Merge pull request #398 from yissachar/encrypt-etcd-volumes

Add option to encrypt Etcd volumes
2016-09-08 00:19:20 -04:00 · 2016-09-08 00:19:20 -04:00 · 1f67271650
parent 466ee35787 8c3b2274d9
commit 1f67271650
3 changed files with 18 additions and 4 deletions
--- a/upup/models/proto/_aws/master_volumes.yaml
+++ b/upup/models/proto/_aws/master_volumes.yaml
@ -6,6 +6,8 @@ ebsVolume/{{$m.Name}}.etcd-{{$etcd.Name}}.{{ ClusterName }}:
  availabilityZone: {{ $m.Zone }}
  sizeGB: {{ or $m.VolumeSize 20 }}
  volumeType: {{ or $m.VolumeType "gp2" }}
+  kmsKeyId: {{ $m.KmsKeyId }}
+  encrypted: {{ or $m.EncryptedVolume false }}
  tags:
  {{ range $k, $v := EtcdClusterMemberTags $etcd $m }}
    {{ $k }}: "{{ $v }}"
--- a/upup/pkg/api/cluster.go
+++ b/upup/pkg/api/cluster.go
@ -240,11 +240,13 @@ type EtcdClusterSpec struct {

 type EtcdMemberSpec struct {
 	// Name is the name of the member within the etcd cluster
-	Name string `json:"name,omitempty"`
-	Zone string `json:"zone,omitempty"`
+	Name            string `json:"name,omitempty"`
+	Zone            string `json:"zone,omitempty"`

-	VolumeType string `json:"volumeType,omitempty"`
-	VolumeSize int    `json:"volumeSize,omitempty"`
+	VolumeType      string `json:"volumeType,omitempty"`
+	VolumeSize      int    `json:"volumeSize,omitempty"`
+	KmsKeyId        string `json:"kmsKeyId,omitempty"`
+	EncryptedVolume bool   `json:"encryptedVolume,omitempty"`
 }

 type ClusterZoneSpec struct {
--- a/upup/pkg/fi/cloudup/awstasks/ebsvolume.go
+++ b/upup/pkg/fi/cloudup/awstasks/ebsvolume.go
@ -17,6 +17,8 @@ type EBSVolume struct {
 	AvailabilityZone *string
 	VolumeType       *string
 	SizeGB           *int64
+	KmsKeyId         *string
+	Encrypted        *bool
 	Tags             map[string]string
 }

@ -76,6 +78,8 @@ func (e *EBSVolume) find(cloud *awsup.AWSCloud) (*EBSVolume, error) {
 		AvailabilityZone: v.AvailabilityZone,
 		VolumeType:       v.VolumeType,
 		SizeGB:           v.Size,
+		KmsKeyId:         v.KmsKeyId,
+		Encrypted:        v.Encrypted,
 		Name:             e.Name,
 	}

@ -111,6 +115,8 @@ func (_ *EBSVolume) RenderAWS(t *awsup.AWSAPITarget, a, e, changes *EBSVolume) e
 			Size:             e.SizeGB,
 			AvailabilityZone: e.AvailabilityZone,
 			VolumeType:       e.VolumeType,
+			KmsKeyId:         e.KmsKeyId,
+			Encrypted:        e.Encrypted,
 		}

 		response, err := t.Cloud.EC2.CreateVolume(request)
@ -128,6 +134,8 @@ type terraformVolume struct {
 	AvailabilityZone *string           `json:"availability_zone"`
 	Size             *int64            `json:"size"`
 	Type             *string           `json:"type"`
+	KmsKeyId         *string           `json:"kmsKeyId"`
+	Encrypted        *bool             `json:"encrypted"`
 	Tags             map[string]string `json:"tags,omitempty"`
 }

@ -136,6 +144,8 @@ func (_ *EBSVolume) RenderTerraform(t *terraform.TerraformTarget, a, e, changes
 		AvailabilityZone: e.AvailabilityZone,
 		Size:             e.SizeGB,
 		Type:             e.VolumeType,
+		KmsKeyId:         e.KmsKeyId,
+		Encrypted:        e.Encrypted,
 		Tags:             e.Tags,
 	}