updates necessary for supporting rotation of service principal (#1259)

* update provider to allow for service principal rotation, etc

cluster/azure/acr/main.tf

@@ -1,7 +1,3 @@
-module "azure-provider" {
-  source = "../provider"
-}
-
 data "azurerm_resource_group" "cluster" {
   name     = var.resource_group_name
 }
@@ -14,3 +10,4 @@ resource "azurerm_container_registry" "acr" {
   location = data.azurerm_resource_group.cluster.location
   sku = "Basic"
 }
+

cluster/azure/aks/main.tf

@@ -1,7 +1,3 @@
-module "azure-provider" {
-  source = "../provider"
-}
-
 data "azurerm_resource_group" "cluster" {
   name = var.resource_group_name
 }
@@ -49,11 +45,18 @@ resource "azurerm_kubernetes_cluster" "cluster" {
     }
   }
 
-  agent_pool_profile {
+  # The windows_profile block should be optional.  However, there is a bug in the Terraform Azure provider
+  # that does not treat this block as optional -- even if no windows nodes are used.  If not present, any
+  # change that should result in an update to the cluster causes a replacement.
+  windows_profile {
+    admin_username = "azureuser"
+    admin_password = "Adm1nPa33++"
+  }
+
+  default_node_pool {
     name            = "default"
-    count           = var.agent_vm_count
+    node_count      = var.agent_vm_count
     vm_size         = var.agent_vm_size
-    os_type         = "Linux"
     os_disk_size_gb = 30
     vnet_subnet_id  = var.vnet_subnet_id
   }

cluster/azure/keyvault/main.tf

@@ -1,7 +1,3 @@
-module "azure-provider" {
-  source = "../provider"
-}
-
 data "azurerm_resource_group" "keyvault" {
   name     = var.resource_group_name
 }

cluster/azure/provider/main.tf

@@ -1,10 +1,11 @@
 provider "azurerm" {
-  version = "~>1.32.1"
+  version = "~>1.44.0"
+  features {}
 }
 
 # Needed for the traffic manager role assignment
 provider "azuread" {
-  version = "~>0.5.1"
+  version = "~>0.7.0"
 }
 
 # common modules

cluster/environments/azure-common-infra/main.tf

@@ -1,6 +1,6 @@
-#terraform {
-#  backend "azurerm" {}
-#}
+terraform {
+  backend "azurerm" {}
+}
 
 module "provider" {
   source = "github.com/microsoft/bedrock?ref=master//cluster/azure/provider"

cluster/environments/azure-single-keyvault-cosmos-mongo-db-simple/main.tf

@@ -1,5 +1,9 @@
-terraform {
-  backend "azurerm" {}
+#terraform {
+#  backend "azurerm" {}
+#}
+
+module "provider" {
+  source = "github.com/microsoft/bedrock?ref=master//cluster/azure/provider"
 }
 
 data "azurerm_client_config" "current" {}
@@ -18,7 +22,7 @@ module "subnet" {
   subnet_name          = [var.subnet_name]
   vnet_name            = var.vnet_name
   resource_group_name  = data.azurerm_resource_group.keyvault.name
-  address_prefix       = [var.subnet_prefix]
+  address_prefix       = [var.subnet_address_prefix]
 }
 
 module "aks-gitops" {

cluster/environments/azure-single-keyvault-cosmos-mongo-db-simple/variables.tf

@@ -79,10 +79,6 @@ variable "resource_group_name" {
   type = string
 }
 
-variable "resource_group_location" {
-  type = string
-}
-
 variable "ssh_public_key" {
   type = string
 }
@@ -95,7 +91,7 @@ variable "service_principal_secret" {
   type = string
 }
 
-variable "subnet_prefix" {
+variable "subnet_address_prefix" {
   type = string
 }
 

cluster/environments/azure-single-keyvault/main.tf

@@ -1,6 +1,9 @@
 #terraform {
 #  backend "azurerm" {}
 #}
+module "provider" {
+  source = "github.com/microsoft/bedrock?ref=master//cluster/azure/provider"
+}
 
 data "azurerm_client_config" "current" {}
 

test/bedrock_Azure_single_cosmos_mongo_test.go

@@ -134,12 +134,11 @@ func TestIT_Bedrock_Azure_Single_KV_Cosmos_Mongo_DB_Test(t *testing.T) {
 			"keyvault_resource_group":  kvRG,
                         "kubernetes_version":       k8sVersion,
 			"resource_group_name":      k8sRG,
-			"resource_group_location":  location,
 			"ssh_public_key":           publickey,
 			"service_principal_id":     clientid,
 			"service_principal_secret": clientsecret,
 			"subnet_name":              subnetName,
-			"subnet_prefix":            addressSpace,
+			"subnet_address_prefix":    addressSpace,
 			"vnet_name":                vnetName,
 			"cosmos_db_name":           cosmos_db_name,
 			"mongo_db_name":            mongo_db_name,