |
-| <a name="input_allowed_maintenance_window_day"></a> [allowed\_maintenance\_window\_day](#input\_allowed\_maintenance\_window\_day) | (optional) Required if `enable_allowed_maintenance_window` is set to true. A day in a week. Possible values are `Sunday`, `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday` and `Saturday` | `string` | `"Monday"` | no |
+| <a name="input_allowed_maintenance_window_day"></a> [allowed\_maintenance\_window\_day](#input\_allowed\_maintenance\_window\_day) | (optional) Required if `enable_allowed_maintenance_window` is set to true. A day in a week. Possible values are `Sunday`, `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday` and `Saturday` | `string` | `"Saturday"` | no |
 | <a name="input_allowed_maintenance_window_hours"></a> [allowed\_maintenance\_window\_hours](#input\_allowed\_maintenance\_window\_hours) | (optional) Required if `enable_allowed_maintenance_window` is set to true. An array of hour slots in a day. For example, specifying 1 will allow maintenance from 1:00am to 2:00am. Specifying 1, 2 will allow maintenance from 1:00am to 3:00m. Possible values are between 0 and 23 | `list(any)` | <pre>[<br>  6,<br>  2<br>]</pre> | no |
-| <a name="input_api_server_access_profile_authorized_ip_ranges"></a> [api\_server\_access\_profile\_authorized\_ip\_ranges](#input\_api\_server\_access\_profile\_authorized\_ip\_ranges) | (Optional) Set of authorized IP ranges to allow access to API server. | `set(string)` | `null` | no |
 | <a name="input_api_server_access_profile_subnet_id"></a> [api\_server\_access\_profile\_subnet\_id](#input\_api\_server\_access\_profile\_subnet\_id) | (Optional) The ID of the Subnet where the API server endpoint is delegated to. | `string` | `null` | no |
-| <a name="input_api_server_authorized_ip_ranges"></a> [api\_server\_authorized\_ip\_ranges](#input\_api\_server\_authorized\_ip\_ranges) | (Optional) The IP ranges to allow for incoming traffic to the cluster nodes. | `set(string)` | `null` | no |
+| <a name="input_api_server_authorized_ip_ranges"></a> [api\_server\_authorized\_ip\_ranges](#input\_api\_server\_authorized\_ip\_ranges) | (Optional) Set of authorized IP ranges to allow access to API server. | `set(string)` | `null` | no |
 | <a name="input_automatic_channel_upgrade"></a> [automatic\_channel\_upgrade](#input\_automatic\_channel\_upgrade) | (Optional) The upgrade channel for this Kubernetes Cluster, see https://docs.microsoft.com/en-us/azure/aks/upgrade-cluster#set-auto-upgrade-channel | `string` | `"node-image"` | no |
 | <a name="input_azure_policy_enabled"></a> [azure\_policy\_enabled](#input\_azure\_policy\_enabled) | Optional) Should the Azure Policy Add-On be enabled? more info: https://docs.microsoft.com/en-ie/azure/governance/policy/concepts/rego-for-aks | `bool` | `false` | no |
 | <a name="input_blob_driver_enabled"></a> [blob\_driver\_enabled](#input\_blob\_driver\_enabled) | (Optional) Is the Blob CSI driver enabled? Defaults to false | `bool` | `false` | no |
@@ -196,6 +195,7 @@ No modules.
 | <a name="input_fluxcd_blob_storage_container_id"></a> [fluxcd\_blob\_storage\_container\_id](#input\_fluxcd\_blob\_storage\_container\_id) | (Required) Specifies the Azure Blob container ID. | `string` | `""` | no |
 | <a name="input_fluxcd_blob_storage_local_auth_reference"></a> [fluxcd\_blob\_storage\_local\_auth\_reference](#input\_fluxcd\_blob\_storage\_local\_auth\_reference) | (Optional) Specifies the name of a local secret on the Kubernetes cluster to use as the authentication secret rather than the managed or user-provided configuration secrets. | `string` | `null` | no |
 | <a name="input_fluxcd_blob_storage_managed_identity_client_id"></a> [fluxcd\_blob\_storage\_managed\_identity\_client\_id](#input\_fluxcd\_blob\_storage\_managed\_identity\_client\_id) | (Required) Specifies the client ID for authenticating a Managed Identity. | `string` | `""` | no |
+| <a name="input_fluxcd_blob_storage_sas_token"></a> [fluxcd\_blob\_storage\_sas\_token](#input\_fluxcd\_blob\_storage\_sas\_token) | (Optional) Specifies the shared access token to access the storage container. | `string` | `null` | no |
 | <a name="input_fluxcd_blob_storage_service_principal_client_certificate_base64"></a> [fluxcd\_blob\_storage\_service\_principal\_client\_certificate\_base64](#input\_fluxcd\_blob\_storage\_service\_principal\_client\_certificate\_base64) | (Optional) Base64-encoded certificate used to authenticate a Service Principal . | `string` | `null` | no |
 | <a name="input_fluxcd_blob_storage_service_principal_client_certificate_password"></a> [fluxcd\_blob\_storage\_service\_principal\_client\_certificate\_password](#input\_fluxcd\_blob\_storage\_service\_principal\_client\_certificate\_password) | (Optional) Specifies the password for the certificate used to authenticate a Service Principal . | `string` | `null` | no |
 | <a name="input_fluxcd_blob_storage_service_principal_client_certificate_send_chain"></a> [fluxcd\_blob\_storage\_service\_principal\_client\_certificate\_send\_chain](#input\_fluxcd\_blob\_storage\_service\_principal\_client\_certificate\_send\_chain) | (Optional) Specifies whether to include x5c header in client claims when acquiring a token to enable subject name / issuer based authentication for the client certificate. | `string` | `null` | no |
@@ -287,7 +287,7 @@ No modules.
 | <a name="input_sku_tier"></a> [sku\_tier](#input\_sku\_tier) | (Optional) The SKU Tier that should be used for this Kubernetes Cluster | `string` | `null` | no |
 | <a name="input_snapshot_controller_enabled"></a> [snapshot\_controller\_enabled](#input\_snapshot\_controller\_enabled) | (Optional) Is the Snapshot Controller enabled? Defaults to true. | `bool` | `true` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Tags for the cluster | `map(string)` | `null` | no |
-| <a name="input_vnet_integration_enabled"></a> [vnet\_integration\_enabled](#input\_vnet\_integration\_enabled) | Should API Server VNet Integration be enabled? For more details please visit [Use API Server VNet Integration.](https://learn.microsoft.com/en-us/azure/aks/api-server-vnet-integration) | `bool` | `null` | no |
+| <a name="input_vnet_integration_enabled"></a> [vnet\_integration\_enabled](#input\_vnet\_integration\_enabled) | Should API Server VNet Integration be enabled? For more details please visit [Use API Server VNet Integration.](https://learn.microsoft.com/en-us/azure/aks/api-server-vnet-integration) | `bool` | `false` | no |
 | <a name="input_vnet_subnet_id"></a> [vnet\_subnet\_id](#input\_vnet\_subnet\_id) | (optional) The ID of the Subnet where this Node Pool should exist.At this time the vnet\_subnet\_id must be the same for all node pools in the cluster | `string` | `null` | no |
 | <a name="input_windows_profile_admin_password"></a> [windows\_profile\_admin\_password](#input\_windows\_profile\_admin\_password) | (optional) The Admin Password for Windows VMs.(Required) if windows\_profile\_enabled is true. | `string` | `"Super$ecUreP@$$w04d"` | no |
 | <a name="input_windows_profile_admin_username"></a> [windows\_profile\_admin\_username](#input\_windows\_profile\_admin\_username) | (optional) The Admin Username for Windows VMs. (Required) if windows\_profile\_enabled is true. | `string` | `"azureadmin"` | no |

diff --git a/examples/flux-enabled-aks/.terraform.lock.hcl b/examples/flux-enabled-aks/.terraform.lock.hcl
diff --git a/flux-cluster-extension.tf b/flux-cluster-extension.tf
@@ -134,7 +134,7 @@ resource "azurerm_kubernetes_flux_configuration" "this" {
   dynamic "bucket" {
     for_each = var.enable_fluxcd_bucket && var.fluxcd_bucket_url != "" && var.fluxcd_bucket_name != "" ? toset(["create_bucket_config"]) : toset([])
     content {
-      bucket_name              = var.fluxcd_bucket_bucket_name
+      bucket_name              = var.fluxcd_bucket_name
       url                      = var.fluxcd_bucket_url
       access_key               = var.fluxcd_bucket_access_key
       secret_key_base64        = var.fluxcd_bucket_secret_key_base64

diff --git a/main.tf b/main.tf
@@ -4,7 +4,8 @@ data "azurerm_kubernetes_cluster" "this" {
   resource_group_name = var.resource_group_name
 }
 locals {
-  aks_cluster = var.existing_aks_cluster ? data.azurerm_kubernetes_cluster.this[0] : azurerm_kubernetes_cluster.this[0]
+  aks_cluster                      = var.existing_aks_cluster ? data.azurerm_kubernetes_cluster.this[0] : azurerm_kubernetes_cluster.this[0]
+  enable_api_server_access_profile = var.api_server_authorized_ip_ranges != null || var.api_server_access_profile_subnet_id != null || var.vnet_integration_enabled
 }
 resource "azurerm_kubernetes_cluster" "this" {
   count                               = var.existing_aks_cluster ? 0 : 1
@@ -15,7 +16,6 @@ resource "azurerm_kubernetes_cluster" "this" {
   dns_prefix                          = var.dns_prefix
   dns_prefix_private_cluster          = var.dns_prefix_private_cluster
   automatic_channel_upgrade           = var.automatic_channel_upgrade
-  api_server_authorized_ip_ranges     = var.api_server_authorized_ip_ranges
   azure_policy_enabled                = var.azure_policy_enabled
   disk_encryption_set_id              = var.disk_encryption_set_id
   local_account_disabled              = var.local_account_disabled
@@ -124,9 +124,9 @@ resource "azurerm_kubernetes_cluster" "this" {
     }
   }
   dynamic "api_server_access_profile" {
-    for_each = var.enable_api_server_access_profile ? [1] : []
+    for_each = local.enable_api_server_access_profile ? [1] : []
     content {
-      authorized_ip_ranges     = var.api_server_access_profile_authorized_ip_ranges
+      authorized_ip_ranges     = var.api_server_authorized_ip_ranges
       subnet_id                = var.api_server_access_profile_subnet_id
       vnet_integration_enabled = var.vnet_integration_enabled
     }

diff --git a/release-version.yaml b/release-version.yaml
@@ -1,6 +1,6 @@
 ## Update this file for a new release version.
 
-module_version: "2.0.0"
+module_version: "2.0.1"
 
 ## Example for manual release notes.
 # release_notes: |
@@ -10,4 +10,4 @@ module_version: "2.0.0"
 #     - Added Automated release workflow.
 
 release_notes: |
-    Please go through the **`What's Changed`** section for complete changelog information.
+    Please go through the **`What's Changed`** section and for complete changelog information refer to [CHANGELOG](https://github.com/ishuar/terraform-azure-aks/blob/main/CHANGELOG.md).
diff --git a/variables.tf b/variables.tf
@@ -80,7 +80,7 @@ variable "enable_not_allowed_maintenance_window" {
 variable "allowed_maintenance_window_day" {
   type        = string
   description = "(optional) Required if `enable_allowed_maintenance_window` is set to true. A day in a week. Possible values are `Sunday`, `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday` and `Saturday`"
-  default     = "Monday"
+  default     = "Saturday"
 }
 
 variable "allowed_maintenance_window_hours" {
@@ -118,11 +118,6 @@ variable "load_balancer_sku" {
   description = " (Optional) Specifies the SKU of the Load Balancer used for this Kubernetes Cluster. Possible values are basic and standard. Defaults to standard. Changing this forces a new resource to be created."
   default     = "standard"
 }
-variable "api_server_authorized_ip_ranges" {
-  type        = set(string)
-  description = "(Optional) The IP ranges to allow for incoming traffic to the cluster nodes."
-  default     = null
-}
 
 variable "default_node_pool_zones" {
   type        = list(string)
@@ -273,7 +268,7 @@ variable "enable_api_server_access_profile" {
   default     = false
 }
 
-variable "api_server_access_profile_authorized_ip_ranges" {
+variable "api_server_authorized_ip_ranges" {
   type        = set(string)
   description = "(Optional) Set of authorized IP ranges to allow access to API server."
   default     = null
@@ -288,7 +283,7 @@ variable "api_server_access_profile_subnet_id" {
 variable "vnet_integration_enabled" {
   type        = bool
   description = "Should API Server VNet Integration be enabled? For more details please visit [Use API Server VNet Integration.](https://learn.microsoft.com/en-us/azure/aks/api-server-vnet-integration)"
-  default     = null
+  default     = false
 }
 
 variable "image_cleaner_enabled" {
@@ -924,6 +919,12 @@ variable "fluxcd_git_repository_local_auth_reference" {
   default     = null
 }
 
+variable "fluxcd_blob_storage_sas_token" {
+  type        = string
+  description = "(Optional) Specifies the shared access token to access the storage container."
+  default     = null
+}
+
 variable "fluxcd_git_repository_ssh_private_key_base64" {
   type        = string
   description = "(Optional) Specifies the Base64-encoded SSH private key in PEM format."