From 8b380ea1826c6dd71abd6b3fb5f434b6f6678738 Mon Sep 17 00:00:00 2001
From: Himani Anil Deshpande <79726937+himani2411@users.noreply.github.com>
Date: Tue, 16 Jan 2024 14:11:03 -0500
Subject: [PATCH] [Disable Sudo] Support Update for
 DisableSudoAccessForDefaultUser (#6016)

Co-authored-by: Himani Deshpande <himanidp@amazon.com>
---
 cli/src/pcluster/schemas/cluster_schema.py    |  2 +-
 .../tests/create/test_create.py               | 33 +++++++++++++++++--
 .../pcluster.config.yaml                      |  3 +-
 3 files changed, 34 insertions(+), 4 deletions(-)

diff --git a/cli/src/pcluster/schemas/cluster_schema.py b/cli/src/pcluster/schemas/cluster_schema.py
index ec8743bd09..293397f05e 100644
--- a/cli/src/pcluster/schemas/cluster_schema.py
+++ b/cli/src/pcluster/schemas/cluster_schema.py
@@ -1919,7 +1919,7 @@ class ClusterSchema(BaseSchema):
     dev_settings = fields.Nested(ClusterDevSettingsSchema, metadata={"update_policy": UpdatePolicy.SUPPORTED})
     deployment_settings = fields.Nested(DeploymentSettingsSchema, metadata={"update_policy": UpdatePolicy.UNSUPPORTED})
     disable_sudo_access_default_user = fields.Bool(
-        data_key="DisableSudoAccessForDefaultUser", default=False, metadata={"update_policy": UpdatePolicy.UNSUPPORTED}
+        data_key="DisableSudoAccessForDefaultUser", default=False, metadata={"update_policy": UpdatePolicy.SUPPORTED}
     )
 
     def __init__(self, cluster_name: str):
diff --git a/tests/integration-tests/tests/create/test_create.py b/tests/integration-tests/tests/create/test_create.py
index 9cf21b43c0..62c175dc58 100644
--- a/tests/integration-tests/tests/create/test_create.py
+++ b/tests/integration-tests/tests/create/test_create.py
@@ -16,7 +16,7 @@
 from assertpy import assert_that
 from constants import NodeType
 from remote_command_executor import RemoteCommandExecutor
-from utils import get_username_for_os
+from utils import get_username_for_os, wait_for_computefleet_changed
 
 from tests.common.assertions import (
     assert_aws_identity_access_is_correct,
@@ -128,8 +128,11 @@ def test_create_disable_sudo_access_for_default_user(
     Verify that the cluster removes the Sudo access for default user
     in all the nodes of the Cluster if the DisableSudoAccessForDefaultUser is enabled.
     """
+    login_node_count = 1
     disable_sudo_access_default_user = True
-    cluster_config = pcluster_config_reader(disable_sudo_access_default_user=disable_sudo_access_default_user)
+    cluster_config = pcluster_config_reader(
+        disable_sudo_access_default_user=disable_sudo_access_default_user, login_node_count=login_node_count
+    )
     cluster = clusters_factory(cluster_config)
 
     logging.info("Checking default user has disabled sudo access after cluster creation")
@@ -137,6 +140,32 @@ def test_create_disable_sudo_access_for_default_user(
     for node_type in NodeType:
         assert_default_user_has_desired_sudo_access(cluster, node_type, region, disable_sudo_access_default_user)
 
+    logging.info("Updating Cluster to enable sudo access")
+    # Compute fleet shutdown
+    cluster.stop()
+    wait_for_computefleet_changed(cluster, "STOPPED")
+    # Login node stop
+    login_node_count = 0
+    disable_sudo_access_default_user = not disable_sudo_access_default_user
+    updated_config_file = pcluster_config_reader(
+        disable_sudo_access_default_user=disable_sudo_access_default_user, login_node_count=login_node_count
+    )
+    cluster.update(str(updated_config_file), force_update="true")
+    # Start Login Node
+    login_node_count = 1
+    updated_config_file = pcluster_config_reader(
+        disable_sudo_access_default_user=disable_sudo_access_default_user,
+        login_node_count=login_node_count,
+    )
+    cluster.update(str(updated_config_file), force_update="true")
+    # Compute fleet Start
+    cluster.start()
+    wait_for_computefleet_changed(cluster, "RUNNING")
+
+    logging.info("Checking default user's sudo access after cluster Update")
+    for node_type in NodeType:
+        assert_default_user_has_desired_sudo_access(cluster, node_type, region, disable_sudo_access_default_user)
+
 
 @pytest.mark.usefixtures("instance", "os", "scheduler")
 def test_cluster_creation_with_problematic_preinstall_script(
diff --git a/tests/integration-tests/tests/create/test_create/test_create_disable_sudo_access_for_default_user/pcluster.config.yaml b/tests/integration-tests/tests/create/test_create/test_create_disable_sudo_access_for_default_user/pcluster.config.yaml
index 9b1b0f0a1a..3ee022a32c 100644
--- a/tests/integration-tests/tests/create/test_create/test_create_disable_sudo_access_for_default_user/pcluster.config.yaml
+++ b/tests/integration-tests/tests/create/test_create/test_create_disable_sudo_access_for_default_user/pcluster.config.yaml
@@ -4,7 +4,7 @@ LoginNodes:
   Pools:
     - Name: login
       InstanceType: t2.micro
-      Count: 1
+      Count: {{ login_node_count }}
       Networking:
         SubnetIds:
           - {{ public_subnet_id }}
@@ -30,3 +30,4 @@ Scheduling:
       Networking:
         SubnetIds:
           - {{ private_subnet_id }}
+DisableSudoAccessForDefaultUser: {{ disable_sudo_access_default_user }}