Azure Kubernetes Service: 2020-06 updates

azurerm/internal/services/compute/linux_virtual_machine_scale_set_resource.go

@@ -147,9 +147,10 @@ func resourceArmLinuxVirtualMachineScaleSet() *schema.Resource {
 			"identity": VirtualMachineScaleSetIdentitySchema(),
 
 			"max_bid_price": {
-				Type:     schema.TypeFloat,
-				Optional: true,
-				Default:  -1,
+				Type:         schema.TypeFloat,
+				Optional:     true,
+				Default:      -1,
+				ValidateFunc: validate.SpotMaxPrice,
 			},
 
 			"overprovision": {

azurerm/internal/services/compute/validate/spot_max_price.go

@@ -0,0 +1,28 @@
+package validate
+
+import (
+	"fmt"
+)
+
+// SpotMaxPrice validates the price provided is a valid Spot Price for the Compute
+// API (and downstream API's which use this like AKS)
+func SpotMaxPrice(i interface{}, k string) (warnings []string, errors []error) {
+	v, ok := i.(float64)
+	if !ok {
+		errors = append(errors, fmt.Errorf("expected type of %q to be float", k))
+		return
+	}
+
+	// either -1 (the current VM price)
+	if v == -1.0 {
+		return
+	}
+
+	// at least 0.00001
+	if v < 0.00001 {
+		errors = append(errors, fmt.Errorf("expected %q to be > 0.00001 but got %.5f", k, v))
+		return
+	}
+
+	return
+}

azurerm/internal/services/compute/windows_virtual_machine_scale_set_resource.go

@@ -15,6 +15,7 @@ import (
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/features"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/compute/parse"
+	computeValidate "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/compute/validate"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tags"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tf/base64"
 	azSchema "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tf/schema"
@@ -159,9 +160,10 @@ func resourceArmWindowsVirtualMachineScaleSet() *schema.Resource {
 			},
 
 			"max_bid_price": {
-				Type:     schema.TypeFloat,
-				Optional: true,
-				Default:  -1,
+				Type:         schema.TypeFloat,
+				Optional:     true,
+				Default:      -1,
+				ValidateFunc: computeValidate.SpotMaxPrice,
 			},
 
 			"overprovision": {

azurerm/internal/services/containers/client/client.go

@@ -3,7 +3,7 @@ package client
 import (
 	"github.com/Azure/azure-sdk-for-go/services/containerinstance/mgmt/2018-10-01/containerinstance"
 	"github.com/Azure/azure-sdk-for-go/services/containerregistry/mgmt/2018-09-01/containerregistry"
-	"github.com/Azure/azure-sdk-for-go/services/containerservice/mgmt/2020-02-01/containerservice"
+	"github.com/Azure/azure-sdk-for-go/services/containerservice/mgmt/2020-03-01/containerservice"
 	"github.com/Azure/go-autorest/autorest/azure"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/common"
 )

azurerm/internal/services/containers/kubernetes_addons.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/Azure/azure-sdk-for-go/services/containerservice/mgmt/2020-02-01/containerservice"
+	"github.com/Azure/azure-sdk-for-go/services/containerservice/mgmt/2020-03-01/containerservice"
 	"github.com/Azure/go-autorest/autorest/azure"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
@@ -29,10 +29,13 @@ const (
 var unsupportedAddonsForEnvironment = map[string][]string{
 	azure.ChinaCloud.Name: {
 		aciConnectorKey,           // https://github.com/terraform-providers/terraform-provider-azurerm/issues/5510
+		azurePolicyKey,            // https://github.com/terraform-providers/terraform-provider-azurerm/issues/6462
 		httpApplicationRoutingKey, // https://github.com/terraform-providers/terraform-provider-azurerm/issues/5960
 	},
 	azure.USGovernmentCloud.Name: {
+		azurePolicyKey,            // https://github.com/terraform-providers/terraform-provider-azurerm/issues/6702
 		httpApplicationRoutingKey, // https://github.com/terraform-providers/terraform-provider-azurerm/issues/5960
+		kubernetesDashboardKey,    // https://github.com/terraform-providers/terraform-provider-azurerm/issues/7136
 	},
 }
 
@@ -74,6 +77,18 @@ func schemaKubernetesAddOnProfiles() *schema.Schema {
 								Type:     schema.TypeBool,
 								Required: true,
 							},
+
+							"version": {
+								Type:     schema.TypeString,
+								Required: true,
+								ValidateFunc: validation.StringInSlice([]string{
+									// NOTE: v1 will be removed "after Spring 2020" - https://github.com/terraform-providers/terraform-provider-azurerm/issues/6994
+									// The current cluster uses policy add-on V1. Please migrate to V2 by disabling the add-on, and re-enabling it.
+									// Azure Policy will not support V1 after spring 2020. V2 is a breaking change, so please read carefully on the instruction and impact at: https://aka.ms/akspolicydoc
+									"v1",
+									"v2",
+								}, false),
+							},
 						},
 					},
 				},
@@ -231,10 +246,13 @@ func expandKubernetesAddOnProfiles(input []interface{}, env azure.Environment) (
 	if len(azurePolicy) > 0 && azurePolicy[0] != nil {
 		value := azurePolicy[0].(map[string]interface{})
 		enabled := value["enabled"].(bool)
+		version := value["version"].(string)
 
 		addonProfiles[azurePolicyKey] = &containerservice.ManagedClusterAddonProfile{
 			Enabled: utils.Bool(enabled),
-			Config:  nil,
+			Config: map[string]*string{
+				"version": utils.String(version),
+			},
 		}
 	}
 
@@ -308,8 +326,15 @@ func flattenKubernetesAddOnProfiles(profile map[string]*containerservice.Managed
 			enabled = *enabledVal
 		}
 
+		// not returned for v1
+		version := "v1"
+		if versionVal, ok := azurePolicy.Config["version"]; ok && *versionVal != "" {
+			version = *versionVal
+		}
+
 		azurePolicies = append(azurePolicies, map[string]interface{}{
 			"enabled": enabled,
+			"version": version,
 		})
 	}
 

azurerm/internal/services/containers/kubernetes_cluster_data_source.go

@@ -5,7 +5,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/Azure/azure-sdk-for-go/services/containerservice/mgmt/2020-02-01/containerservice"
+	"github.com/Azure/azure-sdk-for-go/services/containerservice/mgmt/2020-03-01/containerservice"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/kubernetes"
@@ -114,6 +114,10 @@ func dataSourceArmKubernetesCluster() *schema.Resource {
 										Type:     schema.TypeBool,
 										Computed: true,
 									},
+									"version": {
+										Type:     schema.TypeString,
+										Computed: true,
+									},
 								},
 							},
 						},
@@ -186,6 +190,11 @@ func dataSourceArmKubernetesCluster() *schema.Resource {
 							Computed: true,
 						},
 
+						"orchestrator_version": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+
 						"max_pods": {
 							Type:     schema.TypeInt,
 							Computed: true,
@@ -201,13 +210,13 @@ func dataSourceArmKubernetesCluster() *schema.Resource {
 
 						"node_taints": {
 							Type:     schema.TypeList,
-							Optional: true,
+							Computed: true,
 							Elem:     &schema.Schema{Type: schema.TypeString},
 						},
 
 						"enable_node_public_ip": {
 							Type:     schema.TypeBool,
-							Optional: true,
+							Computed: true,
 						},
 					},
 				},
@@ -231,17 +240,20 @@ func dataSourceArmKubernetesCluster() *schema.Resource {
 				},
 			},
 
+			"disk_encryption_set_id": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
 			"private_link_enabled": {
 				Type:          schema.TypeBool,
 				Computed:      true,
-				Optional:      true,
 				ConflictsWith: []string{"private_cluster_enabled"},
 				Deprecated:    "Deprecated in favor of `private_cluster_enabled`", // TODO -- remove this in next major version
 			},
 
 			"private_cluster_enabled": {
 				Type:          schema.TypeBool,
-				Optional:      true,
 				Computed:      true, // TODO -- remove this when deprecation resolves
 				ConflictsWith: []string{"private_link_enabled"},
 			},
@@ -481,11 +493,24 @@ func dataSourceArmKubernetesCluster() *schema.Resource {
 							Computed: true,
 							Elem: &schema.Resource{
 								Schema: map[string]*schema.Schema{
+									"admin_group_object_ids": {
+										Type:     schema.TypeList,
+										Computed: true,
+										Elem: &schema.Schema{
+											Type: schema.TypeString,
+										},
+									},
+
 									"client_app_id": {
 										Type:     schema.TypeString,
 										Computed: true,
 									},
 
+									"managed": {
+										Type:     schema.TypeBool,
+										Computed: true,
+									},
+
 									"server_app_id": {
 										Type:     schema.TypeString,
 										Computed: true,
@@ -553,6 +578,7 @@ func dataSourceArmKubernetesClusterRead(d *schema.ResourceData, meta interface{}
 	if props := resp.ManagedClusterProperties; props != nil {
 		d.Set("dns_prefix", props.DNSPrefix)
 		d.Set("fqdn", props.Fqdn)
+		d.Set("disk_encryption_set_id", props.DiskEncryptionSetID)
 		d.Set("private_fqdn", props.PrivateFQDN)
 		d.Set("kubernetes_version", props.KubernetesVersion)
 		d.Set("node_resource_group", props.NodeResourceGroup)
@@ -647,21 +673,35 @@ func flattenKubernetesClusterDataSourceRoleBasedAccessControl(input *containerse
 
 	results := make([]interface{}, 0)
 	if profile := input.AadProfile; profile != nil {
-		output := make(map[string]interface{})
+		adminGroupObjectIds := utils.FlattenStringSlice(profile.AdminGroupObjectIDs)
 
+		clientAppId := ""
 		if profile.ClientAppID != nil {
-			output["client_app_id"] = *profile.ClientAppID
+			clientAppId = *profile.ClientAppID
 		}
 
+		managed := false
+		if profile.Managed != nil {
+			managed = *profile.Managed
+		}
+
+		serverAppId := ""
 		if profile.ServerAppID != nil {
-			output["server_app_id"] = *profile.ServerAppID
+			serverAppId = *profile.ServerAppID
 		}
 
+		tenantId := ""
 		if profile.TenantID != nil {
-			output["tenant_id"] = *profile.TenantID
+			tenantId = *profile.TenantID
 		}
 
-		results = append(results, output)
+		results = append(results, map[string]interface{}{
+			"admin_group_object_ids": adminGroupObjectIds,
+			"client_app_id":          clientAppId,
+			"managed":                managed,
+			"server_app_id":          serverAppId,
+			"tenant_id":              tenantId,
+		})
 	}
 
 	return []interface{}{
@@ -772,8 +812,14 @@ func flattenKubernetesClusterDataSourceAddonProfiles(profile map[string]*contain
 			enabled = *enabledVal
 		}
 
+		version := "v1"
+		if versionVal, ok := azurePolicy.Config["version"]; ok && *versionVal != "" {
+			version = *versionVal
+		}
+
 		output := map[string]interface{}{
 			"enabled": enabled,
+			"version": version,
 		}
 		azurePolicies = append(azurePolicies, output)
 	}
@@ -864,6 +910,10 @@ func flattenKubernetesClusterDataSourceAgentPoolProfiles(input *[]containerservi
 			agentPoolProfile["os_type"] = string(profile.OsType)
 		}
 
+		if profile.OrchestratorVersion != nil && *profile.OrchestratorVersion != "" {
+			agentPoolProfile["orchestrator_version"] = *profile.OrchestratorVersion
+		}
+
 		if profile.MaxPods != nil {
 			agentPoolProfile["max_pods"] = int(*profile.MaxPods)
 		}