Merge pull request #8 from rmweir/access-update-fix

Access update fix
rancher · Sep 14, 2020 · fcb92c7 · fcb92c7
2 parents d553fcf + 8401a64
commit fcb92c7
Showing 1 changed file with 16 additions and 32 deletions.
diff --git a/controller/eks-cluster-config-handler.go b/controller/eks-cluster-config-handler.go
@@ -859,40 +859,24 @@ func (h *Handler) updateUpstreamClusterState(upstreamSpec *v13.EKSClusterConfigS
 		}
 	}
 
-	if config.Spec.PublicAccess != nil {
-		if aws.BoolValue(upstreamSpec.PublicAccess) != aws.BoolValue(config.Spec.PublicAccess) {
-			_, err := eksService.UpdateClusterConfig(
-				&eks.UpdateClusterConfigInput{
-					Name: aws.String(config.Spec.DisplayName),
-					ResourcesVpcConfig: &eks.VpcConfigRequest{
-						EndpointPublicAccess: config.Spec.PublicAccess,
-					},
-				},
-			)
-			if err != nil {
-				return config, err
-			}
-			return h.enqueueUpdate(config)
-		}
-	}
-
-	if config.Spec.PrivateAccess != nil {
-		// check private access for update
-		if aws.BoolValue(upstreamSpec.PrivateAccess) != aws.BoolValue(config.Spec.PrivateAccess) {
-			_, err := eksService.UpdateClusterConfig(
-				&eks.UpdateClusterConfigInput{
-					Name: aws.String(config.Spec.DisplayName),
-					ResourcesVpcConfig: &eks.VpcConfigRequest{
-						EndpointPrivateAccess: config.Spec.PrivateAccess,
-					},
+	publicAccessUpdate := config.Spec.PublicAccess != nil && aws.BoolValue(upstreamSpec.PublicAccess) != aws.BoolValue(config.Spec.PublicAccess)
+	privateAccessUpdate := config.Spec.PrivateAccess != nil && aws.BoolValue(upstreamSpec.PrivateAccess) != aws.BoolValue(config.Spec.PrivateAccess)
+	if publicAccessUpdate || privateAccessUpdate {
+		// public and private access updates need to be sent together. When they are sent one at a time
+		// the request may be denied due to having both public and private access disabled.
+		_, err := eksService.UpdateClusterConfig(
+			&eks.UpdateClusterConfigInput{
+				Name: aws.String(config.Spec.DisplayName),
+				ResourcesVpcConfig: &eks.VpcConfigRequest{
+					EndpointPublicAccess: config.Spec.PublicAccess,
+					EndpointPrivateAccess: config.Spec.PrivateAccess,
 				},
-			)
-			if err != nil {
-				return config, err
-			}
-
-			return h.enqueueUpdate(config)
+			},
+		)
+		if err != nil {
+			return config, err
 		}
+		return h.enqueueUpdate(config)
 	}
 
 	if config.Spec.PublicAccessSources != nil {