From 915249b384c400dbf250ec6224835a14a73093ad Mon Sep 17 00:00:00 2001
From: SazniMohamed <ameersazni@gmail.com>
Date: Mon, 19 Aug 2024 21:22:37 +0530
Subject: [PATCH] Update AKS Firewall module to add key_vault_secrets_provider
 metablock only if enabled

---
 modules/azurerm/AKS-Firewall/aks_cluster.tf | 7 +++++--
 modules/azurerm/AKS-Firewall/outputs.tf     | 2 +-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/modules/azurerm/AKS-Firewall/aks_cluster.tf b/modules/azurerm/AKS-Firewall/aks_cluster.tf
index 3b4c3f57..0cae4dd8 100644
--- a/modules/azurerm/AKS-Firewall/aks_cluster.tf
+++ b/modules/azurerm/AKS-Firewall/aks_cluster.tf
@@ -98,7 +98,10 @@ resource "azurerm_kubernetes_cluster" "aks_cluster" {
     outbound_type      = "userDefinedRouting"
   }
 
-  key_vault_secrets_provider {
-    secret_rotation_enabled = var.secret_rotation_enabled
+  dynamic "key_vault_secrets_provider" {
+    for_each = var.secret_rotation_enabled ? [1] : []
+    content {
+      secret_rotation_enabled = var.secret_rotation_enabled
+    }
   }
 }
diff --git a/modules/azurerm/AKS-Firewall/outputs.tf b/modules/azurerm/AKS-Firewall/outputs.tf
index 439d3b6c..a64affbb 100644
--- a/modules/azurerm/AKS-Firewall/outputs.tf
+++ b/modules/azurerm/AKS-Firewall/outputs.tf
@@ -86,7 +86,7 @@ output "node_resource_group" {
 
 output "aks_key_vault_secrets_provider_identity" {
   depends_on = [azurerm_kubernetes_cluster.aks_cluster]
-  value      = azurerm_kubernetes_cluster.aks_cluster.key_vault_secrets_provider[0].secret_identity[0].object_id
+  value      = var.secret_rotation_enabled ? azurerm_kubernetes_cluster.aks_cluster.key_vault_secrets_provider[0].secret_identity[0].object_id : null
 }
 
 output "oidc_issuer_url" {