Add Conditional Support for System Assigned Identity and Service Principal in AKS Module (#15)

* DEVOPS-292 data file

* DEVOPS-301 added plan files to gitignore

* DEVOPS-292 kubernetes terraform code

* DEVOPS-300 output tf code

* DEVOPS-300 providers and variables tf code

* Update terraform tf files DEVOPS-301 DEVOPS-302

* remove role assignment resource block

* DEVOPS-301 added dynamic block for using sp or identity

Author: githubofkrishnadhas

kubernetes-cluster/kubernetes.tf

@@ -38,9 +38,19 @@ resource "azurerm_kubernetes_cluster" "aks_cluster" {
     dns_service_ip      = cidrhost((var.service_cidr_subnet), 5) # 5th ip on service cidr subnet
   }
 
-  service_principal {
-    client_id = data.azurerm_key_vault_secret.appid.value
-    client_secret = data.azurerm_key_vault_secret.secret.value
+  dynamic "identity" {
+    for_each = var.authentication_method == "identity" ? [1] : []
+    content {
+      type = "SystemAssigned"
+    }
+  }
+
+  dynamic "service_principal" {
+    for_each = var.authentication_method == "service_principal" ? [1] : []
+    content {
+      client_id = data.azurerm_key_vault_secret.appid.value
+      client_secret = data.azurerm_key_vault_secret.secret.value
+    }
   }
 
   workload_identity_enabled = var.workload_identity_enabled

kubernetes-cluster/variables.tf

@@ -343,4 +343,14 @@ variable "kubernetes_version" {
     condition     = can(regex("^[0-9]+\\.[0-9]+\\.[0-9]+$", var.kubernetes_version))
     error_message = "The version must be in the format 'major.minor.patch', where major, minor, and patch are non-negative integers."
   }
-}
+}
+
+variable "authentication_method" {
+  description = "Specify 'identity' to use SystemAssigned identity or 'service_principal' to use service principal"
+  type        = string
+  default     = ""
+  validation {
+    condition = contains(["identity", "service_principal"], var.authentication_method)
+    error_message = "This Value should be either identity or service_principal."
+  }
+}