Merge pull request #22 from PixarV/C2DEVEL-12958

add eks resources support

internal/provider/provider.go

@@ -459,11 +459,11 @@ func Provider() *schema.Provider {
 
 			//"aws_eks_addon":         eks.DataSourceAddon(),
 			//"aws_eks_addon_version": eks.DataSourceAddonVersion(),
-			//"aws_eks_cluster":      eks.DataSourceCluster(),
-			//"aws_eks_clusters":     eks.DataSourceClusters(),
+			"aws_eks_cluster":      eks.DataSourceCluster(),
+			"aws_eks_clusters":     eks.DataSourceClusters(),
 			"aws_eks_cluster_auth": eks.DataSourceClusterAuth(),
-			//"aws_eks_node_group":    eks.DataSourceNodeGroup(),
-			//"aws_eks_node_groups":   eks.DataSourceNodeGroups(),
+			"aws_eks_node_group":   eks.DataSourceNodeGroup(),
+			"aws_eks_node_groups":  eks.DataSourceNodeGroups(),
 
 			//"aws_elasticache_cluster":           elasticache.DataSourceCluster(),
 			//"aws_elasticache_replication_group": elasticache.DataSourceReplicationGroup(),
@@ -1199,10 +1199,10 @@ func Provider() *schema.Provider {
 			//"aws_efs_mount_target":       efs.ResourceMountTarget(),
 
 			//"aws_eks_addon":                    eks.ResourceAddon(),
-			//"aws_eks_cluster": eks.ResourceCluster(),
+			"aws_eks_cluster": eks.ResourceCluster(),
 			//"aws_eks_fargate_profile":          eks.ResourceFargateProfile(),
 			//"aws_eks_identity_provider_config": eks.ResourceIdentityProviderConfig(),
-			//"aws_eks_node_group":               eks.ResourceNodeGroup(),
+			"aws_eks_node_group": eks.ResourceNodeGroup(),
 
 			//"aws_elasticache_cluster":                  elasticache.ResourceCluster(),
 			//"aws_elasticache_global_replication_group": elasticache.ResourceGlobalReplicationGroup(),

internal/service/eks/cluster.go

@@ -16,6 +16,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"github.com/hashicorp/terraform-provider-aws/internal/conns"
 	"github.com/hashicorp/terraform-provider-aws/internal/flex"
+	"github.com/hashicorp/terraform-provider-aws/internal/service/ec2"
 	tftags "github.com/hashicorp/terraform-provider-aws/internal/tags"
 	"github.com/hashicorp/terraform-provider-aws/internal/tfresource"
 	"github.com/hashicorp/terraform-provider-aws/internal/verify"
@@ -141,7 +142,7 @@ func ResourceCluster() *schema.Resource {
 							Optional:     true,
 							Computed:     true,
 							ForceNew:     true,
-							ValidateFunc: validation.StringInSlice(eks.IpFamily_Values(), false),
+							ValidateFunc: validation.StringInSlice([]string{eks.IpFamilyIpv4}, false),
 						},
 						"service_ipv4_cidr": {
 							Type:     schema.TypeString,
@@ -168,7 +169,7 @@ func ResourceCluster() *schema.Resource {
 			},
 			"role_arn": {
 				Type:         schema.TypeString,
-				Required:     true,
+				Optional:     true,
 				ForceNew:     true,
 				ValidateFunc: verify.ValidARN,
 			},
@@ -180,8 +181,8 @@ func ResourceCluster() *schema.Resource {
 			"tags_all": tftags.TagsSchemaComputed(),
 			"version": {
 				Type:     schema.TypeString,
-				Optional: true,
-				Computed: true,
+				Required: true,
+				ForceNew: true, // FIXME: Remove after UpdateClusterVersion is supported in C2 EKS API.
 			},
 			"vpc_config": {
 				Type:     schema.TypeList,
@@ -197,12 +198,10 @@ func ResourceCluster() *schema.Resource {
 						"endpoint_private_access": {
 							Type:     schema.TypeBool,
 							Optional: true,
-							Default:  false,
 						},
 						"endpoint_public_access": {
 							Type:     schema.TypeBool,
 							Optional: true,
-							Default:  true,
 						},
 						"public_access_cidrs": {
 							Type:     schema.TypeSet,
@@ -245,12 +244,26 @@ func resourceClusterCreate(d *schema.ResourceData, meta interface{}) error {
 
 	input := &eks.CreateClusterInput{
 		EncryptionConfig:   testAccClusterConfig_expandEncryption(d.Get("encryption_config").([]interface{})),
-		Logging:            expandLoggingTypes(d.Get("enabled_cluster_log_types").(*schema.Set)),
 		Name:               aws.String(name),
 		ResourcesVpcConfig: testAccClusterConfig_expandVPCRequest(d.Get("vpc_config").([]interface{})),
 		RoleArn:            aws.String(d.Get("role_arn").(string)),
 	}
 
+	// endpoint_private_access and endpoint_public_access are removed from CreateCluster input
+	// if they aren't specified in the configuration.
+	//
+	// FIXME: Remove after these parameters are supported in C2 EKS API.
+	if _, exists := d.GetOkExists("vpc_config.0.endpoint_private_access"); !exists {
+		input.ResourcesVpcConfig.EndpointPrivateAccess = nil
+	}
+	if _, exists := d.GetOkExists("vpc_config.0.endpoint_public_access"); !exists {
+		input.ResourcesVpcConfig.EndpointPublicAccess = nil
+	}
+
+	if _, ok := d.GetOk("enabled_cluster_log_types"); ok {
+		input.Logging = expandLoggingTypes(d.Get("enabled_cluster_log_types").(*schema.Set))
+	}
+
 	if _, ok := d.GetOk("kubernetes_network_config"); ok {
 		input.KubernetesNetworkConfig = expandNetworkConfigRequest(d.Get("kubernetes_network_config").([]interface{}))
 	}
@@ -389,6 +402,7 @@ func resourceClusterRead(d *schema.ResourceData, meta interface{}) error {
 
 func resourceClusterUpdate(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*conns.AWSClient).EKSConn
+	connEc2 := meta.(*conns.AWSClient).EC2Conn
 
 	// Do any version update first.
 	if d.HasChange("version") {
@@ -485,7 +499,9 @@ func resourceClusterUpdate(d *schema.ResourceData, meta interface{}) error {
 
 	if d.HasChange("tags_all") {
 		o, n := d.GetChange("tags_all")
-		if err := UpdateTags(conn, d.Get("arn").(string), o, n); err != nil {
+		// FIXME: Use eks.UpdateTags after TagResource and UntagResource are supported in C2 EKS API.
+		// To use EC2 API arn contains the cluster id.
+		if err := ec2.UpdateTags(connEc2, d.Get("arn").(string), o, n); err != nil {
 			return fmt.Errorf("error updating tags: %w", err)
 		}
 	}

internal/service/eks/cluster_test.go

@@ -46,7 +46,7 @@ func TestAccEKSCluster_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "kubernetes_network_config.0.ip_family", "ipv4"),
 					resource.TestMatchResourceAttr(resourceName, "platform_version", regexp.MustCompile(`^eks\.\d+$`)),
 					resource.TestCheckResourceAttrPair(resourceName, "role_arn", "aws_iam_role.test", "arn"),
-					resource.TestCheckResourceAttr(resourceName, "status", eks.ClusterStatusActive),
+					resource.TestCheckResourceAttr(resourceName, "status", eks.ClusterStatusReady),
 					resource.TestCheckResourceAttr(resourceName, "tags.%", "0"),
 					resource.TestMatchResourceAttr(resourceName, "version", regexp.MustCompile(`^\d+\.\d+$`)),
 					resource.TestCheckResourceAttr(resourceName, "vpc_config.#", "1"),

internal/service/eks/node_group.go

@@ -16,6 +16,7 @@ import (
 	"github.com/hashicorp/terraform-provider-aws/internal/conns"
 	"github.com/hashicorp/terraform-provider-aws/internal/create"
 	"github.com/hashicorp/terraform-provider-aws/internal/flex"
+	"github.com/hashicorp/terraform-provider-aws/internal/service/ec2"
 	tftags "github.com/hashicorp/terraform-provider-aws/internal/tags"
 	"github.com/hashicorp/terraform-provider-aws/internal/tfresource"
 	"github.com/hashicorp/terraform-provider-aws/internal/verify"
@@ -56,7 +57,7 @@ func ResourceNodeGroup() *schema.Resource {
 				Optional:     true,
 				Computed:     true,
 				ForceNew:     true,
-				ValidateFunc: validation.StringInSlice(eks.CapacityTypes_Values(), false),
+				ValidateFunc: validation.StringInSlice([]string{eks.CapacityTypesOnDemand}, false),
 			},
 			"cluster_name": {
 				Type:         schema.TypeString,
@@ -90,6 +91,7 @@ func ResourceNodeGroup() *schema.Resource {
 				Type:     schema.TypeList,
 				MaxItems: 1,
 				Optional: true,
+				Computed: true, // FIXME: remove after launch_template is supported in C2 EKS API.
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"id": {
@@ -131,10 +133,9 @@ func ResourceNodeGroup() *schema.Resource {
 				ConflictsWith: []string{"node_group_name"},
 			},
 			"node_role_arn": {
-				Type:         schema.TypeString,
-				Required:     true,
-				ForceNew:     true,
-				ValidateFunc: validation.NoZeroValues,
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
 			},
 			"release_version": {
 				Type:     schema.TypeString,
@@ -468,6 +469,7 @@ func resourceNodeGroupRead(ctx context.Context, d *schema.ResourceData, meta int
 
 func resourceNodeGroupUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	conn := meta.(*conns.AWSClient).EKSConn
+	connEc2 := meta.(*conns.AWSClient).EC2Conn
 
 	clusterName, nodeGroupName, err := NodeGroupParseResourceID(d.Id())
 
@@ -520,7 +522,8 @@ func resourceNodeGroupUpdate(ctx context.Context, d *schema.ResourceData, meta i
 
 		updateID := aws.StringValue(output.Update.Id)
 
-		_, err = waitNodegroupUpdateSuccessful(ctx, conn, clusterName, nodeGroupName, updateID, d.Timeout(schema.TimeoutUpdate))
+		// FIXME: Use waitNodegroupUpdateSuccessful after DescribeUpdate implementation in C2.
+		_, err = waitC2NodegroupUpdated(ctx, conn, clusterName, nodeGroupName, d.Timeout(schema.TimeoutUpdate))
 
 		if err != nil {
 			return diag.Errorf("error waiting for EKS Node Group (%s) version update (%s): %s", d.Id(), updateID, err)
@@ -559,7 +562,8 @@ func resourceNodeGroupUpdate(ctx context.Context, d *schema.ResourceData, meta i
 
 		updateID := aws.StringValue(output.Update.Id)
 
-		_, err = waitNodegroupUpdateSuccessful(ctx, conn, clusterName, nodeGroupName, updateID, d.Timeout(schema.TimeoutUpdate))
+		// FIXME: Use waitNodegroupUpdateSuccessful after DescribeUpdate implementation in C2.
+		_, err = waitC2NodegroupUpdated(ctx, conn, clusterName, nodeGroupName, d.Timeout(schema.TimeoutUpdate))
 
 		if err != nil {
 			return diag.Errorf("error waiting for EKS Node Group (%s) config update (%s): %s", d.Id(), updateID, err)
@@ -568,7 +572,9 @@ func resourceNodeGroupUpdate(ctx context.Context, d *schema.ResourceData, meta i
 
 	if d.HasChange("tags_all") {
 		o, n := d.GetChange("tags_all")
-		if err := UpdateTags(conn, d.Get("arn").(string), o, n); err != nil {
+		// FIXME: Use eks.UpdateTags after TagResource and UntagResource are supported in C2 EKS API.
+		// To use EC2 API arn contains the nodegroup id.
+		if err := ec2.UpdateTags(connEc2, d.Get("arn").(string), o, n); err != nil {
 			return diag.Errorf("error updating tags: %s", err)
 		}
 	}

internal/service/eks/wait.go

@@ -83,8 +83,8 @@ func waitAddonUpdateSuccessful(ctx context.Context, conn *eks.EKS, clusterName,
 
 func waitClusterCreated(conn *eks.EKS, name string, timeout time.Duration) (*eks.Cluster, error) {
 	stateConf := &resource.StateChangeConf{
-		Pending: []string{eks.ClusterStatusCreating},
-		Target:  []string{eks.ClusterStatusActive},
+		Pending: []string{eks.ClusterStatusCreating, eks.ClusterStatusPending, eks.ClusterStatusClaimed, eks.ClusterStatusProvisioning},
+		Target:  []string{eks.ClusterStatusReady},
 		Refresh: statusCluster(conn, name),
 		Timeout: timeout,
 	}
@@ -100,8 +100,8 @@ func waitClusterCreated(conn *eks.EKS, name string, timeout time.Duration) (*eks
 
 func waitClusterDeleted(conn *eks.EKS, name string, timeout time.Duration) (*eks.Cluster, error) {
 	stateConf := &resource.StateChangeConf{
-		Pending: []string{eks.ClusterStatusActive, eks.ClusterStatusDeleting},
-		Target:  []string{},
+		Pending: []string{eks.ClusterStatusPending, eks.ClusterStatusDeleting},
+		Target:  []string{eks.ClusterStatusDeleted},
 		Refresh: statusCluster(conn, name),
 		Timeout: timeout,
 	}
@@ -172,7 +172,7 @@ func waitFargateProfileDeleted(conn *eks.EKS, clusterName, fargateProfileName st
 
 func waitNodegroupCreated(ctx context.Context, conn *eks.EKS, clusterName, nodeGroupName string, timeout time.Duration) (*eks.Nodegroup, error) {
 	stateConf := &resource.StateChangeConf{
-		Pending: []string{eks.NodegroupStatusCreating},
+		Pending: []string{eks.NodegroupStatusPending, eks.NodegroupStatusCreating},
 		Target:  []string{eks.NodegroupStatusActive},
 		Refresh: statusNodegroup(conn, clusterName, nodeGroupName),
 		Timeout: timeout,
@@ -193,8 +193,8 @@ func waitNodegroupCreated(ctx context.Context, conn *eks.EKS, clusterName, nodeG
 
 func waitNodegroupDeleted(ctx context.Context, conn *eks.EKS, clusterName, nodeGroupName string, timeout time.Duration) (*eks.Nodegroup, error) {
 	stateConf := &resource.StateChangeConf{
-		Pending: []string{eks.NodegroupStatusActive, eks.NodegroupStatusDeleting},
-		Target:  []string{},
+		Pending: []string{eks.NodegroupStatusPending, eks.NodegroupStatusDeleting},
+		Target:  []string{eks.NodegroupStatusDeleted},
 		Refresh: statusNodegroup(conn, clusterName, nodeGroupName),
 		Timeout: timeout,
 	}
@@ -212,7 +212,26 @@ func waitNodegroupDeleted(ctx context.Context, conn *eks.EKS, clusterName, nodeG
 	return nil, err
 }
 
-func waitNodegroupUpdateSuccessful(ctx context.Context, conn *eks.EKS, clusterName, nodeGroupName, id string, timeout time.Duration) (*eks.Update, error) { //nolint:unparam
+// This is a temporary solution for C2 Nodegroups until DescribeUpdate is implemented.
+func waitC2NodegroupUpdated(ctx context.Context, conn *eks.EKS, clusterName, nodeGroupName string, timeout time.Duration) (*eks.Nodegroup, error) {
+	stateConf := &resource.StateChangeConf{
+		Pending: []string{eks.NodegroupStatusPending, eks.NodegroupStatusUpdating},
+		Target:  []string{eks.NodegroupStatusActive},
+		Refresh: statusNodegroup(conn, clusterName, nodeGroupName),
+		Timeout: timeout,
+	}
+
+	outputRaw, err := stateConf.WaitForStateContext(ctx)
+
+	if output, ok := outputRaw.(*eks.Nodegroup); ok {
+		return output, err
+	}
+
+	return nil, err
+}
+
+//lint:ignore U1000 Ignore unused function temporarily
+func waitNodegroupUpdateSuccessful(ctx context.Context, conn *eks.EKS, clusterName, nodeGroupName, id string, timeout time.Duration) (*eks.Update, error) {
 	stateConf := &resource.StateChangeConf{
 		Pending: []string{eks.UpdateStatusInProgress},
 		Target:  []string{eks.UpdateStatusSuccessful},

website/docs/d/eks_cluster.html.markdown

@@ -0,0 +1,56 @@
+---
+subcategory: "EKS (Elastic Kubernetes)"
+layout: "aws"
+page_title: "CROC Cloud: aws_eks_cluster"
+description: |-
+  Retrieves information about an EKS cluster.
+---
+
+# Data Source: aws_eks_cluster
+
+Retrieves information about an EKS cluster.
+
+## Example Usage
+
+```terraform
+data "aws_eks_cluster" "example" {
+  name = "example"
+}
+```
+
+## Argument Reference
+
+* `name` - (Required) The name of the cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (`^[0-9A-Za-z][A-Za-z0-9\-_]+$`).
+
+## Attributes Reference
+
+* `arn` - Cluster ID.
+* `certificate_authority` - Nested attribute containing `certificate-authority-data` for your cluster.
+    * `data` - The base64 encoded certificate data required to communicate with your cluster. Add this to the `certificate-authority-data` section of the `kubeconfig` file for your cluster.
+* `created_at` - The Unix epoch time stamp in seconds for when the cluster was created.
+* `id` - The name of the cluster.
+* `kubernetes_network_config` - Nested list containing Kubernetes Network Configuration.
+    * `ip_family` - The IP family used to assign Kubernetes pod and service addresses.
+    * `service_ipv4_cidr` - The CIDR block to assign Kubernetes service IP addresses from.
+* `platform_version` - The platform version for the cluster.
+* `status` - The status of the EKS cluster. One of `CLAIMED`, `CREATING`, `DELETED`, `DELETING`, `ERROR`, `MODIFYING`, `PENDING`, `PROVISIONING`, `READY`, `REPAIRING`.
+* `version` - The Kubernetes server version for the cluster.
+* `vpc_config` - Nested list containing VPC configuration for the cluster.
+    * `cluster_security_group_id` - The cluster security group that was created by CROC Cloud EKS for the cluster.
+    * `security_group_ids` – List of security group IDs.
+    * `subnet_ids` – List of subnet IDs.
+    * `vpc_id` – The VPC associated with your cluster.
+* `tags` - Key-value map of resource tags.
+
+->  **Unsupported attributes**
+These attributes are currently unsupported by CROC Cloud:
+
+* `enabled_cluster_log_types` - The enabled control plane logs. Always empty.
+* `encryption_config` - Configuration block with encryption configuration for the cluster. Always empty.
+* `endpoint` - The endpoint for your Kubernetes API server. Always `""`.
+* `identity` - Nested attribute containing identity provider information for your cluster. Always empty.
+* `role_arn` - The ARN of the IAM role that provides permissions for the Kubernetes control plane to make calls to API operations on your behalf. Always `""`.
+* `vpc_config` - Nested list containing VPC configuration for the cluster.
+    * `endpoint_private_access` - Indicates whether or not the EKS private API server endpoint is enabled. Always `false`.
+    * `endpoint_public_access` - Indicates whether or not the EKS public API server endpoint is enabled. Always `false`.
+    * `public_access_cidrs` - List of CIDR blocks. Indicates which CIDR blocks can access the EKS public API server endpoint. Always empty.

website_unsupported/d_unsupported/eks_clusters.html.markdown → website/docs/d/eks_clusters.html.markdown

@@ -1,17 +1,14 @@
 ---
 subcategory: "EKS (Elastic Kubernetes)"
 layout: "aws"
-page_title: "AWS: aws_eks_clusters"
+page_title: "CROC Cloud: aws_eks_clusters"
 description: |-
-  Retrieve EKS Clusters list
+  Retrieves the EKS clusters names.
 ---
 
 # Data Source: aws_eks_clusters
 
--> **Unsupported resource**
-This resource is currently unsupported by CROC Cloud
-
-Retrieve EKS Clusters list
+Retrieves the EKS clusters names.
 
 ## Example Usage
 
@@ -26,5 +23,5 @@ data "aws_eks_cluster" "example" {
 
 ## Attributes Reference
 
-* `id` - AWS Region.
-* `names` - Set of EKS clusters names
+* `id` - Region.
+* `names` - Set of EKS clusters names.