From a6051d975d10caa24ffbfad7ae013c63e4388e09 Mon Sep 17 00:00:00 2001
From: Tomas Aschan <1550920+tomasaschan@users.noreply.github.com>
Date: Mon, 7 Jan 2019 18:06:54 +0100
Subject: [PATCH 1/4] Force recreate on DNS prefix change of AKS cluster

If you try to change the DNS prefix with the configuration before this
change, `terraform apply` will fail with a message to this effect.
---
 azurerm/resource_arm_kubernetes_cluster.go      | 1 +
 website/docs/r/kubernetes_cluster.html.markdown | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/azurerm/resource_arm_kubernetes_cluster.go b/azurerm/resource_arm_kubernetes_cluster.go
index 0e413785df41..d45900bd646e 100644
--- a/azurerm/resource_arm_kubernetes_cluster.go
+++ b/azurerm/resource_arm_kubernetes_cluster.go
@@ -75,6 +75,7 @@ func resourceArmKubernetesCluster() *schema.Resource {
 			"dns_prefix": {
 				Type:     schema.TypeString,
 				Required: true,
+				ForceNew: true,
 			},
 
 			"kubernetes_version": {
diff --git a/website/docs/r/kubernetes_cluster.html.markdown b/website/docs/r/kubernetes_cluster.html.markdown
index 338e42ead7be..467110e81e87 100644
--- a/website/docs/r/kubernetes_cluster.html.markdown
+++ b/website/docs/r/kubernetes_cluster.html.markdown
@@ -67,7 +67,7 @@ The following arguments are supported:
 
 * `agent_pool_profile` - (Required) One or more `agent_pool_profile` blocks as documented below.
 
-* `dns_prefix` - (Required) DNS prefix specified when creating the managed cluster.
+* `dns_prefix` - (Required) DNS prefix specified when creating the managed cluster. Changing this forces a new resource to be created.
 
 * `service_principal` - (Required) A `service_principal` block as documented below.
 

From d16b53319f484a633504f86510ba37241fef44dc Mon Sep 17 00:00:00 2001
From: Tomas Aschan <1550920+tomasaschan@users.noreply.github.com>
Date: Mon, 7 Jan 2019 18:12:16 +0100
Subject: [PATCH 2/4] Validate DNS prefix

This validation is not done in the CLI, so creating a cluster with a DNS
prefix that does not fulfill these requirements will not fail. However,
in some cases such a cluster will be badly broken; for example, if the
specified DNS prefix has subdomain parts (e.g. foo.bar.baz), certificate
validation will fail when communicating with the cluster, resulting in
broken behavior for commands such as kubectl logs.

Because of the seriously broken state a cluster can end up in, and since
the cluster will have to be completely recreated in order to change the
DNS prefix, I think it's worthwhile to implement this validation even
before the CLI has been patched to include it.

The source for the validation rules (and error message) is the client-
side validation error message in the Azure Portal, where validation is
already implemented.
---
 azurerm/resource_arm_kubernetes_cluster.go      | 8 ++++++++
 website/docs/r/kubernetes_cluster.html.markdown | 2 ++
 2 files changed, 10 insertions(+)

diff --git a/azurerm/resource_arm_kubernetes_cluster.go b/azurerm/resource_arm_kubernetes_cluster.go
index d45900bd646e..c8ccbeaf480a 100644
--- a/azurerm/resource_arm_kubernetes_cluster.go
+++ b/azurerm/resource_arm_kubernetes_cluster.go
@@ -76,6 +76,7 @@ func resourceArmKubernetesCluster() *schema.Resource {
 				Type:     schema.TypeString,
 				Required: true,
 				ForceNew: true,
+				ValidateFunc: validateKubernetesClusterDnsPrefix(),
 			},
 
 			"kubernetes_version": {
@@ -1124,6 +1125,13 @@ func validateKubernetesClusterAgentPoolName() schema.SchemaValidateFunc {
 	)
 }
 
+func validateKubernetesClusterDnsPrefix() schema.SchemaValidateFunc {
+	return validation.StringMatch(
+		regexp.MustCompile("^[a-zA-Z][a-zA-Z0-9\\-]{0,43}[a-zA-Z0-9]$"),
+		"The DNS name must contain between 3 and 45 characters. The name can contain only letters, numbers, and hyphens. The name must start with a letter and must end with a letter or a number.",
+	)
+}
+
 func flattenKubernetesClusterKubeConfig(config kubernetes.KubeConfig) []interface{} {
 	values := make(map[string]interface{})
 
diff --git a/website/docs/r/kubernetes_cluster.html.markdown b/website/docs/r/kubernetes_cluster.html.markdown
index 467110e81e87..1429866effec 100644
--- a/website/docs/r/kubernetes_cluster.html.markdown
+++ b/website/docs/r/kubernetes_cluster.html.markdown
@@ -69,6 +69,8 @@ The following arguments are supported:
 
 * `dns_prefix` - (Required) DNS prefix specified when creating the managed cluster. Changing this forces a new resource to be created.
 
+-> **NOTE:** The `dns_prefix` must contain between 3 and 45 characters, and can contain only letters, numbers, and hyphens. It must start with a letter and must end with a letter or a number.
+
 * `service_principal` - (Required) A `service_principal` block as documented below.
 
 ---

From 15f7fc47276de843b999288df2609b83c12999a9 Mon Sep 17 00:00:00 2001
From: Tomas Aschan <1550920+tomasaschan@users.noreply.github.com>
Date: Mon, 7 Jan 2019 19:39:19 +0100
Subject: [PATCH 3/4] Apply gofmt

---
 azurerm/resource_arm_kubernetes_cluster.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/azurerm/resource_arm_kubernetes_cluster.go b/azurerm/resource_arm_kubernetes_cluster.go
index c8ccbeaf480a..046fae6212a0 100644
--- a/azurerm/resource_arm_kubernetes_cluster.go
+++ b/azurerm/resource_arm_kubernetes_cluster.go
@@ -73,9 +73,9 @@ func resourceArmKubernetesCluster() *schema.Resource {
 			"resource_group_name": resourceGroupNameSchema(),
 
 			"dns_prefix": {
-				Type:     schema.TypeString,
-				Required: true,
-				ForceNew: true,
+				Type:         schema.TypeString,
+				Required:     true,
+				ForceNew:     true,
 				ValidateFunc: validateKubernetesClusterDnsPrefix(),
 			},
 

From 91742e110f8e5ac267d4296c078a1a7837d8617c Mon Sep 17 00:00:00 2001
From: kt <kt@katbyte.me>
Date: Mon, 7 Jan 2019 23:05:04 -0800
Subject: [PATCH 4/4] refactor regex

---
 azurerm/resource_arm_kubernetes_cluster.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/azurerm/resource_arm_kubernetes_cluster.go b/azurerm/resource_arm_kubernetes_cluster.go
index 046fae6212a0..cd111d63a391 100644
--- a/azurerm/resource_arm_kubernetes_cluster.go
+++ b/azurerm/resource_arm_kubernetes_cluster.go
@@ -1127,7 +1127,7 @@ func validateKubernetesClusterAgentPoolName() schema.SchemaValidateFunc {
 
 func validateKubernetesClusterDnsPrefix() schema.SchemaValidateFunc {
 	return validation.StringMatch(
-		regexp.MustCompile("^[a-zA-Z][a-zA-Z0-9\\-]{0,43}[a-zA-Z0-9]$"),
+		regexp.MustCompile("^[a-zA-Z][-a-zA-Z0-9]{0,43}[a-zA-Z0-9]$"),
 		"The DNS name must contain between 3 and 45 characters. The name can contain only letters, numbers, and hyphens. The name must start with a letter and must end with a letter or a number.",
 	)
 }