Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Add enableAad parameter to conditionally configure AAD profile in Kubernetes #3828

Open
wants to merge 18 commits into
base: main
Choose a base branch
from
Open

fix: Add enableAad parameter to conditionally configure AAD profile in Kubernetes #3828

wants to merge 18 commits into from

Conversation

Menghua1
Copy link
Member

Description

This PR introduces a conditional check for the aadProfile configuration in Kubernetes cluster setup. When enableAad is set to false, the AAD (Azure Active Directory) integration will be disabled by setting aadProfile to null. Ensures AAD integration is skipped entirely when not needed, optimizing resource usage and configuration complexity.

Requested by the AZD team: Azure/Azure-Verified-Modules#261, to ensure consistency with the functionality implemented in the aks-managed-cluster.bicep file located in infra/core.

Pipeline Reference

Pipeline
avm.res.container-service.managed-cluster

Type of Change

  • Update to CI Environment or utilities (Non-module affecting changes)
  • Azure Verified Module updates:
    • Bugfix containing backwards-compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in version.json:
      • Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description.
      • The bug was found by the module author, and no one has opened an issue to report it yet.
    • Feature update backwards compatible feature updates, and I have bumped the MINOR version in version.json.
    • Breaking changes and I have bumped the MAJOR version in version.json.
    • Update to documentation

Checklist

  • I'm sure there are no other open Pull Requests for the same update/change
  • I have run Set-AVMModule locally to generate the supporting module files.
  • My corresponding pipelines / checks run clean and green without any errors or warnings

@rajeshkamal5050 for notification.

@Menghua1 Menghua1 requested review from a team as code owners November 22, 2024 04:32
@avm-team-linter avm-team-linter bot added the Needs: Module Owner 📣 This module needs an owner to develop or maintain it label Nov 22, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added the Needs: Triage 🔍 Maintainers need to triage still label Nov 22, 2024
@microsoft-github-policy-service Microsoft GitHub Policy Service
Copy link

Important

The "Needs: Triage 🔍" label must be removed once the triage process is complete!

Tip

For additional guidance on how to triage this issue/PR, see the BRM Issue Triage documentation.

@microsoft-github-policy-service microsoft-github-policy-service bot added the Type: AVM 🅰️ ✌️ Ⓜ️ This is an AVM related issue label Nov 22, 2024
@microsoft-github-policy-service Microsoft GitHub Policy Service
Copy link

Important

If this is a module-related PR, being submitted by the sole owner of the module, the AVM core team must review and approve it (as module owners can't approve their own PRs).

To indicate this PR needs the core team''s attention, apply the "Needs: Core Team 🧞" label!

The core team will only review and approve PRs that have this label applied!

@Menghua1
update test parameter
71933fd 
update main.json

update main.json

update main.json

update main.json

update main.json
@Menghua1 Menghua1 force-pushed the fix/add-aad-profile-conditional branch from 113393b to 71933fd Compare November 22, 2024 04:34
@Menghua1
Copy link
Member Author

@AlexanderSehr Could you please review this PR?

@AlexanderSehr
Copy link
Contributor

@AlexanderSehr Could you please review this PR?

Hey @Menghua1,
I can - but it's the module owners @ilhaan & @JPEasier that would be the ones that need to approve the PR.

Also, there is a very blocking PR here. Without that being resolved, we cannot move forward as this PR. If merged regardless, it will fail the deployment tests in AVM and hence never make it to the publish stage.

AlexanderSehr
AlexanderSehr reviewed Nov 24, 2024
View reviewed changes
avm/res/container-service/managed-cluster/main.bicep
@@ -739,15 +742,15 @@ resource managedCluster 'Microsoft.ContainerService/managedClusters@2024-03-02-p
}
}
publicNetworkAccess: publicNetworkAccess
aadProfile: {
aadProfile: enableAad ? {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If there are any required parameters, would it not maybe be simpler to change this condition do something like aadProfile: !empty(aadProfileClientAppID) ? { ?

Mind you, I have no clue if any of those parameter is required, so this is just an example.

An alternative, by the way, would be to add a user defined type for the aadProfile that is used by a corresponding parameter: param aadProfile aadProfileType? and would contain all the below properties. If implemented, the above suggested check could be changed to something like aadProfile: !empty(aadProfile) ? {

Just some ideas 😏

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AlexanderSehr AlexanderSehr AlexanderSehr left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
Needs: Module Owner 📣 This module needs an owner to develop or maintain it Needs: Triage 🔍 Maintainers need to triage still Type: AVM 🅰️ ✌️ Ⓜ️ This is an AVM related issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Menghua1 @AlexanderSehr