PLT-1913: Added support for EKS cloud config day 2 operations (#655)

Author: SivaanandM

go.mod

@@ -13,7 +13,7 @@ require (
 	github.com/hashicorp/terraform-plugin-docs v0.16.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.30.0
 	github.com/robfig/cron v1.2.0
-	github.com/spectrocloud/palette-sdk-go v0.0.0-20250813031623-91ef23e78e8f
+	github.com/spectrocloud/palette-sdk-go v0.0.0-20250829121241-06ad6c5fc7b1
 	github.com/stretchr/testify v1.10.0
 	gopkg.in/yaml.v3 v3.0.1
 	gotest.tools v2.2.0+incompatible

go.sum

@@ -598,8 +598,8 @@ github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9
 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
 github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
-github.com/spectrocloud/palette-sdk-go v0.0.0-20250813031623-91ef23e78e8f h1:KAEMjdoWEQ9FlHIVybcLDILngTmuhD7BqsNve4z8W5E=
-github.com/spectrocloud/palette-sdk-go v0.0.0-20250813031623-91ef23e78e8f/go.mod h1:wIt8g7I7cmcQvTo5ktwhSF0/bWq6uRdxGBs9dwTpleU=
+github.com/spectrocloud/palette-sdk-go v0.0.0-20250829121241-06ad6c5fc7b1 h1:OI305NgUmRfuVnKyaHGMbs42dYsEUHqUk0vHIWPukas=
+github.com/spectrocloud/palette-sdk-go v0.0.0-20250829121241-06ad6c5fc7b1/go.mod h1:wIt8g7I7cmcQvTo5ktwhSF0/bWq6uRdxGBs9dwTpleU=
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
 github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=

spectrocloud/resource_cluster_eks.go

@@ -145,7 +145,6 @@ func resourceClusterEks() *schema.Resource {
 			},
 			"cloud_config": {
 				Type:        schema.TypeList,
-				ForceNew:    true,
 				Required:    true,
 				MaxItems:    1,
 				Description: "The AWS environment configuration settings such as network parameters and encryption parameters that apply to this cluster.",
@@ -200,7 +199,6 @@ func resourceClusterEks() *schema.Resource {
 						"public_access_cidrs": {
 							Type:        schema.TypeSet,
 							Optional:    true,
-							ForceNew:    true,
 							Set:         schema.HashString,
 							Description: "List of CIDR blocks that define the allowed public access to the resource. Requests originating from addresses within these CIDR blocks will be permitted to access the resource. All other addresses will be denied access.",
 							Elem: &schema.Schema{
@@ -210,7 +208,6 @@ func resourceClusterEks() *schema.Resource {
 						"private_access_cidrs": {
 							Type:        schema.TypeSet,
 							Optional:    true,
-							ForceNew:    true,
 							Set:         schema.HashString,
 							Description: "List of CIDR blocks that define the allowed private access to the resource. Only requests originating from addresses within these CIDR blocks will be permitted to access the resource.",
 							Elem: &schema.Schema{
@@ -511,6 +508,7 @@ func flattenClusterConfigsEKS(cloudConfig *models.V1EksCloudConfig) interface{}
 		if pool.Name == "cp-pool" {
 			ret["az_subnets"] = pool.SubnetIds
 		}
+
 	}
 
 	if cloudConfig.Spec.ClusterConfig.EncryptionConfig != nil && cloudConfig.Spec.ClusterConfig.EncryptionConfig.IsEnabled {
@@ -659,6 +657,15 @@ func resourceClusterEksUpdate(ctx context.Context, d *schema.ResourceData, m int
 	}
 	cloudConfigId := d.Get("cloud_config_id").(string)
 
+	if d.HasChange("cloud_config") {
+		cloudConfig := d.Get("cloud_config").([]interface{})[0].(map[string]interface{})
+		cloudConfigEntity := toCloudConfigEks(cloudConfig)
+		err := c.UpdateCloudConfigEks(cloudConfigId, cloudConfigEntity)
+		if err != nil {
+			return diag.FromErr(err)
+		}
+	}
+
 	CloudConfig, err := c.GetCloudConfigEks(cloudConfigId)
 	if err != nil {
 		return diag.FromErr(err)
@@ -830,6 +837,7 @@ func toEksCluster(c *client.V1Client, d *schema.ResourceData) (*models.V1Spectro
 	cluster.Spec.CloudConfig.EndpointAccess = access
 
 	machinePoolConfigs := make([]*models.V1EksMachinePoolConfigEntity, 0)
+
 	// Following same logic as UI for setting up control plane for static cluster
 	// Only add cp-pool for dynamic cluster provisioning when az_subnets is not empty and has more than one element
 	if cloudConfig["az_subnets"] != nil && len(cloudConfig["az_subnets"].(map[string]interface{})) > 0 {
@@ -842,6 +850,7 @@ func toEksCluster(c *client.V1Client, d *schema.ResourceData) (*models.V1Spectro
 		}
 		machinePoolConfigs = append(machinePoolConfigs, toMachinePoolEks(cpPool))
 	}
+
 	for _, machinePool := range d.Get("machine_pool").([]interface{}) {
 		mp := toMachinePoolEks(machinePool)
 		machinePoolConfigs = append(machinePoolConfigs, mp)
@@ -1050,3 +1059,55 @@ func toFargateProfileEks(fargateProfile interface{}) *models.V1FargateProfile {
 
 	return f
 }
+
+func toCloudConfigEks(cloudConfig map[string]interface{}) *models.V1EksCloudClusterConfigEntity {
+	var encryptionConfig *models.V1EncryptionConfig
+	if cloudConfig["encryption_config_arn"] != nil && cloudConfig["encryption_config_arn"].(string) != "" {
+		encryptionConfig = &models.V1EncryptionConfig{
+			IsEnabled: true,
+			Provider:  cloudConfig["encryption_config_arn"].(string),
+		}
+	}
+
+	access := &models.V1EksClusterConfigEndpointAccess{}
+	switch cloudConfig["endpoint_access"].(string) {
+	case "public":
+		access.Public = true
+		access.Private = false
+	case "private":
+		access.Public = false
+		access.Private = true
+	case "private_and_public":
+		access.Public = true
+		access.Private = true
+	}
+
+	if cloudConfig["public_access_cidrs"] != nil {
+		cidrs := make([]string, 0)
+		for _, cidr := range cloudConfig["public_access_cidrs"].(*schema.Set).List() {
+			cidrs = append(cidrs, cidr.(string))
+		}
+		access.PublicCIDRs = cidrs
+	}
+
+	if cloudConfig["private_access_cidrs"] != nil {
+		cidrs := make([]string, 0)
+		for _, cidr := range cloudConfig["private_access_cidrs"].(*schema.Set).List() {
+			cidrs = append(cidrs, cidr.(string))
+		}
+		access.PrivateCIDRs = cidrs
+	}
+
+	clusterConfigEntity := &models.V1EksCloudClusterConfigEntity{
+		ClusterConfig: &models.V1EksClusterConfig{
+			BastionDisabled:  true,
+			VpcID:            cloudConfig["vpc_id"].(string),
+			Region:           types.Ptr(cloudConfig["region"].(string)),
+			SSHKeyName:       cloudConfig["ssh_key_name"].(string),
+			EncryptionConfig: encryptionConfig,
+			EndpointAccess:   access,
+		},
+	}
+
+	return clusterConfigEntity
+}