Add control plane permission flags

args.go

@@ -92,6 +92,10 @@ const (
 	ArgAutoUpgrade = "auto-upgrade"
 	// ArgHA is a cluster's highly available control plane argument.
 	ArgHA = "ha"
+	// ArgControlPlanePermissionEnable enable control plane permission.
+	ArgControlPlanePermissionEnable = "control-plane-permission-enable"
+	// ArgControlPlanePermissionAllowedAddresses list of allowed addresses that can access the control plane.
+	ArgControlPlanePermissionAllowedAddresses = "control-plane-permission-allowed-addresses"
 	// ArgSurgeUpgrade is a cluster's surge-upgrade argument.
 	ArgSurgeUpgrade = "surge-upgrade"
 	// ArgCommandUpsert is an upsert for a resource to be created or updated argument.

commands/kubernetes.go

@@ -26,14 +26,15 @@ import (
 	"time"
 
 	"github.com/blang/semver"
-	"github.com/digitalocean/doctl"
-	"github.com/digitalocean/doctl/commands/displayers"
-	"github.com/digitalocean/doctl/do"
 	"github.com/digitalocean/godo"
 	"github.com/google/uuid"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 
+	"github.com/digitalocean/doctl"
+	"github.com/digitalocean/doctl/commands/displayers"
+	"github.com/digitalocean/doctl/do"
+
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	kubeerrors "k8s.io/apimachinery/pkg/util/errors"
 	clientauthentication "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1"
@@ -282,6 +283,10 @@ After creating a cluster, a configuration context is added to kubectl and made a
 		"Enables surge-upgrade for the cluster")
 	AddBoolFlag(cmdKubeClusterCreate, doctl.ArgHA, "", false,
 		"Creates the cluster with a highly-available control plane. Defaults to false. To enable the HA control plane, supply --ha=true.")
+	AddStringFlag(cmdKubeClusterCreate, doctl.ArgControlPlanePermissionEnable, "", "",
+		"Creates the cluster with a control plane permission. Defaults to false. To enable the control plane permission, supply --enable-control-plane-permission=true.")
+	AddStringSliceFlag(cmdKubeClusterCreate, doctl.ArgControlPlanePermissionAllowedAddresses, "", nil,
+		"A comma-separated list of allowed addresses that can access the control plane.")
 	AddStringSliceFlag(cmdKubeClusterCreate, doctl.ArgTag, "", nil,
 		"A comma-separated list of `tags` to apply to the cluster, in addition to the default tags of `k8s` and `k8s:$K8S_CLUSTER_ID`.")
 	AddStringFlag(cmdKubeClusterCreate, doctl.ArgSizeSlug, "",
@@ -328,6 +333,10 @@ Updates the configuration values for a Kubernetes cluster. The cluster must be r
 		"Enables surge-upgrade for the cluster")
 	AddBoolFlag(cmdKubeClusterUpdate, doctl.ArgHA, "", false,
 		"Enables the highly-available control plane for the cluster")
+	AddStringFlag(cmdKubeClusterUpdate, doctl.ArgControlPlanePermissionEnable, "", "",
+		"Creates the cluster with a control plane permission. Defaults to false. To enable the control plane permission, supply --enable-control-plane-permission=true.")
+	AddStringSliceFlag(cmdKubeClusterUpdate, doctl.ArgControlPlanePermissionAllowedAddresses, "", nil,
+		"A comma-separated list of allowed addresses that can access the control plane.")
 	AddBoolFlag(cmdKubeClusterUpdate, doctl.ArgClusterUpdateKubeconfig, "",
 		true, "Updates the cluster in your kubeconfig")
 	AddBoolFlag(cmdKubeClusterUpdate, doctl.ArgSetCurrentContext, "", true,
@@ -1648,6 +1657,31 @@ func buildClusterCreateRequestFromArgs(c *CmdConfig, r *godo.KubernetesClusterCr
 	}
 	r.HA = ha
 
+	enableControlPlanePermission, err := c.Doit.GetString(c.NS, doctl.ArgControlPlanePermissionEnable)
+	if err != nil {
+		return err
+	}
+	if enableControlPlanePermission != "" {
+		enableControlPlanePermissionBool, err := strconv.ParseBool(enableControlPlanePermission)
+		if err != nil {
+			return err
+		}
+		r.ControlPlanePermission = &godo.KubernetesControlPlanePermission{
+			Enabled: &enableControlPlanePermissionBool,
+		}
+	}
+
+	controlPlanePermissionAllowedAddresses, err := c.Doit.GetStringSlice(c.NS, doctl.ArgControlPlanePermissionAllowedAddresses)
+	if err != nil {
+		return err
+	}
+	if len(controlPlanePermissionAllowedAddresses) > 0 {
+		if r.ControlPlanePermission == nil {
+			r.ControlPlanePermission = &godo.KubernetesControlPlanePermission{}
+		}
+		r.ControlPlanePermission.AllowedAddresses = controlPlanePermissionAllowedAddresses
+	}
+
 	tags, err := c.Doit.GetStringSlice(c.NS, doctl.ArgTag)
 	if err != nil {
 		return err
@@ -1737,6 +1771,32 @@ func buildClusterUpdateRequestFromArgs(c *CmdConfig, r *godo.KubernetesClusterUp
 		return err
 	}
 	r.HA = ha
+
+	enableControlPlanePermission, err := c.Doit.GetString(c.NS, doctl.ArgControlPlanePermissionEnable)
+	if err != nil {
+		return err
+	}
+	if enableControlPlanePermission != "" {
+		enableControlPlanePermissionBool, err := strconv.ParseBool(enableControlPlanePermission)
+		if err != nil {
+			return err
+		}
+		r.ControlPlanePermission = &godo.KubernetesControlPlanePermission{
+			Enabled: &enableControlPlanePermissionBool,
+		}
+	}
+
+	controlPlanePermissionAllowedAddresses, err := c.Doit.GetStringSlice(c.NS, doctl.ArgControlPlanePermissionAllowedAddresses)
+	if err != nil {
+		return err
+	}
+	if len(controlPlanePermissionAllowedAddresses) > 0 {
+		if r.ControlPlanePermission == nil {
+			r.ControlPlanePermission = &godo.KubernetesControlPlanePermission{}
+		}
+		r.ControlPlanePermission.AllowedAddresses = controlPlanePermissionAllowedAddresses
+	}
+
 	return nil
 }
 

commands/kubernetes_test.go

@@ -5,13 +5,14 @@ import (
 	"sort"
 	"testing"
 
-	"github.com/digitalocean/doctl"
-	"github.com/digitalocean/doctl/do"
 	"github.com/digitalocean/godo"
 	"github.com/google/uuid"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
+
+	"github.com/digitalocean/doctl"
+	"github.com/digitalocean/doctl/do"
 )
 
 var (
@@ -30,6 +31,13 @@ var (
 			},
 			AutoUpgrade: true,
 			HA:          true,
+			ControlPlanePermission: &godo.KubernetesControlPlanePermission{
+				Enabled: boolPtr(true),
+				AllowedAddresses: []string{
+					"1.2.3.4",
+					"4.3.2.1/32",
+				},
+			},
 		},
 	}
 
@@ -497,6 +505,13 @@ func TestKubernetesCreate(t *testing.T) {
 			},
 			AutoUpgrade: true,
 			HA:          true,
+			ControlPlanePermission: &godo.KubernetesControlPlanePermission{
+				Enabled: boolPtr(true),
+				AllowedAddresses: []string{
+					"1.2.3.4",
+					"4.3.2.1/32",
+				},
+			},
 		}
 		tm.kubernetes.EXPECT().Create(&r).Return(&testCluster, nil)
 
@@ -517,6 +532,9 @@ func TestKubernetesCreate(t *testing.T) {
 		config.Doit.Set(config.NS, doctl.ArgAutoUpgrade, testCluster.AutoUpgrade)
 		config.Doit.Set(config.NS, doctl.ArgHA, testCluster.HA)
 
+		config.Doit.Set(config.NS, doctl.ArgControlPlanePermissionEnable, testCluster.ControlPlanePermission.Enabled)
+		config.Doit.Set(config.NS, doctl.ArgControlPlanePermissionAllowedAddresses, testCluster.ControlPlanePermission.AllowedAddresses)
+
 		// Test with no vpc-uuid specified
 		err := testK8sCmdService().RunKubernetesClusterCreate("c-8", 3)(config)
 		assert.NoError(t, err)
@@ -550,6 +568,13 @@ func TestKubernetesUpdate(t *testing.T) {
 			},
 			AutoUpgrade: boolPtr(false),
 			HA:          boolPtr(true),
+			ControlPlanePermission: &godo.KubernetesControlPlanePermission{
+				Enabled: boolPtr(true),
+				AllowedAddresses: []string{
+					"1.2.3.4",
+					"4.3.2.1/32",
+				},
+			},
 		}
 		tm.kubernetes.EXPECT().Update(testCluster.ID, &r).Return(&testCluster, nil)
 
@@ -559,6 +584,8 @@ func TestKubernetesUpdate(t *testing.T) {
 		config.Doit.Set(config.NS, doctl.ArgMaintenanceWindow, "any=00:00")
 		config.Doit.Set(config.NS, doctl.ArgAutoUpgrade, false)
 		config.Doit.Set(config.NS, doctl.ArgHA, true)
+		config.Doit.Set(config.NS, doctl.ArgControlPlanePermissionEnable, testCluster.ControlPlanePermission.Enabled)
+		config.Doit.Set(config.NS, doctl.ArgControlPlanePermissionAllowedAddresses, testCluster.ControlPlanePermission.AllowedAddresses)
 
 		err := testK8sCmdService().RunKubernetesClusterUpdate(config)
 		assert.NoError(t, err)
@@ -574,6 +601,13 @@ func TestKubernetesUpdate(t *testing.T) {
 				Day:       godo.KubernetesMaintenanceDayAny,
 			},
 			AutoUpgrade: boolPtr(false),
+			ControlPlanePermission: &godo.KubernetesControlPlanePermission{
+				Enabled: boolPtr(true),
+				AllowedAddresses: []string{
+					"1.2.3.4",
+					"4.3.2.1/32",
+				},
+			},
 		}
 		tm.kubernetes.EXPECT().List().Return(testClusterList, nil)
 		tm.kubernetes.EXPECT().Update(testCluster.ID, &r).Return(&testCluster, nil)
@@ -583,6 +617,8 @@ func TestKubernetesUpdate(t *testing.T) {
 		config.Doit.Set(config.NS, doctl.ArgTag, testCluster.Tags)
 		config.Doit.Set(config.NS, doctl.ArgMaintenanceWindow, "any=00:00")
 		config.Doit.Set(config.NS, doctl.ArgAutoUpgrade, false)
+		config.Doit.Set(config.NS, doctl.ArgControlPlanePermissionEnable, testCluster.ControlPlanePermission.Enabled)
+		config.Doit.Set(config.NS, doctl.ArgControlPlanePermissionAllowedAddresses, testCluster.ControlPlanePermission.AllowedAddresses)
 
 		err := testK8sCmdService().RunKubernetesClusterUpdate(config)
 		assert.NoError(t, err)

go.mod

@@ -5,7 +5,7 @@ go 1.21
 require (
 	github.com/blang/semver v3.5.1+incompatible
 	github.com/creack/pty v1.1.11
-	github.com/digitalocean/godo v1.116.0
+	github.com/digitalocean/godo v1.117.0
 	github.com/docker/cli v24.0.5+incompatible
 	github.com/docker/docker v24.0.9+incompatible
 	github.com/docker/docker-credential-helpers v0.7.0 // indirect

go.sum

@@ -86,10 +86,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/digitalocean/godo v1.115.1-0.20240515191029-705fb26c5aa5 h1:bAO9uVDeZhwy1DdKmtAqgjS9+isKWnzxzxiKvNHKNtQ=
-github.com/digitalocean/godo v1.115.1-0.20240515191029-705fb26c5aa5/go.mod h1:Vk0vpCot2HOAJwc5WE8wljZGtJ3ZtWIc8MQ8rF38sdo=
-github.com/digitalocean/godo v1.116.0 h1:SuF/Imd1/dE/nYrUFVkJ2itesQNnJQE1a/vmtHknxeE=
-github.com/digitalocean/godo v1.116.0/go.mod h1:Vk0vpCot2HOAJwc5WE8wljZGtJ3ZtWIc8MQ8rF38sdo=
+github.com/digitalocean/godo v1.117.0 h1:WVlTe09melDYTd7VCVyvHcNWbgB+uI1O115+5LOtdSw=
+github.com/digitalocean/godo v1.117.0/go.mod h1:Vk0vpCot2HOAJwc5WE8wljZGtJ3ZtWIc8MQ8rF38sdo=
 github.com/docker/cli v24.0.5+incompatible h1:WeBimjvS0eKdH4Ygx+ihVq1Q++xg36M/rMi4aXAvodc=
 github.com/docker/cli v24.0.5+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=