update aks module to use useridentity

wso2 · Dec 12, 2023 · 5fa9633 · 5fa9633
1 parent f09753e
commit 5fa9633
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/modules/azurerm/AKS-Firewall/role_assignment.tf b/modules/azurerm/AKS-Firewall/role_assignment.tf
@@ -12,13 +12,13 @@
 resource "azurerm_role_assignment" "network_contributor_role_assignment_subnet" {
   scope                = azurerm_subnet.aks_node_pool_subnet.id
   role_definition_name = "Network Contributor"
-  principal_id         = azurerm_kubernetes_cluster.aks_cluster.identity[0].principal_id
+  principal_id         = var.identity_type == "SystemAssigned" ? azurerm_kubernetes_cluster.aks_cluster.identity[0].principal_id : var.user_assigned_identity_principal_id
   depends_on           = [azurerm_kubernetes_cluster.aks_cluster, azurerm_subnet.aks_node_pool_subnet]
 }
 
 resource "azurerm_role_assignment" "aks_network_contributor_role_assignment_loadbalancer_subnet" {
   scope                = azurerm_subnet.internal_load_balancer_subnet.id
   role_definition_name = "Network Contributor"
-  principal_id         = azurerm_kubernetes_cluster.aks_cluster.identity[0].principal_id
+  principal_id         = var.identity_type == "SystemAssigned" ? azurerm_kubernetes_cluster.aks_cluster.identity[0].principal_id : var.user_assigned_identity_principal_id
   depends_on           = [azurerm_kubernetes_cluster.aks_cluster, azurerm_subnet.internal_load_balancer_subnet]
 }
diff --git a/modules/azurerm/AKS-Firewall/variables.tf b/modules/azurerm/AKS-Firewall/variables.tf
@@ -265,3 +265,9 @@ variable "user_assigned_identity_id" {
   type        = string
   default     = ""
 }
+
+variable "user_assigned_identity_principal_id" {
+  description = "User assigned identity principal id"
+  type        = string
+  default     = ""
+}