Merge pull request #7483 from Emberwalker/public-endpoint-cidrs-unord…

…ered Handle unordered public endpoint CIDRs from EKS in endpoint updates
eksctl-io · Jan 19, 2024 · 054a558 · 054a558
2 parents 002ce9a + 99593da
commit 054a558
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 1 deletion.
diff --git a/pkg/ctl/utils/vpc_helper.go b/pkg/ctl/utils/vpc_helper.go
@@ -6,6 +6,7 @@ import (
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/kris-nova/logger"
+	"k8s.io/apimachinery/pkg/util/sets"
 
 	"golang.org/x/exp/slices"
 
@@ -176,5 +177,6 @@ func cidrsEqual(currentValues, newValues []string) bool {
 	if len(newValues) == 0 && len(currentValues) == 1 && currentValues[0] == "0.0.0.0/0" {
 		return true
 	}
-	return slices.Equal(currentValues, newValues)
+
+	return sets.NewString(currentValues...).Equal(sets.NewString(newValues...))
 }
diff --git a/pkg/ctl/utils/vpc_helper_test.go b/pkg/ctl/utils/vpc_helper_test.go
@@ -133,6 +133,21 @@ var _ = DescribeTable("VPCHelper", func(e vpcHelperEntry) {
 		},
 	}),
 
+	Entry("cluster public access CIDRs match desired config but out of order", vpcHelperEntry{
+		clusterVPC: &ekstypes.VpcConfigResponse{
+			EndpointPublicAccess:  true,
+			EndpointPrivateAccess: false,
+			PublicAccessCidrs:     []string{"2.2.2.2/32", "1.1.1.1/32"},
+		},
+		vpc: &api.ClusterVPC{
+			ClusterEndpoints: &api.ClusterEndpoints{
+				PublicAccess:  api.Enabled(),
+				PrivateAccess: api.Disabled(),
+			},
+			PublicAccessCIDRs: []string{"1.1.1.1/32", "2.2.2.2/32"},
+		},
+	}),
+
 	Entry("both cluster endpoint access and public access CIDRs do not match desired config", vpcHelperEntry{
 		clusterVPC: &ekstypes.VpcConfigResponse{
 			EndpointPublicAccess:  true,