Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove force new on eks vpc change #34209

Merged
merged 11 commits into from
Nov 6, 2023
Merged

Remove force new on eks vpc change #34209

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
83363c7
Remove force new on eks vpc change
danquack Nov 1, 2023
bdaed35
changelog and updates
danquack Nov 1, 2023
bb5c2bf
linting, fix test reference
danquack Nov 1, 2023
1403e13
Add security group and subnet ids to update
danquack Nov 1, 2023
10eb97a
per change update due to idempotency
danquack Nov 2, 2023
f3e79c0
remove unused param
danquack Nov 2, 2023
3893d95
Merge branch 'main' into HEAD
ewbankkit Nov 6, 2023
8330928
Tweak CHANGELOG entry.
ewbankkit Nov 6, 2023
77abffd
r/aws_eks_cluster: Cosmetics.
ewbankkit Nov 6, 2023
ae4a921
r/aws_eks_cluster: Test in-place update of subnet IDs.
ewbankkit Nov 6, 2023
9a32c01
Correct 'TestAccEKSCluster_VPC_securityGroupIDsAndSubnetIDs_update'.
ewbankkit Nov 6, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .changelog/32409.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:enhancement
resource/aws_eks_cluster: Allow `vpc_config.security_group_ids` and `vpc_config.subnet_ids` to be updated in-place
```
93 changes: 51 additions & 42 deletions internal/service/eks/cluster.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ package eks

import (
"context"
"fmt"
"log"
"time"

Expand Down Expand Up @@ -270,13 +271,11 @@ func ResourceCluster() *schema.Resource {
"security_group_ids": {
Type: schema.TypeSet,
Optional: true,
ForceNew: true,
Elem: &schema.Schema{Type: schema.TypeString},
},
"subnet_ids": {
Type: schema.TypeSet,
Required: true,
ForceNew: true,
MinItems: 1,
Elem: &schema.Schema{Type: schema.TypeString},
},
Expand Down Expand Up @@ -434,9 +433,7 @@ func resourceClusterUpdate(ctx context.Context, d *schema.ResourceData, meta int

updateID := aws.StringValue(output.Update.Id)

_, err = waitClusterUpdateSuccessful(ctx, conn, d.Id(), updateID, d.Timeout(schema.TimeoutUpdate))

if err != nil {
if _, err := waitClusterUpdateSuccessful(ctx, conn, d.Id(), updateID, d.Timeout(schema.TimeoutUpdate)); err != nil {
return diag.Errorf("waiting for EKS Cluster (%s) version update (%s): %s", d.Id(), updateID, err)
}
}
Expand All @@ -458,9 +455,7 @@ func resourceClusterUpdate(ctx context.Context, d *schema.ResourceData, meta int

updateID := aws.StringValue(output.Update.Id)

_, err = waitClusterUpdateSuccessful(ctx, conn, d.Id(), updateID, d.Timeout(schema.TimeoutUpdate))

if err != nil {
if _, err := waitClusterUpdateSuccessful(ctx, conn, d.Id(), updateID, d.Timeout(schema.TimeoutUpdate)); err != nil {
return diag.Errorf("waiting for EKS Cluster (%s) encryption config association (%s): %s", d.Id(), updateID, err)
}
}
Expand All @@ -480,31 +475,43 @@ func resourceClusterUpdate(ctx context.Context, d *schema.ResourceData, meta int

updateID := aws.StringValue(output.Update.Id)

_, err = waitClusterUpdateSuccessful(ctx, conn, d.Id(), updateID, d.Timeout(schema.TimeoutUpdate))

if err != nil {
if _, err := waitClusterUpdateSuccessful(ctx, conn, d.Id(), updateID, d.Timeout(schema.TimeoutUpdate)); err != nil {
return diag.Errorf("waiting for EKS Cluster (%s) logging update (%s): %s", d.Id(), updateID, err)
}
}

if d.HasChanges("vpc_config.0.endpoint_private_access", "vpc_config.0.endpoint_public_access", "vpc_config.0.public_access_cidrs") {
input := &eks.UpdateClusterConfigInput{
Name: aws.String(d.Id()),
ResourcesVpcConfig: expandVPCConfigRequestForUpdate(d.Get("vpc_config").([]interface{})),
config := &eks.VpcConfigRequest{
EndpointPrivateAccess: aws.Bool(d.Get("vpc_config.0.endpoint_private_access").(bool)),
EndpointPublicAccess: aws.Bool(d.Get("vpc_config.0.endpoint_public_access").(bool)),
}

output, err := conn.UpdateClusterConfigWithContext(ctx, input)
if v, ok := d.GetOk("vpc_config.0.public_access_cidrs"); ok && v.(*schema.Set).Len() > 0 {
config.PublicAccessCidrs = flex.ExpandStringSet(v.(*schema.Set))
}

if err != nil {
return diag.Errorf("updating EKS Cluster (%s) VPC config: %s", d.Id(), err)
if err := updateVPCConfig(ctx, conn, d.Id(), config, d.Timeout(schema.TimeoutUpdate)); err != nil {
return diag.FromErr(err)
}
}

updateID := aws.StringValue(output.Update.Id)
// API only allows one type of update at at time.
if d.HasChange("vpc_config.0.subnet_ids") {
config := &eks.VpcConfigRequest{
SubnetIds: flex.ExpandStringSet(d.Get("vpc_config.0.subnet_ids").(*schema.Set)),
}

_, err = waitClusterUpdateSuccessful(ctx, conn, d.Id(), updateID, d.Timeout(schema.TimeoutUpdate))
if err := updateVPCConfig(ctx, conn, d.Id(), config, d.Timeout(schema.TimeoutUpdate)); err != nil {
return diag.FromErr(err)
}
}

if err != nil {
return diag.Errorf("waiting for EKS Cluster (%s) VPC config update (%s): %s", d.Id(), updateID, err)
if d.HasChange("vpc_config.0.security_group_ids") {
config := &eks.VpcConfigRequest{
SecurityGroupIds: flex.ExpandStringSet(d.Get("vpc_config.0.security_group_ids").(*schema.Set)),
}

if err := updateVPCConfig(ctx, conn, d.Id(), config, d.Timeout(schema.TimeoutUpdate)); err != nil {
return diag.FromErr(err)
}
}

Expand Down Expand Up @@ -556,7 +563,7 @@ func resourceClusterDelete(ctx context.Context, d *schema.ResourceData, meta int
return diag.Errorf("deleting EKS Cluster (%s): %s", d.Id(), err)
}

if _, err = waitClusterDeleted(ctx, conn, d.Id(), d.Timeout(schema.TimeoutDelete)); err != nil {
if _, err := waitClusterDeleted(ctx, conn, d.Id(), d.Timeout(schema.TimeoutDelete)); err != nil {
return diag.Errorf("waiting for EKS Cluster (%s) delete: %s", d.Id(), err)
}

Expand Down Expand Up @@ -590,6 +597,27 @@ func FindClusterByName(ctx context.Context, conn *eks.EKS, name string) (*eks.Cl
return output.Cluster, nil
}

func updateVPCConfig(ctx context.Context, conn *eks.EKS, name string, config *eks.VpcConfigRequest, timeout time.Duration) error {
input := &eks.UpdateClusterConfigInput{
Name: aws.String(name),
ResourcesVpcConfig: config,
}

output, err := conn.UpdateClusterConfigWithContext(ctx, input)

if err != nil {
return fmt.Errorf("updating EKS Cluster (%s) VPC config: %s", name, err)
}

updateID := aws.StringValue(output.Update.Id)

if _, err := waitClusterUpdateSuccessful(ctx, conn, name, updateID, timeout); err != nil {
return fmt.Errorf("waiting for EKS Cluster (%s) VPC config update (%s): %s", name, updateID, err)
}

return nil
}

func findClusterUpdateByTwoPartKey(ctx context.Context, conn *eks.EKS, name, id string) (*eks.Update, error) {
input := &eks.DescribeUpdateInput{
Name: aws.String(name),
Expand Down Expand Up @@ -812,25 +840,6 @@ func expandVPCConfigRequestForCreate(l []interface{}) *eks.VpcConfigRequest {
return vpcConfigRequest
}

func expandVPCConfigRequestForUpdate(l []interface{}) *eks.VpcConfigRequest {
if len(l) == 0 {
return nil
}

m := l[0].(map[string]interface{})

vpcConfigRequest := &eks.VpcConfigRequest{
EndpointPrivateAccess: aws.Bool(m["endpoint_private_access"].(bool)),
EndpointPublicAccess: aws.Bool(m["endpoint_public_access"].(bool)),
}

if v, ok := m["public_access_cidrs"].(*schema.Set); ok && v.Len() > 0 {
vpcConfigRequest.PublicAccessCidrs = flex.ExpandStringSet(v)
}

return vpcConfigRequest
}

func expandKubernetesNetworkConfigRequest(tfList []interface{}) *eks.KubernetesNetworkConfigRequest {
tfMap, ok := tfList[0].(map[string]interface{})

Expand Down
Loading
Loading