Azure · nellyk · Jan 30, 2025 · Jan 17, 2025 · Jan 27, 2025
diff --git a/README.md b/README.md
@@ -348,13 +348,137 @@ Default: `null`
 
 The following outputs are exported:
 
-### <a name="output_resource"></a> [resource](#output\_resource)
+### <a name="output_current_kubernetes_version"></a> [current\_kubernetes\_version](#output\_current\_kubernetes\_version)
 
-Description: This is the full output for the resource.
+Description: The current version running on the Azure Kubernetes Managed Cluster
+
+### <a name="output_fqdn"></a> [fqdn](#output\_fqdn)
+
+Description: The FQDN of the Azure Kubernetes Managed Cluster
+
+### <a name="output_http_application_routing_zone_name"></a> [http\_application\_routing\_zone\_name](#output\_http\_application\_routing\_zone\_name)
+
+Description: The Zone Name of the HTTP Application Routing
+
+### <a name="output_identity_principal_id"></a> [identity\_principal\_id](#output\_identity\_principal\_id)
+
+Description: The Principal ID associated with this Managed Service Identity
+
+### <a name="output_identity_tenant_id"></a> [identity\_tenant\_id](#output\_identity\_tenant\_id)
+
+Description: The Tenant ID associated with this Managed Service Identity
+
+### <a name="output_ingress_application_gateway_identity_client_id"></a> [ingress\_application\_gateway\_identity\_client\_id](#output\_ingress\_application\_gateway\_identity\_client\_id)
+
+Description: The Client ID of the user-defined Managed Identity used by the Application Gateway
+
+### <a name="output_ingress_application_gateway_identity_object_id"></a> [ingress\_application\_gateway\_identity\_object\_id](#output\_ingress\_application\_gateway\_identity\_object\_id)
+
+Description: The Object ID of the user-defined Managed Identity used by the Application Gateway
+
+### <a name="output_ingress_application_gateway_identity_user_assigned_identity_id"></a> [ingress\_application\_gateway\_identity\_user\_assigned\_identity\_id](#output\_ingress\_application\_gateway\_identity\_user\_assigned\_identity\_id)
+
+Description: The ID of the User Assigned Identity used by the Application Gateway
+
+### <a name="output_key_vault_secrets_provider_secret_identity_client_id"></a> [key\_vault\_secrets\_provider\_secret\_identity\_client\_id](#output\_key\_vault\_secrets\_provider\_secret\_identity\_client\_id)
+
+Description: The Client ID of the user-defined Managed Identity used by the Secret Provider
+
+### <a name="output_key_vault_secrets_provider_secret_identity_object_id"></a> [key\_vault\_secrets\_provider\_secret\_identity\_object\_id](#output\_key\_vault\_secrets\_provider\_secret\_identity\_object\_id)
+
+Description: The Object ID of the user-defined Managed Identity used by the Secret Provider
+
+### <a name="output_key_vault_secrets_provider_secret_identity_user_assigned_identity_id"></a> [key\_vault\_secrets\_provider\_secret\_identity\_user\_assigned\_identity\_id](#output\_key\_vault\_secrets\_provider\_secret\_identity\_user\_assigned\_identity\_id)
+
+Description: The ID of the User Assigned Identity used by the Secret Provider
+
+### <a name="output_kube_admin_config"></a> [kube\_admin\_config](#output\_kube\_admin\_config)
+
+Description: The kube\_admin\_config block for the Azure Kubernetes Managed Cluster
+
+### <a name="output_kube_admin_config_raw"></a> [kube\_admin\_config\_raw](#output\_kube\_admin\_config\_raw)
+
+Description: Raw Kubernetes config for the admin account
+
+### <a name="output_kube_config"></a> [kube\_config](#output\_kube\_config)
+
+Description: The kube\_config block for the Azure Kubernetes Managed Cluster
+
+### <a name="output_kube_config_raw"></a> [kube\_config\_raw](#output\_kube\_config\_raw)
+
+Description: Raw Kubernetes config for the user account
+
+### <a name="output_kubelet_identity_client_id"></a> [kubelet\_identity\_client\_id](#output\_kubelet\_identity\_client\_id)
+
+Description: The Client ID of the user-defined Managed Identity assigned to the Kubelets
+
+### <a name="output_kubelet_identity_object_id"></a> [kubelet\_identity\_object\_id](#output\_kubelet\_identity\_object\_id)
+
+Description: The Object ID of the user-defined Managed Identity assigned to the Kubelets
+
+### <a name="output_kubelet_identity_user_assigned_identity_id"></a> [kubelet\_identity\_user\_assigned\_identity\_id](#output\_kubelet\_identity\_user\_assigned\_identity\_id)
+
+Description: The ID of the User Assigned Identity assigned to the Kubelets
+
+### <a name="output_load_balancer_profile_effective_outbound_ips"></a> [load\_balancer\_profile\_effective\_outbound\_ips](#output\_load\_balancer\_profile\_effective\_outbound\_ips)
+
+Description: The effective outbound IPs for the load balancer profile
+
+### <a name="output_nat_gateway_profile_effective_outbound_ips"></a> [nat\_gateway\_profile\_effective\_outbound\_ips](#output\_nat\_gateway\_profile\_effective\_outbound\_ips)
+
+Description: The effective outbound IPs for the NAT Gateway profile
+
+### <a name="output_network_profile"></a> [network\_profile](#output\_network\_profile)
+
+Description: The network profile block for the Kubernetes cluster
+
+### <a name="output_node_resource_group"></a> [node\_resource\_group](#output\_node\_resource\_group)
+
+Description: The auto-generated Resource Group containing resources for the Managed Kubernetes Cluster
+
+### <a name="output_node_resource_group_id"></a> [node\_resource\_group\_id](#output\_node\_resource\_group\_id)
+
+Description: The ID of the Resource Group containing resources for the Managed Kubernetes Cluster
+
+### <a name="output_oidc_issuer_url"></a> [oidc\_issuer\_url](#output\_oidc\_issuer\_url)
+
+Description: The OIDC issuer URL that is associated with the cluster
+
+### <a name="output_oms_agent_identity_client_id"></a> [oms\_agent\_identity\_client\_id](#output\_oms\_agent\_identity\_client\_id)
+
+Description: The Client ID of the user-defined Managed Identity used by the OMS Agents
+
+### <a name="output_oms_agent_identity_object_id"></a> [oms\_agent\_identity\_object\_id](#output\_oms\_agent\_identity\_object\_id)
+
+Description: The Object ID of the user-defined Managed Identity used by the OMS Agents
+
+### <a name="output_oms_agent_identity_user_assigned_identity_id"></a> [oms\_agent\_identity\_user\_assigned\_identity\_id](#output\_oms\_agent\_identity\_user\_assigned\_identity\_id)
+
+Description: The ID of the User Assigned Identity used by the OMS Agents
+
+### <a name="output_portal_fqdn"></a> [portal\_fqdn](#output\_portal\_fqdn)
+
+Description: The FQDN for the Azure Portal resources when private link has been enabled
+
+### <a name="output_private_fqdn"></a> [private\_fqdn](#output\_private\_fqdn)
+
+Description: The FQDN for the Kubernetes Cluster when private link has been enabled
 
 ### <a name="output_resource_id"></a> [resource\_id](#output\_resource\_id)
 
-Description: The `azurerm_kubernetes_cluster`'s resource id.
+Description: The Kubernetes Managed Cluster ID.
+
+### <a name="output_web_app_routing_web_app_routing_identity_client_id"></a> [web\_app\_routing\_web\_app\_routing\_identity\_client\_id](#output\_web\_app\_routing\_web\_app\_routing\_identity\_client\_id)
+
+Description: The Client ID of the user-defined Managed Identity used for Web App Routing
+
+### <a name="output_web_app_routing_web_app_routing_identity_object_id"></a> [web\_app\_routing\_web\_app\_routing\_identity\_object\_id](#output\_web\_app\_routing\_web\_app\_routing\_identity\_object\_id)
+
+Description: The Object ID of the user-defined Managed Identity used for Web App Routing
+
+### <a name="output_web_app_routing_web_app_routing_identity_user_assigned_identity_id"></a> [web\_app\_routing\_web\_app\_routing\_identity\_user\_assigned\_identity\_id](#output\_web\_app\_routing\_web\_app\_routing\_identity\_user\_assigned\_identity\_id)
+
+Description: The ID of the User Assigned Identity used for Web App Routing
 
 ## Modules
 

diff --git a/outputs.tf b/outputs.tf
@@ -1,11 +1,167 @@
-# Module owners should include the full resource via a 'resource' output
-# https://azure.github.io/Azure-Verified-Modules/specs/terraform/#id-tffr2---category-outputs---additional-terraform-outputs
-output "resource" {
-  description = "This is the full output for the resource."
-  value       = azurerm_kubernetes_cluster.this
+# Authors SHOULD NOT output entire resource objects as these may contain sensitive outputs and the schema can change with API or provider versions
+# https://azure.github.io/Azure-Verified-Modules/specs/tf/res/#id-tffr2---category-outputs---additional-terraform-outputs
+
+output "current_kubernetes_version" {
+  description = "The current version running on the Azure Kubernetes Managed Cluster"
+  value       = azurerm_kubernetes_cluster.this.current_kubernetes_version
+}
+
+output "fqdn" {
+  description = "The FQDN of the Azure Kubernetes Managed Cluster"
+  value       = azurerm_kubernetes_cluster.this.fqdn
+}
+
+output "http_application_routing_zone_name" {
+  description = "The Zone Name of the HTTP Application Routing"
+  value       = azurerm_kubernetes_cluster.this.http_application_routing_zone_name
+}
+
+output "identity_principal_id" {
+  description = "The Principal ID associated with this Managed Service Identity"
+  value       = try(azurerm_kubernetes_cluster.this.identity[0].principal_id, null)
+}
+
+output "identity_tenant_id" {
+  description = "The Tenant ID associated with this Managed Service Identity"
+  value       = try(azurerm_kubernetes_cluster.this.identity[0].tenant_id, null)
+}
+
+output "ingress_application_gateway_identity_client_id" {
+  description = "The Client ID of the user-defined Managed Identity used by the Application Gateway"
+  value       = try(azurerm_kubernetes_cluster.this.ingress_application_gateway[0].ingress_application_gateway_identity[0].client_id, null)
+}
+
+output "ingress_application_gateway_identity_object_id" {
+  description = "The Object ID of the user-defined Managed Identity used by the Application Gateway"
+  value       = try(azurerm_kubernetes_cluster.this.ingress_application_gateway[0].ingress_application_gateway_identity[0].object_id, null)
+}
+
+output "ingress_application_gateway_identity_user_assigned_identity_id" {
+  description = "The ID of the User Assigned Identity used by the Application Gateway"
+  value       = try(azurerm_kubernetes_cluster.this.ingress_application_gateway[0].ingress_application_gateway_identity[0].user_assigned_identity_id, null)
+}
+
+output "key_vault_secrets_provider_secret_identity_client_id" {
+  description = "The Client ID of the user-defined Managed Identity used by the Secret Provider"
+  value       = try(azurerm_kubernetes_cluster.this.key_vault_secrets_provider[0].secret_identity[0].client_id, null)
+}
+
+output "key_vault_secrets_provider_secret_identity_object_id" {
+  description = "The Object ID of the user-defined Managed Identity used by the Secret Provider"
+  value       = azurerm_kubernetes_cluster.this.key_vault_secrets_provider[0].secret_identity[0].object_id
+}
+
+output "key_vault_secrets_provider_secret_identity_user_assigned_identity_id" {
+  description = "The ID of the User Assigned Identity used by the Secret Provider"
+  value       = azurerm_kubernetes_cluster.this.key_vault_secrets_provider[0].secret_identity[0].user_assigned_identity_id
+}
+
+output "kube_admin_config" {
+  description = "The kube_admin_config block for the Azure Kubernetes Managed Cluster"
+  value       = azurerm_kubernetes_cluster.this.kube_admin_config
+}
+
+output "kube_admin_config_raw" {
+  description = "Raw Kubernetes config for the admin account"
+  value       = azurerm_kubernetes_cluster.this.kube_admin_config_raw
+}
+
+output "kube_config" {
+  description = "The kube_config block for the Azure Kubernetes Managed Cluster"
+  value       = azurerm_kubernetes_cluster.this.kube_config
+}
+
+output "kube_config_raw" {
+  description = "Raw Kubernetes config for the user account"
+  value       = azurerm_kubernetes_cluster.this.kube_config_raw
+}
+
+output "kubelet_identity_client_id" {
+  description = "The Client ID of the user-defined Managed Identity assigned to the Kubelets"
+  value       = azurerm_kubernetes_cluster.this.kubelet_identity[0].client_id
+}
+
+output "kubelet_identity_object_id" {
+  description = "The Object ID of the user-defined Managed Identity assigned to the Kubelets"
+  value       = azurerm_kubernetes_cluster.this.kubelet_identity[0].object_id
+}
+
+output "kubelet_identity_user_assigned_identity_id" {
+  description = "The ID of the User Assigned Identity assigned to the Kubelets"
+  value       = azurerm_kubernetes_cluster.this.kubelet_identity[0].user_assigned_identity_id
+}
+
+output "load_balancer_profile_effective_outbound_ips" {
+  description = "The effective outbound IPs for the load balancer profile"
+  value       = try(azurerm_kubernetes_cluster.this.network_profile[0].load_balancer_profile[0].effective_outbound_ips, null)
+}
+
+output "nat_gateway_profile_effective_outbound_ips" {
+  description = "The effective outbound IPs for the NAT Gateway profile"
+  value       = try(azurerm_kubernetes_cluster.this.network_profile[0].nat_gateway_profile[0].effective_outbound_ips, null)
+}
+
+output "network_profile" {
+  description = "The network profile block for the Kubernetes cluster"
+  value       = azurerm_kubernetes_cluster.this.network_profile
+}
+
+output "node_resource_group" {
+  description = "The auto-generated Resource Group containing resources for the Managed Kubernetes Cluster"
+  value       = azurerm_kubernetes_cluster.this.node_resource_group
+}
+
+output "node_resource_group_id" {
+  description = "The ID of the Resource Group containing resources for the Managed Kubernetes Cluster"
+  value       = azurerm_kubernetes_cluster.this.node_resource_group_id
+}
+
+output "oidc_issuer_url" {
+  description = "The OIDC issuer URL that is associated with the cluster"
+  value       = azurerm_kubernetes_cluster.this.oidc_issuer_url
+}
+
+output "oms_agent_identity_client_id" {
+  description = "The Client ID of the user-defined Managed Identity used by the OMS Agents"
+  value       = try(azurerm_kubernetes_cluster.this.oms_agent[0].oms_agent_identity[0].client_id, null)
+}
+
+output "oms_agent_identity_object_id" {
+  description = "The Object ID of the user-defined Managed Identity used by the OMS Agents"
+  value       = try(azurerm_kubernetes_cluster.this.oms_agent[0].oms_agent_identity[0].object_id, null)
+}
+
+output "oms_agent_identity_user_assigned_identity_id" {
+  description = "The ID of the User Assigned Identity used by the OMS Agents"
+  value       = try(azurerm_kubernetes_cluster.this.oms_agent[0].oms_agent_identity[0].user_assigned_identity_id, null)
+}
+
+output "portal_fqdn" {
+  description = "The FQDN for the Azure Portal resources when private link has been enabled"
+  value       = try(azurerm_kubernetes_cluster.this.portal_fqdn, null)
+}
+
+output "private_fqdn" {
+  description = "The FQDN for the Kubernetes Cluster when private link has been enabled"
+  value       = try(azurerm_kubernetes_cluster.this.private_fqdn, null)
 }
 
 output "resource_id" {
-  description = "The `azurerm_kubernetes_cluster`'s resource id."
+  description = "The Kubernetes Managed Cluster ID."
   value       = azurerm_kubernetes_cluster.this.id
 }
+
+output "web_app_routing_web_app_routing_identity_client_id" {
+  description = "The Client ID of the user-defined Managed Identity used for Web App Routing"
+  value       = try(azurerm_kubernetes_cluster.this.web_app_routing[0].web_app_routing_identity[0].client_id, null)
+}
+
+output "web_app_routing_web_app_routing_identity_object_id" {
+  description = "The Object ID of the user-defined Managed Identity used for Web App Routing"
+  value       = try(azurerm_kubernetes_cluster.this.web_app_routing[0].web_app_routing_identity[0].object_id, null)
+}
+
+output "web_app_routing_web_app_routing_identity_user_assigned_identity_id" {
+  description = "The ID of the User Assigned Identity used for Web App Routing"
+  value       = try(azurerm_kubernetes_cluster.this.web_app_routing[0].web_app_routing_identity[0].user_assigned_identity_id, null)
+}