Added support for EKS control plane logging #8216
Conversation
ghost
added
size/M
bflad
added
the
enhancement
There was a problem hiding this comment.
Hi @MarcusNoble 👋 Thanks for submitting this, it is off to a good start. Please see some initial feedback below and let us know if you have any questions or do not have time to complete these items.
aws/resource_aws_eks_cluster.go
Outdated
| @@ -132,6 +142,10 @@ func resourceAwsEksClusterCreate(d *schema.ResourceData, meta interface{}) error | |||
| input.Version = aws.String(v.(string)) | |||
| } | |||
|
|
|||
| if l, ok := d.GetOk("logging"); ok && l.([]interface{}) != nil { | |||
There was a problem hiding this comment.
To make this check more meaningful, it should check len(l.([]interface{})) > 0 as d.GetOk() should always return ok for root level list attributes. It'd be simpler if the logging was always set in the struct above and the expand function handled any special logic though, e.g.
input := &eks.CreateClusterInput{
Name: aws.String(name),
Logging: expandEksLoggingTypes(d.Get("logging").([]interface{})),
RoleArn: aws.String(d.Get("role_arn").(string)),
ResourcesVpcConfig: expandEksVpcConfigRequest(d.Get("vpc_config").([]interface{})),
}
// ...
func expandEksLoggingTypes(logTypes []interface{}) *eks.Logging {
if len(logTypes) == 0 {
return nil
}
// ...
aws/resource_aws_eks_cluster.go
Outdated
| @@ -218,6 +232,14 @@ func resourceAwsEksClusterRead(d *schema.ResourceData, meta interface{}) error { | |||
| return fmt.Errorf("error setting vpc_config: %s", err) | |||
| } | |||
|
|
|||
| types := []string{} | |||
| if len(cluster.Logging.ClusterLogging) > 0 && *cluster.Logging.ClusterLogging[0].Enabled { | |||
There was a problem hiding this comment.
Before accessing anything inside cluster.Logging we should first perform a nil check to prevent potential panics. 👍
It also doesn't seem like we should always depend on a single LogSetup object that is Enabled here, even if that is how the API behaves today. We could miss results by not looping through the objects and especially if the API's first result is disabled while some of the rest may be enabled. It seems like we should check each LogSetup element then check Enabled. We then would typically suggest moving this into its own flatten function to simplify things a little.
e.g.
enabledClusterLogTypes := []string{}
if cluster.Logging != nil {
enabledClusterLogTypes = flattenEksEnabledLogTypes(cluster.Logging.ClusterLogging)
}
// ...
func flattenEksEnabledLogTypes(logSetups []*eks.LogSetup) []interface{} {
enabledLogTypes := []string{}
for _, logSetup := range logSetups {
if logSetup == nil || !aws.BoolValue(logSetup.Enabled) {
continue
}
for _, logType := logSetup.Types {
enabledLogTypes = append(enabledLogTypes, aws.BoolValue(logType))
}
}
return enabledLogTypes
}
aws/resource_aws_eks_cluster.go
Outdated
| types = append(types, *logType) | ||
| } | ||
| } | ||
| d.Set("logging", types) |
There was a problem hiding this comment.
When using d.Set() with aggregate types (TypeList, TypeSet, TypeMap), we should perform error checking to prevent issues where the code is not properly able to set the Terraform state. e.g.
| d.Set("logging", types) | |
| if err := d.Set("logging", enabledClusterLoggingTypes); err != nil { | |
| return fmt.Errorf("error setting logging: %s", err) | |
| } |
aws/resource_aws_eks_cluster.go
Outdated
| @@ -114,6 +116,14 @@ func resourceAwsEksCluster() *schema.Resource { | |||
| }, | |||
| }, | |||
| }, | |||
| "logging": { | |||
There was a problem hiding this comment.
We should consider renaming this attribute cluster_log_types or even enabled_cluster_log_types to show the designation that this handling is specifically for the Types within the ClusterLogging of the API. It also needs documentation added in website/docs/r/eks_cluster.html.markdown 👍
aws/resource_aws_eks_cluster.go
Outdated
| } | ||
|
|
||
| enabledLogs := &eks.LogSetup{ | ||
| Enabled: &enabled, |
There was a problem hiding this comment.
Nit: This can be simplified to
| Enabled: &enabled, | |
| Enabled: aws.Bool(true), |
aws/resource_aws_eks_cluster.go
Outdated
| func expandEksLoggingTypes(logTypes []interface{}) *eks.Logging { | ||
| enabled := true | ||
| disabled := false | ||
| enabledTypes := []*string{} |
There was a problem hiding this comment.
Nit: I believe this could be simplified with expandStringList(logTypes)
ghost
added
size/L
|
@bflad Thank you so much for your feedback. I'm still fairly new to Go so was very helpful. I believe I've addressed all your comments now. :) |
There was a problem hiding this comment.
Looks good, @MarcusNoble! Thanks so much. 🚀
Output from acceptance testing:
--- PASS: TestAccAWSEksCluster_Logging (1210.36s)
--- PASS: TestAccAWSEksCluster_basic (1229.58s)
--- PASS: TestAccAWSEksClusterDataSource_basic (1249.35s)
--- PASS: TestAccAWSEksCluster_VpcConfig_SecurityGroupIds (1371.63s)
--- PASS: TestAccAWSEksCluster_VpcConfig_EndpointPrivateAccess (1418.73s)
--- PASS: TestAccAWSEksCluster_VpcConfig_EndpointPublicAccess (1553.32s)
--- PASS: TestAccAWSEksCluster_Version (2674.15s)
| @@ -39,6 +41,8 @@ The following arguments are supported: | |||
| * `role_arn` - (Required) The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | |||
| * `vpc_config` - (Required) Nested argument for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see [Cluster VPC Considerations](https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html) and [Cluster Security Group Considerations](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html) in the Amazon EKS User Guide. Configuration detailed below. | |||
| * `version` – (Optional) Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS. | |||
| * `enabled_cluster_log_types` - (Optional) A list of the desired control plane logging to enable. For more information, see [Amazon EKS Control Plane Logging | |||
There was a problem hiding this comment.
Nit: Should be alphabetically sorted to match rest of documentation
|
This has been released in version 2.6.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
ghost
locked and limited conversation to collaborators
Community Note
Fixes #8204
Changes proposed in this pull request:
Output from acceptance testing: