Fix nil pointer panic and spurious Auto Mode updates

demikl · demikl · commit 9ed24822d68b · 2025-09-22T08:28:49.000+02:00
- Add isAutoModeCluster() function to detect valid Auto Mode configurations - Add validateAutoModeConfig() to enforce AWS requirement that compute, storage, and load balancing must all be enabled/disabled together - Only call updateComputeConfig() for actual Auto Mode clusters - Ignore elasticLoadBalancing absent vs false diffs for non-Auto Mode clusters Fixes aws-controllers-k8s/community#2619
diff --git a/pkg/resource/cluster/hook.go b/pkg/resource/cluster/hook.go
@@ -184,6 +184,72 @@ func (rm *resourceManager) clusterInUse(ctx context.Context, r *resource) (bool,
 	return (nodes != nil && len(nodes.Nodegroups) > 0), nil
 }
 
+// isAutoModeCluster returns true if the cluster is configured for EKS Auto Mode.
+// According to AWS documentation, compute, block storage, and load balancing capabilities
+// must all be enabled or disabled together. Any partial configuration is invalid.
+func isAutoModeCluster(r *resource) bool {
+	if r == nil || r.ko == nil {
+		return false
+	}
+
+	// If ComputeConfig is not specified, this is not an Auto Mode cluster
+	if r.ko.Spec.ComputeConfig == nil {
+		return false
+	}
+
+	// Check compute configuration
+	computeEnabled := r.ko.Spec.ComputeConfig.Enabled != nil && *r.ko.Spec.ComputeConfig.Enabled
+
+	// Check storage configuration
+	storageEnabled := false
+	if r.ko.Spec.StorageConfig != nil && r.ko.Spec.StorageConfig.BlockStorage != nil {
+		storageEnabled = r.ko.Spec.StorageConfig.BlockStorage.Enabled != nil && *r.ko.Spec.StorageConfig.BlockStorage.Enabled
+	}
+
+	// Check elastic load balancing configuration
+	elbEnabled := false
+	if r.ko.Spec.KubernetesNetworkConfig != nil && r.ko.Spec.KubernetesNetworkConfig.ElasticLoadBalancing != nil {
+		elbEnabled = r.ko.Spec.KubernetesNetworkConfig.ElasticLoadBalancing.Enabled != nil && *r.ko.Spec.KubernetesNetworkConfig.ElasticLoadBalancing.Enabled
+	}
+
+	// Auto Mode requires all three capabilities to have the same state (all true or all false)
+	// If they are all true, Auto Mode is enabled
+	// If they are all false, Auto Mode is being disabled
+	// Any other combination is invalid
+	return (computeEnabled && storageEnabled && elbEnabled) || (!computeEnabled && !storageEnabled && !elbEnabled)
+}
+
+// validateAutoModeConfig validates that Auto Mode configuration is consistent.
+// Returns an error if the configuration is invalid (partial enablement).
+func validateAutoModeConfig(r *resource) error {
+	if r == nil || r.ko == nil || r.ko.Spec.ComputeConfig == nil {
+		return nil // Not an Auto Mode configuration
+	}
+
+	// Check compute configuration
+	computeEnabled := r.ko.Spec.ComputeConfig.Enabled != nil && *r.ko.Spec.ComputeConfig.Enabled
+
+	// Check storage configuration
+	storageEnabled := false
+	if r.ko.Spec.StorageConfig != nil && r.ko.Spec.StorageConfig.BlockStorage != nil {
+		storageEnabled = r.ko.Spec.StorageConfig.BlockStorage.Enabled != nil && *r.ko.Spec.StorageConfig.BlockStorage.Enabled
+	}
+
+	// Check elastic load balancing configuration
+	elbEnabled := false
+	if r.ko.Spec.KubernetesNetworkConfig != nil && r.ko.Spec.KubernetesNetworkConfig.ElasticLoadBalancing != nil {
+		elbEnabled = r.ko.Spec.KubernetesNetworkConfig.ElasticLoadBalancing.Enabled != nil && *r.ko.Spec.KubernetesNetworkConfig.ElasticLoadBalancing.Enabled
+	}
+
+	// All three must be in the same state
+	if computeEnabled == storageEnabled && storageEnabled == elbEnabled {
+		return nil // Valid configuration
+	}
+
+	return fmt.Errorf("invalid Auto Mode configuration: compute, block storage, and load balancing capabilities must all be enabled or disabled together (compute=%v, storage=%v, elb=%v)",
+		computeEnabled, storageEnabled, elbEnabled)
+}
+
 func customPreCompare(
 	a *resource,
 	b *resource,
@@ -380,25 +446,35 @@ func (rm *resourceManager) customUpdate(
 		return returnClusterUpdating(updatedRes)
 	}
 
-	// Handle computeConfig updates
+	// Handle computeConfig updates - only for Auto Mode clusters
 	if delta.DifferentAt("Spec.ComputeConfig") || delta.DifferentAt("Spec.StorageConfig") || delta.DifferentAt("Spec.KubernetesNetworkConfig") {
-		if err := rm.updateComputeConfig(ctx, desired); err != nil {
-			awsErr, ok := extractAWSError(err)
-			rlog.Info("attempting to update AutoMode config",
-				"error", err,
-				"isAWSError", ok,
-				"awsErrorCode", awsErr.Code)
+		// Validate Auto Mode configuration consistency before attempting update
+		if err := validateAutoModeConfig(desired); err != nil {
+			return nil, ackerr.NewTerminalError(err)
+		}
 
-			// Check to see if we've raced an async update call and need to requeue
-			if ok && awsErr.Code == "ResourceInUseException" {
-				rlog.Info("resource in use, requeueing after async update")
-				return nil, requeueAfterAsyncUpdate()
+		// Only proceed with Auto Mode updates if the cluster is actually configured for Auto Mode
+		if isAutoModeCluster(desired) {
+			if err := rm.updateComputeConfig(ctx, desired); err != nil {
+				awsErr, ok := extractAWSError(err)
+				rlog.Info("attempting to update AutoMode config",
+					"error", err,
+					"isAWSError", ok,
+					"awsErrorCode", awsErr.Code)
+
+				// Check to see if we've raced an async update call and need to requeue
+				if ok && awsErr.Code == "ResourceInUseException" {
+					rlog.Info("resource in use, requeueing after async update")
+					return nil, requeueAfterAsyncUpdate()
+				}
+
+				return nil, fmt.Errorf("failed to update AutoMode config: %w", err)
 			}
 
-			return nil, fmt.Errorf("failed to update AutoMode config: %w", err)
+			return returnClusterUpdating(updatedRes)
 		}
-
-		return returnClusterUpdating(updatedRes)
+		// If not Auto Mode, ignore the diff (likely elasticLoadBalancing false vs absent)
+		rlog.Debug("ignoring diff on compute/storage/network config for non-Auto Mode cluster")
 	}
 
 	// Handle zonalShiftConfig updates
