From 1680793dbf094b5481daca1b1e44e797adcea2c3 Mon Sep 17 00:00:00 2001 From: Sivaanand Murugesan Date: Wed, 11 Oct 2023 13:43:54 +0530 Subject: [PATCH 1/2] PLT-720: Added support for private access cidrs --- spectrocloud/resource_cluster_eks.go | 32 ++++++++-- .../resource_cluster_eks_flatten_test.go | 62 +++++++++++++++++++ 2 files changed, 90 insertions(+), 4 deletions(-) diff --git a/spectrocloud/resource_cluster_eks.go b/spectrocloud/resource_cluster_eks.go index b13538a0..fa7f8a19 100644 --- a/spectrocloud/resource_cluster_eks.go +++ b/spectrocloud/resource_cluster_eks.go @@ -162,10 +162,21 @@ func resourceClusterEks() *schema.Resource { Default: "public", }, "public_access_cidrs": { - Type: schema.TypeSet, - Optional: true, - ForceNew: true, - Set: schema.HashString, + Type: schema.TypeSet, + Optional: true, + ForceNew: true, + Set: schema.HashString, + Description: "List of CIDR blocks that define the allowed public access to the resource. Requests originating from addresses within these CIDR blocks will be permitted to access the resource. All other addresses will be denied access.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "private_access_cidrs": { + Type: schema.TypeSet, + Optional: true, + ForceNew: true, + Set: schema.HashString, + Description: "List of CIDR blocks that define the allowed private access to the resource. Only requests originating from addresses within these CIDR blocks will be permitted to access the resource.", Elem: &schema.Schema{ Type: schema.TypeString, }, @@ -427,6 +438,11 @@ func flattenClusterConfigsEKS(cloudConfig *models.V1EksCloudConfig) interface{} ret["public_access_cidrs"] = cloudConfig.Spec.ClusterConfig.EndpointAccess.PublicCIDRs } + ret["private_access_cidrs"] = make([]string, 0) + if cloudConfig.Spec.ClusterConfig.EndpointAccess.PrivateCIDRs != nil { + ret["private_access_cidrs"] = cloudConfig.Spec.ClusterConfig.EndpointAccess.PrivateCIDRs + } + for _, pool := range cloudConfig.Spec.MachinePoolConfig { if pool.Name == "master-pool" { ret["az_subnets"] = pool.SubnetIds @@ -722,6 +738,14 @@ func toEksCluster(c *client.V1Client, d *schema.ResourceData) (*models.V1Spectro access.PublicCIDRs = cidrs } + if cloudConfig["private_access_cidrs"] != nil { + cidrs := make([]string, 0, 1) + for _, cidr := range cloudConfig["private_access_cidrs"].(*schema.Set).List() { + cidrs = append(cidrs, cidr.(string)) + } + access.PrivateCIDRs = cidrs + } + cluster.Spec.CloudConfig.EndpointAccess = access machinePoolConfigs := make([]*models.V1EksMachinePoolConfigEntity, 0) diff --git a/spectrocloud/resource_cluster_eks_flatten_test.go b/spectrocloud/resource_cluster_eks_flatten_test.go index 90d0bea1..8e4656bd 100644 --- a/spectrocloud/resource_cluster_eks_flatten_test.go +++ b/spectrocloud/resource_cluster_eks_flatten_test.go @@ -178,3 +178,65 @@ func TestFlattenClusterConfigsEKS(t *testing.T) { }) } } + +func TestFlattenClusterConfigsEKSPrivateCIDRS(t *testing.T) { + testCases := []struct { + name string + input *models.V1EksCloudConfig + expected []interface{} + }{ + { + name: "nil input", + input: nil, + expected: []interface{}{}, + }, + { + name: "non-empty input", + input: &models.V1EksCloudConfig{ + Spec: &models.V1EksCloudConfigSpec{ + ClusterConfig: &models.V1EksClusterConfig{ + Region: types.Ptr("us-west-2"), + EndpointAccess: &models.V1EksClusterConfigEndpointAccess{ + PrivateCIDRs: []string{"172.23.12.12/0"}, + Private: true, + Public: false, + }, + EncryptionConfig: &models.V1EncryptionConfig{ + IsEnabled: true, + Provider: "arn:aws:kms:us-west-2:123456789012:key/abcd1234-a123-456a-a12b-a123b4cd56ef", + }, + VpcID: "vpc-0abcd1234ef56789", + SSHKeyName: "my-key-pair", + }, + MachinePoolConfig: []*models.V1EksMachinePoolConfig{ + { + Name: "master-pool", + SubnetIds: map[string]string{"subnet-12345678": "subnet-87654321"}, + }, + }, + }, + }, + expected: []interface{}{ + map[string]interface{}{ + "region": "us-west-2", + "public_access_cidrs": []string{}, + "private_access_cidrs": []string{"172.23.12.12/0"}, + "az_subnets": map[string]string{"subnet-12345678": "subnet-87654321"}, + "encryption_config_arn": "arn:aws:kms:us-west-2:123456789012:key/abcd1234-a123-456a-a12b-a123b4cd56ef", + "endpoint_access": "private", + "vpc_id": "vpc-0abcd1234ef56789", + "ssh_key_name": "my-key-pair", + }, + }, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + result := flattenClusterConfigsEKS(tc.input) + if !cmp.Equal(result, tc.expected) { + t.Errorf("Unexpected result (-want +got):\n%s", cmp.Diff(tc.expected, result)) + } + }) + } +} From 857ad6239f43670ad9b86c839f7571e8b6dda09a Mon Sep 17 00:00:00 2001 From: Sivaanand Murugesan Date: Wed, 11 Oct 2023 15:00:26 +0530 Subject: [PATCH 2/2] fixing unit test --- spectrocloud/resource_cluster_eks_flatten_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/spectrocloud/resource_cluster_eks_flatten_test.go b/spectrocloud/resource_cluster_eks_flatten_test.go index 8e4656bd..26ae2f19 100644 --- a/spectrocloud/resource_cluster_eks_flatten_test.go +++ b/spectrocloud/resource_cluster_eks_flatten_test.go @@ -158,6 +158,7 @@ func TestFlattenClusterConfigsEKS(t *testing.T) { expected: []interface{}{ map[string]interface{}{ "region": "us-west-2", + "private_access_cidrs": []string{}, "public_access_cidrs": []string{"0.0.0.0/0"}, "az_subnets": map[string]string{"subnet-12345678": "subnet-87654321"}, "encryption_config_arn": "arn:aws:kms:us-west-2:123456789012:key/abcd1234-a123-456a-a12b-a123b4cd56ef",