Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

resource/aws_eks_cluster: Add support for PublicAccessCidrs attribute in VpcConfig #11442

Merged
merged 6 commits into from
Jan 9, 2020
Merged

resource/aws_eks_cluster: Add support for PublicAccessCidrs attribute in VpcConfig #11442

merged 6 commits into from
Jan 9, 2020

Conversation

seddarj
Copy link

@seddarj seddarj commented Dec 31, 2019
edited
Loading

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

First time contributing to this project, let me know if anything needs changing.

This will only work once #11375 gets merged. #11375 has been merged, this PR has been rebased on master.

Closes #11397

Release note for CHANGELOG:

service/eks: Add support for public_access_cidrs attribute in vpc_config

Output from acceptance testing:

$ make testacc TEST=./aws TESTARGS='-run=TestAccAWSEksCluster_VpcConfig_PublicAccessCidrs'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSEksCluster_VpcConfig_PublicAccessCidrs -timeout 120m
=== RUN   TestAccAWSEksCluster_VpcConfig_PublicAccessCidrs
=== PAUSE TestAccAWSEksCluster_VpcConfig_PublicAccessCidrs
=== CONT  TestAccAWSEksCluster_VpcConfig_PublicAccessCidrs
--- PASS: TestAccAWSEksCluster_VpcConfig_PublicAccessCidrs (1264.51s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	1266.010s

@seddarj seddarj requested a review from a team December 31, 2019 08:56
@ghost ghost added needs-triage Waiting for first response or review from a maintainer. size/M Managed by automation to categorize the size of a PR. service/eks Issues and PRs that pertain to the eks service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. labels Dec 31, 2019
@seddarj seddarj force-pushed the eks-public-access-cidrs branch from 7e7be47 to c0780b5 Compare December 31, 2019 09:54
@ghost ghost added size/XXL Managed by automation to categorize the size of a PR. dependencies Used to indicate dependency changes. and removed size/M Managed by automation to categorize the size of a PR. labels Dec 31, 2019
@seddarj seddarj force-pushed the eks-public-access-cidrs branch 2 times, most recently from 2de76fb to a67f062 Compare December 31, 2019 12:39
@ghost ghost added size/M Managed by automation to categorize the size of a PR. and removed size/XXL Managed by automation to categorize the size of a PR. labels Dec 31, 2019
@seddarj seddarj mentioned this pull request Dec 31, 2019
Closed
@ghost ghost added the documentation Introduces or discusses updates to documentation. label Dec 31, 2019
@bflad bflad added enhancement Requests to existing resources that expand the functionality or scope. and removed dependencies Used to indicate dependency changes. needs-triage Waiting for first response or review from a maintainer. labels Jan 3, 2020
@seddarj seddarj force-pushed the eks-public-access-cidrs branch from e6fbf01 to 9f365c7 Compare January 3, 2020 13:29
@seddarj
Copy link
Author

seddarj commented Jan 3, 2020

Rebased on master following merge of #11375, ready for review ;-)

bflad
bflad suggested changes Jan 3, 2020
View reviewed changes
Copy link
Contributor

@bflad bflad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @seddarj 👋 Thank you for submitting this. The implementation looks great, just one testing change to ensure we cover updates of this attribute as well as ensuring the data source will work properly.

aws/resource_aws_eks_cluster.go Show resolved Hide resolved
aws/resource_aws_eks_cluster_test.go Outdated Show resolved Hide resolved
@bflad bflad self-assigned this Jan 3, 2020
@bflad bflad added the waiting-response Maintainers are waiting on response from community or contributor. label Jan 3, 2020
@bflad bflad added this to the v2.44.0 milestone Jan 3, 2020
@seddarj seddarj requested a review from bflad January 3, 2020 17:11
@seddarj
Copy link
Author

seddarj commented Jan 3, 2020

Thank you for the very detailed review @bflad. I've tried to accommodate all your remarks. Let me know if anything needs changing.

@ghost ghost removed the waiting-response Maintainers are waiting on response from community or contributor. label Jan 3, 2020
@seddarj seddarj force-pushed the eks-public-access-cidrs branch from f55b444 to cf8e3cb Compare January 3, 2020 17:29
@seddarj seddarj force-pushed the eks-public-access-cidrs branch from cf8e3cb to 45077b1 Compare January 3, 2020 17:39
bflad
bflad suggested changes Jan 3, 2020
View reviewed changes
Copy link
Contributor

@bflad bflad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi again 👋 When running the other acceptance tests for this resource, it looks like we need a slight tweak to how we send this parameter to prevent API errors. Hopefully last change needed. 🤞

aws/resource_aws_eks_cluster.go Outdated Show resolved Hide resolved
aws/resource_aws_eks_cluster.go Outdated Show resolved Hide resolved
@bflad bflad added the waiting-response Maintainers are waiting on response from community or contributor. label Jan 3, 2020
@seddarj
Copy link
Author

seddarj commented Jan 3, 2020

Hi again @bflad, I've committed the changes regarding the case where the list is empty. Thanks for your patience and guidance!

@ghost ghost removed the waiting-response Maintainers are waiting on response from community or contributor. label Jan 3, 2020
@seddarj seddarj requested a review from bflad January 3, 2020 21:51
bflad
bflad approved these changes Jan 9, 2020
View reviewed changes
Copy link
Contributor

@bflad bflad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the continued updates, @seddarj! The latest acceptance testing was still showing failures (noted below). Since this was close to completion and testing is lengthy, we went ahead and made the minor adjustments noted below so we can release this tomorrow. 🚀

Output from acceptance testing (after Computed: true additions):

--- PASS: TestAccAWSEksCluster_basic (1221.74s)
--- PASS: TestAccAWSEksCluster_Tags (1277.77s)
--- PASS: TestAccAWSEksClusterDataSource_basic (1277.90s)
--- PASS: TestAccAWSEksCluster_Logging (1278.03s)
--- PASS: TestAccAWSEksCluster_VpcConfig_SecurityGroupIds (1295.59s)
--- PASS: TestAccAWSEksCluster_VpcConfig_PublicAccessCidrs (1422.58s)
--- PASS: TestAccAWSEksCluster_VpcConfig_EndpointPublicAccess (1905.76s)
--- PASS: TestAccAWSEksCluster_VpcConfig_EndpointPrivateAccess (2322.50s)
--- PASS: TestAccAWSEksCluster_Version (2450.83s)

aws/data_source_aws_eks_cluster.go
@@ -114,6 +114,11 @@ func dataSourceAwsEksCluster() *schema.Resource {
Computed: true,
Elem: &schema.Schema{Type: schema.TypeString},
},
"public_access_cidrs": {
Type: schema.TypeSet,
Optional: true,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not a configurable argument in the data source, so we should use Computed: true instead.

Suggested change
Optional: true,
Computed: true,

aws/resource_aws_eks_cluster.go
@@ -145,6 +145,14 @@ func resourceAwsEksCluster() *schema.Resource {
MinItems: 1,
Elem: &schema.Schema{Type: schema.TypeString},
},
"public_access_cidrs": {
Type: schema.TypeSet,
Optional: true,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It appears that EKS provides a default 0.0.0.0/0 entry when this argument is not configured:

--- FAIL: TestAccAWSEksCluster_basic (1307.89s)
    testing.go:640: Step 0 error: After applying this step, the plan was not empty:
        
        DIFF:
        
        UPDATE: aws_eks_cluster.test
... omitted for clarity ...
          vpc_config.0.public_access_cidrs.#:     "1" => "0"
          vpc_config.0.public_access_cidrs.0:     "0.0.0.0/0" => ""
... omitted for clarity ...

Given that the Terraform Plugin SDK currently does not support a way to configure a Default for TypeList/TypeSet, our only recourse here is to add Computed: true to this for now.

Suggested change
Optional: true,
Optional: true,
Computed: true,

bflad added a commit that referenced this pull request Jan 9, 2020
@bflad
service/eks: Finish up public_access_cidrs implementation
ce59253 
Reference: #11397
Reference: #11442

Output from acceptance testing:

```
--- PASS: TestAccAWSEksCluster_basic (1221.74s)
--- PASS: TestAccAWSEksCluster_Tags (1277.77s)
--- PASS: TestAccAWSEksClusterDataSource_basic (1277.90s)
--- PASS: TestAccAWSEksCluster_Logging (1278.03s)
--- PASS: TestAccAWSEksCluster_VpcConfig_SecurityGroupIds (1295.59s)
--- PASS: TestAccAWSEksCluster_VpcConfig_PublicAccessCidrs (1422.58s)
--- PASS: TestAccAWSEksCluster_VpcConfig_EndpointPublicAccess (1905.76s)
--- PASS: TestAccAWSEksCluster_VpcConfig_EndpointPrivateAccess (2322.50s)
--- PASS: TestAccAWSEksCluster_Version (2450.83s)
```
@bflad bflad merged commit 1b11a03 into hashicorp:master Jan 9, 2020
bflad added a commit that referenced this pull request Jan 9, 2020
@bflad
Update CHANGELOG for #11442
246a597
@seddarj seddarj deleted the eks-public-access-cidrs branch January 10, 2020 13:43
@ghost
Copy link

ghost commented Jan 10, 2020

This has been released in version 2.44.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

@ghost
Copy link

ghost commented Mar 27, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Mar 27, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bflad bflad bflad approved these changes

Assignees

@bflad bflad

Labels
documentation Introduces or discusses updates to documentation. enhancement Requests to existing resources that expand the functionality or scope. service/eks Issues and PRs that pertain to the eks service. size/M Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Milestone
v2.44.0
Development

Successfully merging this pull request may close these issues.

Amazon EKS cluster public endpoint network access restriction via IPv4 address ranges
2 participants
@seddarj @bflad