PLT-720: Added support for private access cidrs

spectrocloud · Oct 11, 2023 · 1680793 · 1680793
1 parent 7c3ca4f
commit 1680793
Show file tree

Hide file tree

Showing 2 changed files with 90 additions and 4 deletions.
diff --git a/spectrocloud/resource_cluster_eks.go b/spectrocloud/resource_cluster_eks.go
@@ -162,10 +162,21 @@ func resourceClusterEks() *schema.Resource {
 							Default:      "public",
 						},
 						"public_access_cidrs": {
-							Type:     schema.TypeSet,
-							Optional: true,
-							ForceNew: true,
-							Set:      schema.HashString,
+							Type:        schema.TypeSet,
+							Optional:    true,
+							ForceNew:    true,
+							Set:         schema.HashString,
+							Description: "List of CIDR blocks that define the allowed public access to the resource. Requests originating from addresses within these CIDR blocks will be permitted to access the resource. All other addresses will be denied access.",
+							Elem: &schema.Schema{
+								Type: schema.TypeString,
+							},
+						},
+						"private_access_cidrs": {
+							Type:        schema.TypeSet,
+							Optional:    true,
+							ForceNew:    true,
+							Set:         schema.HashString,
+							Description: "List of CIDR blocks that define the allowed private access to the resource. Only requests originating from addresses within these CIDR blocks will be permitted to access the resource.",
 							Elem: &schema.Schema{
 								Type: schema.TypeString,
 							},
@@ -427,6 +438,11 @@ func flattenClusterConfigsEKS(cloudConfig *models.V1EksCloudConfig) interface{}
 		ret["public_access_cidrs"] = cloudConfig.Spec.ClusterConfig.EndpointAccess.PublicCIDRs
 	}
 
+	ret["private_access_cidrs"] = make([]string, 0)
+	if cloudConfig.Spec.ClusterConfig.EndpointAccess.PrivateCIDRs != nil {
+		ret["private_access_cidrs"] = cloudConfig.Spec.ClusterConfig.EndpointAccess.PrivateCIDRs
+	}
+
 	for _, pool := range cloudConfig.Spec.MachinePoolConfig {
 		if pool.Name == "master-pool" {
 			ret["az_subnets"] = pool.SubnetIds
@@ -722,6 +738,14 @@ func toEksCluster(c *client.V1Client, d *schema.ResourceData) (*models.V1Spectro
 		access.PublicCIDRs = cidrs
 	}
 
+	if cloudConfig["private_access_cidrs"] != nil {
+		cidrs := make([]string, 0, 1)
+		for _, cidr := range cloudConfig["private_access_cidrs"].(*schema.Set).List() {
+			cidrs = append(cidrs, cidr.(string))
+		}
+		access.PrivateCIDRs = cidrs
+	}
+
 	cluster.Spec.CloudConfig.EndpointAccess = access
 
 	machinePoolConfigs := make([]*models.V1EksMachinePoolConfigEntity, 0)

diff --git a/spectrocloud/resource_cluster_eks_flatten_test.go b/spectrocloud/resource_cluster_eks_flatten_test.go
@@ -178,3 +178,65 @@ func TestFlattenClusterConfigsEKS(t *testing.T) {
 		})
 	}
 }
+
+func TestFlattenClusterConfigsEKSPrivateCIDRS(t *testing.T) {
+	testCases := []struct {
+		name     string
+		input    *models.V1EksCloudConfig
+		expected []interface{}
+	}{
+		{
+			name:     "nil input",
+			input:    nil,
+			expected: []interface{}{},
+		},
+		{
+			name: "non-empty input",
+			input: &models.V1EksCloudConfig{
+				Spec: &models.V1EksCloudConfigSpec{
+					ClusterConfig: &models.V1EksClusterConfig{
+						Region: types.Ptr("us-west-2"),
+						EndpointAccess: &models.V1EksClusterConfigEndpointAccess{
+							PrivateCIDRs: []string{"172.23.12.12/0"},
+							Private:      true,
+							Public:       false,
+						},
+						EncryptionConfig: &models.V1EncryptionConfig{
+							IsEnabled: true,
+							Provider:  "arn:aws:kms:us-west-2:123456789012:key/abcd1234-a123-456a-a12b-a123b4cd56ef",
+						},
+						VpcID:      "vpc-0abcd1234ef56789",
+						SSHKeyName: "my-key-pair",
+					},
+					MachinePoolConfig: []*models.V1EksMachinePoolConfig{
+						{
+							Name:      "master-pool",
+							SubnetIds: map[string]string{"subnet-12345678": "subnet-87654321"},
+						},
+					},
+				},
+			},
+			expected: []interface{}{
+				map[string]interface{}{
+					"region":                "us-west-2",
+					"public_access_cidrs":   []string{},
+					"private_access_cidrs":  []string{"172.23.12.12/0"},
+					"az_subnets":            map[string]string{"subnet-12345678": "subnet-87654321"},
+					"encryption_config_arn": "arn:aws:kms:us-west-2:123456789012:key/abcd1234-a123-456a-a12b-a123b4cd56ef",
+					"endpoint_access":       "private",
+					"vpc_id":                "vpc-0abcd1234ef56789",
+					"ssh_key_name":          "my-key-pair",
+				},
+			},
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			result := flattenClusterConfigsEKS(tc.input)
+			if !cmp.Equal(result, tc.expected) {
+				t.Errorf("Unexpected result (-want +got):\n%s", cmp.Diff(tc.expected, result))
+			}
+		})
+	}
+}