feat: Disable Run Command by default for AKS clusters (PSKD-1436) (#449)

Signed-off-by: David.Houck <David.Houck@sas.com>

Author: dhoucgitter

docs/CONFIG-VARS.md

@@ -211,6 +211,7 @@ Ubuntu 20.04 LTS is the operating system used on the Jump/NFS servers. Ubuntu cr
 | aks_cluster_private_dns_zone_id | Specifies private DNS zone resource ID for AKS private cluster to use | string | "" | For `cluster_api_mode=private` if `aks_cluster_private_dns_zone_id` is not specified then the value `System` is used else it is set to null. For details see [Configure a private DNS zone](https://learn.microsoft.com/en-us/azure/aks/private-clusters?tabs=azure-portal#configure-a-private-dns-zone) |
 | aks_cluster_sku_tier | The SKU Tier that should be used for this Kubernetes Cluster. Optimizes api server for cost vs availability | string | "Free" | Valid Values:  "Free", "Standard" and "Premium" | 
 | cluster_support_tier | Specifies the support plan which should be used for this Kubernetes Cluster. | string | "KubernetesOfficial" | Possible values are `KubernetesOfficial` and `AKSLongTermSupport`. To enable long term K8s support is a combination of setting `aks_cluster_sku_tier` to `Premium` tier and explicitly selecting the `cluster_support_tier` as `AKSLongTermSupport`. For details see [Long term Support](https://learn.microsoft.com/en-us/azure/aks/long-term-support) and for which K8s version has long term support see [AKS Kubernetes release calendar](https://learn.microsoft.com/en-us/azure/aks/supported-kubernetes-versions?tabs=azure-cli#aks-kubernetes-release-calendar).| 
+| aks_cluster_run_command_enabled | Enable or disable the AKS Run Command feature | bool | false | The AKS Run Command feature in AKS allows you to remotely execute commands within a running container of your AKS cluster directly from the Azure CLI or Azure portal. To enable the Run Command feature for an AKS cluster where Run Command is disabled, navigate to the Run Command tab for your AKS Cluster in the Azure Portal and select the Enable button. |
 
 ## Node Pools
 

main.tf

@@ -147,6 +147,7 @@ module "aks" {
   aks_cluster_enable_host_encryption       = var.aks_cluster_enable_host_encryption
   aks_node_disk_encryption_set_id          = var.aks_node_disk_encryption_set_id
   aks_cluster_node_admin                   = var.node_vm_admin
+  aks_cluster_run_command_enabled          = var.aks_cluster_run_command_enabled
   aks_cluster_ssh_public_key               = try(file(var.ssh_public_key), "")
   aks_cluster_private_dns_zone_id          = var.aks_cluster_private_dns_zone_id
   aks_vnet_subnet_id                       = module.vnet.subnets["aks"].id

modules/azure_aks/main.tf

@@ -20,6 +20,7 @@ resource "azurerm_kubernetes_cluster" "aks" {
   kubernetes_version      = var.kubernetes_version
   private_cluster_enabled = var.aks_private_cluster
   private_dns_zone_id     = var.aks_private_cluster && var.aks_cluster_private_dns_zone_id != "" ? var.aks_cluster_private_dns_zone_id : (var.aks_private_cluster ? "System" : null)
+  run_command_enabled     = var.aks_cluster_run_command_enabled
 
   network_profile {
     # Docs on AKS Advanced Networking config

modules/azure_aks/variables.tf

@@ -253,3 +253,9 @@ variable "aks_cluster_private_dns_zone_id" {
   type    = string
   default = ""
 }
+
+variable "aks_cluster_run_command_enabled" {
+  description = "Enable or disable the AKS cluster Run Command feature."
+  type        = bool
+  default     = false
+}

test/default_unit_test.go

@@ -65,6 +65,12 @@ func TestPlanDefaults(t *testing.T) {
 			assertFunction:    assert.NotEqual,
 			message:           "The Jump VM machine type should be Standard_B2s",
 		},
+		"runCommandEnabledTest": {
+			expected:          "false",
+			resourceMapName:   "module.aks.azurerm_kubernetes_cluster.aks",
+			attributeJsonPath: "{$.run_command_enabled}",
+			message:           "The AKS cluster Run Command feature should be disabled by default",
+		},
 	}
 
 	variables := getDefaultPlanVars(t)

variables.tf

@@ -802,3 +802,9 @@ variable "aks_cluster_private_dns_zone_id" {
   type        = string
   default     = ""
 }
+
+variable "aks_cluster_run_command_enabled" {
+  description = "Enable or disable the AKS cluster Run Command feature."
+  type        = bool
+  default     = false
+}