Remove redundant code

pkg/cfn/builder/managed_launch_template.go

@@ -46,43 +46,7 @@ func (m *ManagedNodeGroupResourceSet) makeLaunchTemplateData() (*gfnec2.LaunchTe
 	if mng.SSH != nil && api.IsSetAndNonEmptyString(mng.SSH.PublicKeyName) {
 		launchTemplateData.KeyName = gfnt.NewString(*mng.SSH.PublicKeyName)
 
-		var sgIngressRules []gfnec2.SecurityGroup_Ingress
 		if *mng.SSH.Allow {
-			if len(mng.SSH.SourceSecurityGroupIDs) > 0 {
-				for _, sgID := range mng.SSH.SourceSecurityGroupIDs {
-					sgIngressRules = append(sgIngressRules, gfnec2.SecurityGroup_Ingress{
-						FromPort:              sgPortSSH,
-						ToPort:                sgPortSSH,
-						IpProtocol:            sgProtoTCP,
-						SourceSecurityGroupId: gfnt.NewString(sgID),
-					})
-				}
-			} else {
-				makeSSHIngress := func(cidrIP *gfnt.Value) gfnec2.SecurityGroup_Ingress {
-					return gfnec2.SecurityGroup_Ingress{
-						FromPort:   sgPortSSH,
-						ToPort:     sgPortSSH,
-						IpProtocol: sgProtoTCP,
-						CidrIp:     cidrIP,
-					}
-				}
-
-				if mng.PrivateNetworking {
-					allInternalIPv4 := gfnt.NewString(m.clusterConfig.VPC.CIDR.String())
-					sgIngressRules = []gfnec2.SecurityGroup_Ingress{makeSSHIngress(allInternalIPv4)}
-				} else {
-					sgIngressRules = []gfnec2.SecurityGroup_Ingress{
-						makeSSHIngress(sgSourceAnywhereIPv4),
-						{
-							FromPort:   sgPortSSH,
-							ToPort:     sgPortSSH,
-							IpProtocol: sgProtoTCP,
-							CidrIpv6:   sgSourceAnywhereIPv6,
-						},
-					}
-				}
-			}
-
 			sshRef := m.newResource("SSH", &gfnec2.SecurityGroup{
 				GroupName:            gfnt.MakeFnSubString(fmt.Sprintf("${%s}-remoteAccess", gfnt.StackName)),
 				VpcId:                makeImportValue(m.clusterStackName, outputs.ClusterVPC),
@@ -142,7 +106,6 @@ func (m *ManagedNodeGroupResourceSet) makeLaunchTemplateData() (*gfnec2.LaunchTe
 }
 
 func makeSSHIngressRules(n *api.NodeGroupBase, vpcCIDR, description string) []gfnec2.SecurityGroup_Ingress {
-	allInternalIPv4 := gfnt.NewString(vpcCIDR)
 	var sgIngressRules []gfnec2.SecurityGroup_Ingress
 	if *n.SSH.Allow {
 		if len(n.SSH.SourceSecurityGroupIDs) > 0 {
@@ -155,28 +118,31 @@ func makeSSHIngressRules(n *api.NodeGroupBase, vpcCIDR, description string) []gf
 				})
 			}
 		} else {
-			if n.PrivateNetworking {
-				sgIngressRules = append(sgIngressRules, gfnec2.SecurityGroup_Ingress{
-					CidrIp:      allInternalIPv4,
-					Description: gfnt.NewString("Allow SSH access to " + description + " (private, only inside VPC)"),
-					IpProtocol:  sgProtoTCP,
+			makeSSHIngress := func(cidrIP *gfnt.Value, sshDesc string) gfnec2.SecurityGroup_Ingress {
+				return gfnec2.SecurityGroup_Ingress{
 					FromPort:    sgPortSSH,
 					ToPort:      sgPortSSH,
-				})
-			} else {
-				sgIngressRules = append(sgIngressRules, gfnec2.SecurityGroup_Ingress{
-					CidrIp:      sgSourceAnywhereIPv4,
-					Description: gfnt.NewString("Allow SSH access to " + description),
 					IpProtocol:  sgProtoTCP,
-					FromPort:    sgPortSSH,
-					ToPort:      sgPortSSH,
-				}, gfnec2.SecurityGroup_Ingress{
-					CidrIpv6:    sgSourceAnywhereIPv6,
-					Description: gfnt.NewString("Allow SSH access to " + description),
-					IpProtocol:  sgProtoTCP,
-					FromPort:    sgPortSSH,
-					ToPort:      sgPortSSH,
-				})
+					CidrIp:      cidrIP,
+					Description: gfnt.NewString(sshDesc),
+				}
+			}
+
+			sshDesc := "Allow SSH access to " + description
+
+			if n.PrivateNetworking {
+				allInternalIPv4 := gfnt.NewString(vpcCIDR)
+				sgIngressRules = []gfnec2.SecurityGroup_Ingress{makeSSHIngress(allInternalIPv4, sshDesc+" (private, only inside VPC)")}
+			} else {
+				sgIngressRules = append(sgIngressRules,
+					makeSSHIngress(sgSourceAnywhereIPv4, sshDesc),
+					gfnec2.SecurityGroup_Ingress{
+						CidrIpv6:    sgSourceAnywhereIPv6,
+						Description: gfnt.NewString(sshDesc),
+						IpProtocol:  sgProtoTCP,
+						FromPort:    sgPortSSH,
+						ToPort:      sgPortSSH,
+					})
 			}
 		}
 	}