Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

EKS supports adding KMS envelope encryption to existing clusters #19144

Merged
merged 20 commits into from
Jun 23, 2021
Merged

EKS supports adding KMS envelope encryption to existing clusters #19144

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
cdeb9cb
EKS supports adding KMS envelope encryption to existing clusters
voidlily Apr 28, 2021
8ac9ea3
Add api calls to update encryption config
voidlily May 3, 2021
8ee979a
Add CHANGELOG entry.
ewbankkit Jun 17, 2021
f318dec
Add 'tfeks.Resources_Values()'.
ewbankkit Jun 17, 2021
18655a1
r/aws_eks_cluster: Call resource Delete method in acceptance test swe…
ewbankkit Jun 17, 2021
2687259
r/aws_eks_cluster: Parallelize acceptance test sweeper.
ewbankkit Jun 17, 2021
2ac70f7
r/aws_eks_cluster: Add and use internal finder package. Add '_disappe…
ewbankkit Jun 18, 2021
f4ac852
Additional waiters.
ewbankkit Jun 18, 2021
f685bcd
Add unit tests.
ewbankkit Jun 18, 2021
46eea7a
Tweak use of 'tfresource.SetLastError'.
ewbankkit Jun 18, 2021
716e267
Add and use waiters in 'internal/service/eks'.
ewbankkit Jun 18, 2021
7723e0e
r/aws_eks_cluster: Add 'TestAccAWSEksCluster_EncryptionConfig_Update'.
ewbankkit Jun 18, 2021
45c5a0a
r/aws_eks_cluster: You cannot disable envelope encryption after enabl…
ewbankkit Jun 18, 2021
f8a4f01
r/aws_eks_fargate_profile: Use internal waiter package.
ewbankkit Jun 20, 2021
b3d3054
r/aws_eks_node_group: Use internal waiter package.
ewbankkit Jun 20, 2021
81a9cf6
EKS updates are per resource type.
ewbankkit Jun 20, 2021
21297cc
r/aws_eks_addon: Use internal waiter package.
ewbankkit Jun 21, 2021
5feb7af
d/aws_eks_addon: Use internal finder package.
ewbankkit Jun 21, 2021
d0c797c
d/aws_eks_cluster: Use internal finder package.
ewbankkit Jun 21, 2021
3bebba3
Minor fixes after running all acceptance tests.
ewbankkit Jun 22, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .changelog/19144.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:enhancement
resource/aws_eks_cluster: Allow updates to `encryption_config`
```
45 changes: 19 additions & 26 deletions aws/data_source_aws_eks_addon.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,12 @@ import (
"time"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/eks"
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
"github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags"
tfeks "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/eks"
"github.com/terraform-providers/terraform-provider-aws/aws/internal/service/eks/finder"
)

func dataSourceAwsEksAddon() *schema.Resource {
Expand All @@ -22,23 +23,19 @@ func dataSourceAwsEksAddon() *schema.Resource {
Required: true,
ValidateFunc: validation.NoZeroValues,
},
"cluster_name": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validateEKSClusterName,
},
"arn": {
Type: schema.TypeString,
Computed: true,
},
"addon_version": {
Type: schema.TypeString,
Computed: true,
},
"service_account_role_arn": {
"arn": {
Type: schema.TypeString,
Computed: true,
},
"cluster_name": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validateEKSClusterName,
},
"created_at": {
Type: schema.TypeString,
Computed: true,
Expand All @@ -47,6 +44,10 @@ func dataSourceAwsEksAddon() *schema.Resource {
Type: schema.TypeString,
Computed: true,
},
"service_account_role_arn": {
Type: schema.TypeString,
Computed: true,
},
"tags": tagsSchemaComputed(),
},
}
Expand All @@ -58,31 +59,23 @@ func dataSourceAwsEksAddonRead(ctx context.Context, d *schema.ResourceData, meta

addonName := d.Get("addon_name").(string)
clusterName := d.Get("cluster_name").(string)
id := tfeks.AddonCreateResourceID(clusterName, addonName)

input := &eks.DescribeAddonInput{
AddonName: aws.String(addonName),
ClusterName: aws.String(clusterName),
}
addon, err := finder.AddonByClusterNameAndAddonName(ctx, conn, clusterName, addonName)

output, err := conn.DescribeAddonWithContext(ctx, input)
if err != nil {
return diag.FromErr(fmt.Errorf("error reading EKS Addon (%s): %w", addonName, err))
return diag.FromErr(fmt.Errorf("error reading EKS Add-On (%s): %w", id, err))
}

addon := output.Addon
if addon == nil {
return diag.FromErr(fmt.Errorf("EKS Addon (%s) not found", addonName))
}

d.SetId(fmt.Sprintf("%s:%s", clusterName, addonName))
d.Set("arn", addon.AddonArn)
d.SetId(id)
d.Set("addon_version", addon.AddonVersion)
d.Set("service_account_role_arn", addon.ServiceAccountRoleArn)
d.Set("arn", addon.AddonArn)
d.Set("created_at", aws.TimeValue(addon.CreatedAt).Format(time.RFC3339))
d.Set("modified_at", aws.TimeValue(addon.ModifiedAt).Format(time.RFC3339))
d.Set("service_account_role_arn", addon.ServiceAccountRoleArn)

if err := d.Set("tags", keyvaluetags.EksKeyValueTags(addon.Tags).IgnoreAws().IgnoreConfig(ignoreTagsConfig).Map()); err != nil {
return diag.FromErr(fmt.Errorf("error setting tags attribute: %w", err))
return diag.FromErr(fmt.Errorf("error setting tags: %w", err))
}

return nil
Expand Down
43 changes: 17 additions & 26 deletions aws/data_source_aws_eks_cluster.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,11 @@ package aws

import (
"fmt"
"log"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/eks"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags"
"github.com/terraform-providers/terraform-provider-aws/aws/internal/service/eks/finder"
)

func dataSourceAwsEksCluster() *schema.Resource {
Expand Down Expand Up @@ -95,6 +94,10 @@ func dataSourceAwsEksCluster() *schema.Resource {
Computed: true,
},
"tags": tagsSchemaComputed(),
"version": {
Type: schema.TypeString,
Computed: true,
},
"vpc_config": {
Type: schema.TypeList,
Computed: true,
Expand All @@ -112,17 +115,17 @@ func dataSourceAwsEksCluster() *schema.Resource {
Type: schema.TypeBool,
Computed: true,
},
"security_group_ids": {
"public_access_cidrs": {
Type: schema.TypeSet,
Computed: true,
Elem: &schema.Schema{Type: schema.TypeString},
},
"subnet_ids": {
"security_group_ids": {
Type: schema.TypeSet,
Computed: true,
Elem: &schema.Schema{Type: schema.TypeString},
},
"public_access_cidrs": {
"subnet_ids": {
Type: schema.TypeSet,
Computed: true,
Elem: &schema.Schema{Type: schema.TypeString},
Expand All @@ -134,10 +137,6 @@ func dataSourceAwsEksCluster() *schema.Resource {
},
},
},
"version": {
Type: schema.TypeString,
Computed: true,
},
},
}
}
Expand All @@ -147,22 +146,12 @@ func dataSourceAwsEksClusterRead(d *schema.ResourceData, meta interface{}) error
ignoreTagsConfig := meta.(*AWSClient).IgnoreTagsConfig

name := d.Get("name").(string)
cluster, err := finder.ClusterByName(conn, name)

input := &eks.DescribeClusterInput{
Name: aws.String(name),
}

log.Printf("[DEBUG] Reading EKS Cluster: %s", input)
output, err := conn.DescribeCluster(input)
if err != nil {
return fmt.Errorf("error reading EKS Cluster (%s): %w", name, err)
}

cluster := output.Cluster
if cluster == nil {
return fmt.Errorf("EKS Cluster (%s) not found", name)
}

d.SetId(name)
d.Set("arn", cluster.Arn)

Expand All @@ -171,32 +160,34 @@ func dataSourceAwsEksClusterRead(d *schema.ResourceData, meta interface{}) error
}

d.Set("created_at", aws.TimeValue(cluster.CreatedAt).String())

if err := d.Set("enabled_cluster_log_types", flattenEksEnabledLogTypes(cluster.Logging)); err != nil {
return fmt.Errorf("error setting enabled_cluster_log_types: %w", err)
}

d.Set("endpoint", cluster.Endpoint)

if err := d.Set("identity", flattenEksIdentity(cluster.Identity)); err != nil {
return fmt.Errorf("error setting identity: %w", err)
}

if err := d.Set("kubernetes_network_config", flattenEksNetworkConfig(cluster.KubernetesNetworkConfig)); err != nil {
return fmt.Errorf("error setting kubernetes_network_config: %w", err)
}

d.Set("name", cluster.Name)
d.Set("platform_version", cluster.PlatformVersion)
d.Set("role_arn", cluster.RoleArn)
d.Set("status", cluster.Status)

if err := d.Set("tags", keyvaluetags.EksKeyValueTags(cluster.Tags).IgnoreAws().IgnoreConfig(ignoreTagsConfig).Map()); err != nil {
return fmt.Errorf("error setting tags: %w", err)
}

d.Set("version", cluster.Version)

if err := d.Set("vpc_config", flattenEksVpcConfigResponse(cluster.ResourcesVpcConfig)); err != nil {
return fmt.Errorf("error setting vpc_config: %w", err)
}

if err := d.Set("kubernetes_network_config", flattenEksNetworkConfig(cluster.KubernetesNetworkConfig)); err != nil {
return fmt.Errorf("error setting kubernetes_network_config: %w", err)
if err := d.Set("tags", keyvaluetags.EksKeyValueTags(cluster.Tags).IgnoreAws().IgnoreConfig(ignoreTagsConfig).Map()); err != nil {
return fmt.Errorf("error setting tags: %w", err)
}

return nil
Expand Down
9 changes: 3 additions & 6 deletions aws/data_source_aws_eks_cluster_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
package aws

import (
"fmt"
"regexp"
"testing"

Expand All @@ -11,7 +10,7 @@ import (
)

func TestAccAWSEksClusterDataSource_basic(t *testing.T) {
rName := fmt.Sprintf("tf-acc-test-%s", acctest.RandString(5))
rName := acctest.RandomWithPrefix("tf-acc-test")
dataSourceResourceName := "data.aws_eks_cluster.test"
resourceName := "aws_eks_cluster.test"

Expand Down Expand Up @@ -57,11 +56,9 @@ func TestAccAWSEksClusterDataSource_basic(t *testing.T) {
}

func testAccAWSEksClusterDataSourceConfig_Basic(rName string) string {
return fmt.Sprintf(`
%[1]s

return composeConfig(testAccAWSEksClusterConfig_Logging(rName, []string{"api", "audit"}), `
data "aws_eks_cluster" "test" {
name = aws_eks_cluster.test.name
}
`, testAccAWSEksClusterConfig_Logging(rName, []string{"api", "audit"}))
`)
}
2 changes: 1 addition & 1 deletion aws/internal/service/amplify/waiter/waiter.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ func DomainAssociationCreated(conn *amplify.Amplify, appID, domainName string) (
outputRaw, err := stateConf.WaitForState()

if v, ok := outputRaw.(*amplify.DomainAssociation); ok {
if v != nil && aws.StringValue(v.DomainStatus) == amplify.DomainStatusFailed {
if status := aws.StringValue(v.DomainStatus); status == amplify.DomainStatusFailed {
tfresource.SetLastError(err, errors.New(aws.StringValue(v.StatusReason)))
}

Expand Down
10 changes: 5 additions & 5 deletions aws/internal/service/ec2/waiter/waiter.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -358,7 +358,7 @@ func RouteTableAssociationCreated(conn *ec2.EC2, id string) (*ec2.RouteTableAsso
outputRaw, err := stateConf.WaitForState()

if output, ok := outputRaw.(*ec2.RouteTableAssociationState); ok {
if output != nil && aws.StringValue(output.State) == ec2.RouteTableAssociationStateCodeFailed {
if state := aws.StringValue(output.State); state == ec2.RouteTableAssociationStateCodeFailed {
tfresource.SetLastError(err, errors.New(aws.StringValue(output.StatusMessage)))
}

Expand All @@ -379,7 +379,7 @@ func RouteTableAssociationDeleted(conn *ec2.EC2, id string) (*ec2.RouteTableAsso
outputRaw, err := stateConf.WaitForState()

if output, ok := outputRaw.(*ec2.RouteTableAssociationState); ok {
if output != nil && aws.StringValue(output.State) == ec2.RouteTableAssociationStateCodeFailed {
if state := aws.StringValue(output.State); state == ec2.RouteTableAssociationStateCodeFailed {
tfresource.SetLastError(err, errors.New(aws.StringValue(output.StatusMessage)))
}

Expand All @@ -400,7 +400,7 @@ func RouteTableAssociationUpdated(conn *ec2.EC2, id string) (*ec2.RouteTableAsso
outputRaw, err := stateConf.WaitForState()

if output, ok := outputRaw.(*ec2.RouteTableAssociationState); ok {
if output != nil && aws.StringValue(output.State) == ec2.RouteTableAssociationStateCodeFailed {
if state := aws.StringValue(output.State); state == ec2.RouteTableAssociationStateCodeFailed {
tfresource.SetLastError(err, errors.New(aws.StringValue(output.StatusMessage)))
}

Expand Down Expand Up @@ -704,8 +704,8 @@ func VpcEndpointAccepted(conn *ec2.EC2, vpcEndpointID string, timeout time.Durat
outputRaw, err := stateConf.WaitForState()

if output, ok := outputRaw.(*ec2.VpcEndpoint); ok {
if output != nil && aws.StringValue(output.State) == tfec2.VpcEndpointStateFailed && output.LastError != nil {
tfresource.SetLastError(err, fmt.Errorf("%s: %s", aws.StringValue(output.LastError.Code), aws.StringValue(output.LastError.Message)))
if state, lastError := aws.StringValue(output.State), output.LastError; state == tfec2.VpcEndpointStateFailed && lastError != nil {
tfresource.SetLastError(err, fmt.Errorf("%s: %s", aws.StringValue(lastError.Code), aws.StringValue(lastError.Message)))
}

return output, err
Expand Down
11 changes: 11 additions & 0 deletions aws/internal/service/eks/enum.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
package eks

const (
ResourcesSecrets = "secrets"
)

func Resources_Values() []string {
return []string{
ResourcesSecrets,
}
}
Loading