[Disable Sudo] Support Update for DisableSudoAccessForDefaultUser (aw…

…s#6016)

Co-authored-by: Himani Deshpande <[email protected]>

cli/src/pcluster/schemas/cluster_schema.py

@@ -1919,7 +1919,7 @@ class ClusterSchema(BaseSchema):
     dev_settings = fields.Nested(ClusterDevSettingsSchema, metadata={"update_policy": UpdatePolicy.SUPPORTED})
     deployment_settings = fields.Nested(DeploymentSettingsSchema, metadata={"update_policy": UpdatePolicy.UNSUPPORTED})
     disable_sudo_access_default_user = fields.Bool(
-        data_key="DisableSudoAccessForDefaultUser", default=False, metadata={"update_policy": UpdatePolicy.UNSUPPORTED}
+        data_key="DisableSudoAccessForDefaultUser", default=False, metadata={"update_policy": UpdatePolicy.SUPPORTED}
     )
 
     def __init__(self, cluster_name: str):

tests/integration-tests/tests/create/test_create.py

@@ -16,7 +16,7 @@
 from assertpy import assert_that
 from constants import NodeType
 from remote_command_executor import RemoteCommandExecutor
-from utils import get_username_for_os
+from utils import get_username_for_os, wait_for_computefleet_changed
 
 from tests.common.assertions import (
     assert_aws_identity_access_is_correct,
@@ -128,15 +128,44 @@ def test_create_disable_sudo_access_for_default_user(
     Verify that the cluster removes the Sudo access for default user
     in all the nodes of the Cluster if the DisableSudoAccessForDefaultUser is enabled.
     """
+    login_node_count = 1
     disable_sudo_access_default_user = True
-    cluster_config = pcluster_config_reader(disable_sudo_access_default_user=disable_sudo_access_default_user)
+    cluster_config = pcluster_config_reader(
+        disable_sudo_access_default_user=disable_sudo_access_default_user, login_node_count=login_node_count
+    )
     cluster = clusters_factory(cluster_config)
 
     logging.info("Checking default user has disabled sudo access after cluster creation")
     assert_head_node_is_running(region, cluster)
     for node_type in NodeType:
         assert_default_user_has_desired_sudo_access(cluster, node_type, region, disable_sudo_access_default_user)
 
+    logging.info("Updating Cluster to enable sudo access")
+    # Compute fleet shutdown
+    cluster.stop()
+    wait_for_computefleet_changed(cluster, "STOPPED")
+    # Login node stop
+    login_node_count = 0
+    disable_sudo_access_default_user = not disable_sudo_access_default_user
+    updated_config_file = pcluster_config_reader(
+        disable_sudo_access_default_user=disable_sudo_access_default_user, login_node_count=login_node_count
+    )
+    cluster.update(str(updated_config_file), force_update="true")
+    # Start Login Node
+    login_node_count = 1
+    updated_config_file = pcluster_config_reader(
+        disable_sudo_access_default_user=disable_sudo_access_default_user,
+        login_node_count=login_node_count,
+    )
+    cluster.update(str(updated_config_file), force_update="true")
+    # Compute fleet Start
+    cluster.start()
+    wait_for_computefleet_changed(cluster, "RUNNING")
+
+    logging.info("Checking default user's sudo access after cluster Update")
+    for node_type in NodeType:
+        assert_default_user_has_desired_sudo_access(cluster, node_type, region, disable_sudo_access_default_user)
+
 
 @pytest.mark.usefixtures("instance", "os", "scheduler")
 def test_cluster_creation_with_problematic_preinstall_script(

tests/integration-tests/tests/create/test_create/test_create_disable_sudo_access_for_default_user/pcluster.config.yaml

@@ -4,7 +4,7 @@ LoginNodes:
   Pools:
     - Name: login
       InstanceType: t2.micro
-      Count: 1
+      Count: {{ login_node_count }}
       Networking:
         SubnetIds:
           - {{ public_subnet_id }}
@@ -30,3 +30,4 @@ Scheduling:
       Networking:
         SubnetIds:
           - {{ private_subnet_id }}
+DisableSudoAccessForDefaultUser: {{ disable_sudo_access_default_user }}