From 8ff11132e13344579d5978c9590ae37f769c7b2d Mon Sep 17 00:00:00 2001 From: Rodion Gyrbu Date: Fri, 11 Jun 2021 14:48:36 +0300 Subject: [PATCH] [CCE] Add possibility to encrypt data volumes (#1117) [CCE] Add possibility to encrypt data volumes Summary of the Pull Request Add new field kms_id in data_volumes spec to perform encryption with KMS Resolves: #1109 PR Checklist Refers to: #1109 Tests added/passed. Documentation updated. Schema updated. Acceptance Steps Performed === RUN TestAccCCENodesV3Basic --- PASS: TestAccCCENodesV3Basic (734.55s) === RUN TestAccCCENodesV3EncryptedVolume --- PASS: TestAccCCENodesV3EncryptedVolume (1686.42s) PASS Process finished with the exit code 0 Reviewed-by: Anton Sidelnikov Reviewed-by: None Reviewed-by: Anton Kachurin Reviewed-by: Rodion Gyrbu --- docs/resources/cce_node_v3.md | 9 +- go.mod | 2 +- go.sum | 4 +- ...ource_opentelekomcloud_cce_node_v3_test.go | 200 +++++++++++------- opentelekomcloud/acceptance/env/vars.go | 1 + .../resource_opentelekomcloud_cce_node_v3.go | 17 +- 6 files changed, 152 insertions(+), 81 deletions(-) diff --git a/docs/resources/cce_node_v3.md b/docs/resources/cce_node_v3.md index 53bb4b31c..36969284f 100644 --- a/docs/resources/cce_node_v3.md +++ b/docs/resources/cce_node_v3.md @@ -67,7 +67,7 @@ The following arguments are supported: * `eip_ids` - (Optional) List of existing elastic IP IDs. --> **Note:** If the `eip_ids` parameter is configured, you do not need to configure the `eip_count` and `bandwidth` parameters: +-> If the `eip_ids` parameter is configured, you do not need to configure the `eip_count` and `bandwidth` parameters: `iptype`, `bandwidth_charge_mode`, `bandwidth_size` and `share_type`. * `eip_count` - (Optional) Number of elastic IPs to be dynamically created. @@ -76,7 +76,7 @@ The following arguments are supported: * `bandwidth_size` - (Optional) Bandwidth size. --> **Note:** If the `bandwidth_size` parameter is configured, you do not need to configure the +-> If the `bandwidth_size` parameter is configured, you do not need to configure the `eip_count`, `bandwidth_charge_mode`, `sharetype` and `iptype` parameters. * `bandwidth_charge_mode` - (Optional) Bandwidth billing type. @@ -113,6 +113,11 @@ The following arguments are supported: * `size` - (Required) Disk size in GB. * `volumetype` - (Required) Disk type. * `extend_param` - (Optional) Disk expansion parameters. + * `kms_id` - (Optional) The Encryption KMS ID of the data volume. By default, it tries to get from env by `OS_KMS_ID`. + +-> To enable encryption with the KMS. Firstly, you need to create the agency to grant KMS rights to EVS. +The agency has to be created for a new project first with a user who has security `admin` permissions. +It is created automatically with the first encrypted EVS disk via UI. ## Attributes Reference diff --git a/go.mod b/go.mod index 1e323546d..f8d62251c 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/jen20/awspolicyequivalence v1.1.0 github.com/jinzhu/copier v0.2.3 github.com/mitchellh/go-homedir v1.1.0 - github.com/opentelekomcloud/gophertelekomcloud v0.4.1 + github.com/opentelekomcloud/gophertelekomcloud v0.4.2-0.20210610105657-237b4413e40c github.com/unknwon/com v1.0.1 gopkg.in/yaml.v2 v2.4.0 ) diff --git a/go.sum b/go.sum index 51bec7537..7e2820612 100644 --- a/go.sum +++ b/go.sum @@ -284,8 +284,8 @@ github.com/nsf/jsondiff v0.0.0-20200515183724-f29ed568f4ce h1:RPclfga2SEJmgMmz2k github.com/nsf/jsondiff v0.0.0-20200515183724-f29ed568f4ce/go.mod h1:uFMI8w+ref4v2r9jz+c9i1IfIttS/OkmLfrk1jne5hs= github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw= github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= -github.com/opentelekomcloud/gophertelekomcloud v0.4.1 h1:Y22eR5WuxuyDErm/3Vw+90Oyx1SwuQ5kioO+t5tS4UE= -github.com/opentelekomcloud/gophertelekomcloud v0.4.1/go.mod h1:pzEP1kduNwv+hrI9R6/DFU/NiX7Kr9NiFjpQ7kJQTsM= +github.com/opentelekomcloud/gophertelekomcloud v0.4.2-0.20210610105657-237b4413e40c h1:YJkWZYQXdw3tsD0QfOZVC0oxwipHtLdL8TuZCww1oSY= +github.com/opentelekomcloud/gophertelekomcloud v0.4.2-0.20210610105657-237b4413e40c/go.mod h1:pzEP1kduNwv+hrI9R6/DFU/NiX7Kr9NiFjpQ7kJQTsM= github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= diff --git a/opentelekomcloud/acceptance/cce/resource_opentelekomcloud_cce_node_v3_test.go b/opentelekomcloud/acceptance/cce/resource_opentelekomcloud_cce_node_v3_test.go index d6833d4c6..74eccae3f 100644 --- a/opentelekomcloud/acceptance/cce/resource_opentelekomcloud_cce_node_v3_test.go +++ b/opentelekomcloud/acceptance/cce/resource_opentelekomcloud_cce_node_v3_test.go @@ -16,9 +16,11 @@ import ( var privateIP = "192.168.1.13" -func TestAccCCENodesV3_basic(t *testing.T) { +const resourceNameNode = "opentelekomcloud_cce_node_v3.node_1" +const resourceNameNode2 = "opentelekomcloud_cce_node_v3.node_2" + +func TestAccCCENodesV3Basic(t *testing.T) { var node nodes.Nodes - resName := "opentelekomcloud_cce_node_v3.node_1" resource.Test(t, resource.TestCase{ PreCheck: func() { testAccCCEKeyPairPreCheck(t) }, @@ -26,26 +28,26 @@ func TestAccCCENodesV3_basic(t *testing.T) { CheckDestroy: testAccCheckCCENodeV3Destroy, Steps: []resource.TestStep{ { - Config: testAccCCENodeV3_basic, + Config: testAccCCENodeV3Basic, Check: resource.ComposeTestCheckFunc( - testAccCheckCCENodeV3Exists(resName, "opentelekomcloud_cce_cluster_v3.cluster_1", &node), - resource.TestCheckResourceAttr(resName, "name", "test-node"), - resource.TestCheckResourceAttr(resName, "flavor_id", "s2.xlarge.2"), - resource.TestCheckResourceAttr(resName, "os", "EulerOS 2.5"), - resource.TestCheckResourceAttr(resName, "private_ip", privateIP), + testAccCheckCCENodeV3Exists(resourceNameNode, "opentelekomcloud_cce_cluster_v3.cluster_1", &node), + resource.TestCheckResourceAttr(resourceNameNode, "name", "test-node"), + resource.TestCheckResourceAttr(resourceNameNode, "flavor_id", "s2.xlarge.2"), + resource.TestCheckResourceAttr(resourceNameNode, "os", "EulerOS 2.5"), + resource.TestCheckResourceAttr(resourceNameNode, "private_ip", privateIP), ), }, { - Config: testAccCCENodeV3_update, + Config: testAccCCENodeV3Update, Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr(resName, "name", "test-node2"), + resource.TestCheckResourceAttr(resourceNameNode, "name", "test-node2"), ), }, }, }) } -func TestAccCCENodesV3_timeout(t *testing.T) { +func TestAccCCENodesV3Timeout(t *testing.T) { var node nodes.Nodes resource.Test(t, resource.TestCase{ @@ -54,15 +56,15 @@ func TestAccCCENodesV3_timeout(t *testing.T) { CheckDestroy: testAccCheckCCENodeV3Destroy, Steps: []resource.TestStep{ { - Config: testAccCCENodeV3_timeout, + Config: testAccCCENodeV3Timeout, Check: resource.ComposeTestCheckFunc( - testAccCheckCCENodeV3Exists("opentelekomcloud_cce_node_v3.node_1", "opentelekomcloud_cce_cluster_v3.cluster_1", &node), + testAccCheckCCENodeV3Exists(resourceNameNode, "opentelekomcloud_cce_cluster_v3.cluster_1", &node), ), }, }, }) } -func TestAccCCENodesV3_os(t *testing.T) { +func TestAccCCENodesV3OS(t *testing.T) { var node nodes.Nodes var node2 nodes.Nodes @@ -72,20 +74,19 @@ func TestAccCCENodesV3_os(t *testing.T) { CheckDestroy: testAccCheckCCENodeV3Destroy, Steps: []resource.TestStep{ { - Config: testAccCCENodeV3_os, + Config: testAccCCENodeV3OS, Check: resource.ComposeTestCheckFunc( - testAccCheckCCENodeV3Exists("opentelekomcloud_cce_node_v3.node_1", "opentelekomcloud_cce_cluster_v3.cluster_1", &node), - resource.TestCheckResourceAttr("opentelekomcloud_cce_node_v3.node_1", "os", "EulerOS 2.5"), - - testAccCheckCCENodeV3Exists("opentelekomcloud_cce_node_v3.node_2", "opentelekomcloud_cce_cluster_v3.cluster_1", &node2), - resource.TestCheckResourceAttr("opentelekomcloud_cce_node_v3.node_2", "os", "CentOS 7.7"), + testAccCheckCCENodeV3Exists(resourceNameNode, "opentelekomcloud_cce_cluster_v3.cluster_1", &node), + resource.TestCheckResourceAttr(resourceNameNode, "os", "EulerOS 2.5"), + testAccCheckCCENodeV3Exists(resourceNameNode2, "opentelekomcloud_cce_cluster_v3.cluster_1", &node2), + resource.TestCheckResourceAttr(resourceNameNode2, "os", "CentOS 7.7"), ), }, }, }) } -func TestAccCCENodesV3_bandWidthResize(t *testing.T) { +func TestAccCCENodesV3BandWidthResize(t *testing.T) { var node nodes.Nodes resource.Test(t, resource.TestCase{ @@ -94,20 +95,20 @@ func TestAccCCENodesV3_bandWidthResize(t *testing.T) { CheckDestroy: testAccCheckCCENodeV3Destroy, Steps: []resource.TestStep{ { - Config: testAccCCENodeV3_ip, + Config: testAccCCENodeV3Ip, Check: resource.ComposeTestCheckFunc( - testAccCheckCCENodeV3Exists("opentelekomcloud_cce_node_v3.node_1", "opentelekomcloud_cce_cluster_v3.cluster_1", &node), - resource.TestCheckResourceAttr("opentelekomcloud_cce_node_v3.node_1", "iptype", "5_bgp"), - resource.TestCheckResourceAttr("opentelekomcloud_cce_node_v3.node_1", "sharetype", "PER"), - resource.TestCheckResourceAttr("opentelekomcloud_cce_node_v3.node_1", "bandwidth_charge_mode", "traffic"), - resource.TestCheckResourceAttr("opentelekomcloud_cce_node_v3.node_1", "bandwidth_size", "100"), + testAccCheckCCENodeV3Exists(resourceNameNode, "opentelekomcloud_cce_cluster_v3.cluster_1", &node), + resource.TestCheckResourceAttr(resourceNameNode, "iptype", "5_bgp"), + resource.TestCheckResourceAttr(resourceNameNode, "sharetype", "PER"), + resource.TestCheckResourceAttr(resourceNameNode, "bandwidth_charge_mode", "traffic"), + resource.TestCheckResourceAttr(resourceNameNode, "bandwidth_size", "100"), ), }, { - Config: testAccCCENodeV3_bandWidthResize, + Config: testAccCCENodeV3BandWidthResize, Check: resource.ComposeTestCheckFunc( - testAccCheckCCENodeV3Exists("opentelekomcloud_cce_node_v3.node_1", "opentelekomcloud_cce_cluster_v3.cluster_1", &node), - resource.TestCheckResourceAttr("opentelekomcloud_cce_node_v3.node_1", "bandwidth_size", "10"), + testAccCheckCCENodeV3Exists(resourceNameNode, "opentelekomcloud_cce_cluster_v3.cluster_1", &node), + resource.TestCheckResourceAttr(resourceNameNode, "bandwidth_size", "10"), ), }, }, @@ -124,22 +125,22 @@ func TestAccCCENodesV3_eipIds(t *testing.T) { CheckDestroy: testAccCheckCCENodeV3Destroy, Steps: []resource.TestStep{ { - Config: testAccCCENodeV3_ipIds, + Config: testAccCCENodeV3IpIDs, Check: resource.ComposeTestCheckFunc( - testAccCheckCCENodeV3Exists("opentelekomcloud_cce_node_v3.node_1", "opentelekomcloud_cce_cluster_v3.cluster_1", &node), + testAccCheckCCENodeV3Exists(resourceNameNode, "opentelekomcloud_cce_cluster_v3.cluster_1", &node), ), }, { - Config: testAccCCENodeV3_eipIdsUnset, + Config: testAccCCENodeV3IpIDsUnset, Check: resource.ComposeTestCheckFunc( - testAccCheckCCENodeV3Exists("opentelekomcloud_cce_node_v3.node_1", "opentelekomcloud_cce_cluster_v3.cluster_1", &node), + testAccCheckCCENodeV3Exists(resourceNameNode, "opentelekomcloud_cce_cluster_v3.cluster_1", &node), ), }, }, }) } -func TestAccCCENodesV3_ipSetNull(t *testing.T) { +func TestAccCCENodesV3IpSetNull(t *testing.T) { var node nodes.Nodes resource.Test(t, resource.TestCase{ @@ -148,25 +149,25 @@ func TestAccCCENodesV3_ipSetNull(t *testing.T) { CheckDestroy: testAccCheckCCENodeV3Destroy, Steps: []resource.TestStep{ { - Config: testAccCCENodeV3_ip, + Config: testAccCCENodeV3Ip, Check: resource.ComposeTestCheckFunc( - testAccCheckCCENodeV3Exists("opentelekomcloud_cce_node_v3.node_1", "opentelekomcloud_cce_cluster_v3.cluster_1", &node), - resource.TestCheckResourceAttr("opentelekomcloud_cce_node_v3.node_1", "iptype", "5_bgp"), - resource.TestCheckResourceAttr("opentelekomcloud_cce_node_v3.node_1", "sharetype", "PER"), - resource.TestCheckResourceAttr("opentelekomcloud_cce_node_v3.node_1", "bandwidth_charge_mode", "traffic"), + testAccCheckCCENodeV3Exists(resourceNameNode, "opentelekomcloud_cce_cluster_v3.cluster_1", &node), + resource.TestCheckResourceAttr(resourceNameNode, "iptype", "5_bgp"), + resource.TestCheckResourceAttr(resourceNameNode, "sharetype", "PER"), + resource.TestCheckResourceAttr(resourceNameNode, "bandwidth_charge_mode", "traffic"), ), }, { - Config: testAccCCENodeV3_ipUnset, + Config: testAccCCENodeV3IpUnset, Check: resource.ComposeTestCheckFunc( - testAccCheckCCENodeV3Exists("opentelekomcloud_cce_node_v3.node_1", "opentelekomcloud_cce_cluster_v3.cluster_1", &node), + testAccCheckCCENodeV3Exists(resourceNameNode, "opentelekomcloud_cce_cluster_v3.cluster_1", &node), ), }, }, }) } -func TestAccCCENodesV3_ipCreate(t *testing.T) { +func TestAccCCENodesV3IpCreate(t *testing.T) { var node nodes.Nodes resource.Test(t, resource.TestCase{ @@ -175,22 +176,43 @@ func TestAccCCENodesV3_ipCreate(t *testing.T) { CheckDestroy: testAccCheckCCENodeV3Destroy, Steps: []resource.TestStep{ { - Config: testAccCCENodeV3_ipUnset, + Config: testAccCCENodeV3IpUnset, + Check: resource.ComposeTestCheckFunc( + testAccCheckCCENodeV3Exists(resourceNameNode, "opentelekomcloud_cce_cluster_v3.cluster_1", &node), + ), + }, + { + Config: testAccCCENodeV3Ip, Check: resource.ComposeTestCheckFunc( - testAccCheckCCENodeV3Exists("opentelekomcloud_cce_node_v3.node_1", "opentelekomcloud_cce_cluster_v3.cluster_1", &node), + testAccCheckCCENodeV3Exists(resourceNameNode, "opentelekomcloud_cce_cluster_v3.cluster_1", &node), ), }, + }, + }) +} + +func TestAccCCENodesV3IpWithExtendedParameters(t *testing.T) { + var node nodes.Nodes + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccCCEKeyPairPreCheck(t) }, + ProviderFactories: common.TestAccProviderFactories, + CheckDestroy: testAccCheckCCENodeV3Destroy, + Steps: []resource.TestStep{ { - Config: testAccCCENodeV3_ip, + Config: testAccCCENodeV3IpParams, Check: resource.ComposeTestCheckFunc( - testAccCheckCCENodeV3Exists("opentelekomcloud_cce_node_v3.node_1", "opentelekomcloud_cce_cluster_v3.cluster_1", &node), + testAccCheckCCENodeV3Exists(resourceNameNode, "opentelekomcloud_cce_cluster_v3.cluster_1", &node), + resource.TestCheckResourceAttr(resourceNameNode, "iptype", "5_bgp"), + resource.TestCheckResourceAttr(resourceNameNode, "sharetype", "PER"), + resource.TestCheckResourceAttr(resourceNameNode, "bandwidth_charge_mode", "traffic"), ), }, }, }) } -func TestAccCCENodesV3_ipWithExtendedParameters(t *testing.T) { +func TestAccCCENodesV3IpNulls(t *testing.T) { var node nodes.Nodes resource.Test(t, resource.TestCase{ @@ -199,19 +221,16 @@ func TestAccCCENodesV3_ipWithExtendedParameters(t *testing.T) { CheckDestroy: testAccCheckCCENodeV3Destroy, Steps: []resource.TestStep{ { - Config: testAccCCENodeV3_ipParams, + Config: testAccCCENodeV3IpNull, Check: resource.ComposeTestCheckFunc( - testAccCheckCCENodeV3Exists("opentelekomcloud_cce_node_v3.node_1", "opentelekomcloud_cce_cluster_v3.cluster_1", &node), - resource.TestCheckResourceAttr("opentelekomcloud_cce_node_v3.node_1", "iptype", "5_bgp"), - resource.TestCheckResourceAttr("opentelekomcloud_cce_node_v3.node_1", "sharetype", "PER"), - resource.TestCheckResourceAttr("opentelekomcloud_cce_node_v3.node_1", "bandwidth_charge_mode", "traffic"), + testAccCheckCCENodeV3Exists(resourceNameNode, "opentelekomcloud_cce_cluster_v3.cluster_1", &node), ), }, }, }) } -func TestAccCCENodesV3_ipNulls(t *testing.T) { +func TestAccCCENodesV3EncryptedVolume(t *testing.T) { var node nodes.Nodes resource.Test(t, resource.TestCase{ @@ -220,9 +239,10 @@ func TestAccCCENodesV3_ipNulls(t *testing.T) { CheckDestroy: testAccCheckCCENodeV3Destroy, Steps: []resource.TestStep{ { - Config: testAccCCENodeV3_ipNull, + Config: testAccCCENodeV3EncryptedVolume, Check: resource.ComposeTestCheckFunc( - testAccCheckCCENodeV3Exists("opentelekomcloud_cce_node_v3.node_1", "opentelekomcloud_cce_cluster_v3.cluster_1", &node), + testAccCheckCCENodeV3Exists(resourceNameNode, "opentelekomcloud_cce_cluster_v3.cluster_1", &node), + resource.TestCheckResourceAttr(resourceNameNode, "data_volumes.0.kms_id", env.OS_KMS_ID), ), }, }, @@ -231,23 +251,22 @@ func TestAccCCENodesV3_ipNulls(t *testing.T) { func testAccCheckCCENodeV3Destroy(s *terraform.State) error { config := common.TestAccProvider.Meta().(*cfg.Config) - cceClient, err := config.CceV3Client(env.OS_REGION_NAME) + client, err := config.CceV3Client(env.OS_REGION_NAME) if err != nil { return fmt.Errorf("error creating OpenTelekomCloud CCE client: %s", err) } - var clusterId string - + var clusterID string for _, rs := range s.RootModule().Resources { if rs.Type == "opentelekomcloud_cce_cluster_v3" { - clusterId = rs.Primary.ID + clusterID = rs.Primary.ID } if rs.Type != "opentelekomcloud_cce_node_v3" { continue } - _, err := nodes.Get(cceClient, clusterId, rs.Primary.ID).Extract() + _, err := nodes.Get(client, clusterID, rs.Primary.ID).Extract() if err == nil { return fmt.Errorf("node still exists") } @@ -275,12 +294,12 @@ func testAccCheckCCENodeV3Exists(n string, cluster string, node *nodes.Nodes) re } config := common.TestAccProvider.Meta().(*cfg.Config) - cceClient, err := config.CceV3Client(env.OS_REGION_NAME) + client, err := config.CceV3Client(env.OS_REGION_NAME) if err != nil { return fmt.Errorf("error creating OpenTelekomCloud CCE client: %s", err) } - found, err := nodes.Get(cceClient, c.Primary.ID, rs.Primary.ID).Extract() + found, err := nodes.Get(client, c.Primary.ID, rs.Primary.ID).Extract() if err != nil { return err } @@ -295,7 +314,8 @@ func testAccCheckCCENodeV3Exists(n string, cluster string, node *nodes.Nodes) re } } -var testAccCCENodeV3_os = fmt.Sprintf(` +var ( + testAccCCENodeV3OS = fmt.Sprintf(` resource "opentelekomcloud_cce_cluster_v3" "cluster_1" { name = "opentelekomcloud-cce" cluster_type = "VirtualMachine" @@ -349,8 +369,7 @@ resource "opentelekomcloud_cce_node_v3" "node_2" { `, env.OS_VPC_ID, env.OS_NETWORK_ID, env.OS_AVAILABILITY_ZONE, env.OS_KEYPAIR_NAME) -var ( - testAccCCENodeV3_basic = fmt.Sprintf(` + testAccCCENodeV3Basic = fmt.Sprintf(` resource "opentelekomcloud_cce_cluster_v3" "cluster_1" { name = "opentelekomcloud-cce" cluster_type = "VirtualMachine" @@ -383,7 +402,7 @@ resource "opentelekomcloud_cce_node_v3" "node_1" { private_ip = "%s" }`, env.OS_VPC_ID, env.OS_NETWORK_ID, env.OS_AVAILABILITY_ZONE, env.OS_KEYPAIR_NAME, privateIP) - testAccCCENodeV3_update = fmt.Sprintf(` + testAccCCENodeV3Update = fmt.Sprintf(` resource "opentelekomcloud_cce_cluster_v3" "cluster_1" { name = "opentelekomcloud-cce" cluster_type = "VirtualMachine" @@ -415,7 +434,7 @@ resource "opentelekomcloud_cce_node_v3" "node_1" { private_ip = "%s" }`, env.OS_VPC_ID, env.OS_NETWORK_ID, env.OS_AVAILABILITY_ZONE, env.OS_KEYPAIR_NAME, privateIP) - testAccCCENodeV3_timeout = fmt.Sprintf(` + testAccCCENodeV3Timeout = fmt.Sprintf(` resource "opentelekomcloud_cce_cluster_v3" "cluster_1" { name = "opentelekomcloud-cce" cluster_type = "VirtualMachine" @@ -449,7 +468,7 @@ resource "opentelekomcloud_cce_node_v3" "node_1" { } `, env.OS_VPC_ID, env.OS_NETWORK_ID, env.OS_AVAILABILITY_ZONE, env.OS_KEYPAIR_NAME) - testAccCCENodeV3_ip = fmt.Sprintf(` + testAccCCENodeV3Ip = fmt.Sprintf(` resource "opentelekomcloud_cce_cluster_v3" "cluster_1" { name = "opentelekomcloud-cce" cluster_type = "VirtualMachine" @@ -481,7 +500,7 @@ resource "opentelekomcloud_cce_node_v3" "node_1" { } `, env.OS_VPC_ID, env.OS_NETWORK_ID, env.OS_AVAILABILITY_ZONE, env.OS_KEYPAIR_NAME) - testAccCCENodeV3_bandWidthResize = fmt.Sprintf(` + testAccCCENodeV3BandWidthResize = fmt.Sprintf(` resource "opentelekomcloud_cce_cluster_v3" "cluster_1" { name = "opentelekomcloud-cce" cluster_type = "VirtualMachine" @@ -513,7 +532,7 @@ resource "opentelekomcloud_cce_node_v3" "node_1" { } `, env.OS_VPC_ID, env.OS_NETWORK_ID, env.OS_AVAILABILITY_ZONE, env.OS_KEYPAIR_NAME) - testAccCCENodeV3_ipUnset = fmt.Sprintf(` + testAccCCENodeV3IpUnset = fmt.Sprintf(` resource "opentelekomcloud_cce_cluster_v3" "cluster_1" { name = "opentelekomcloud-cce" cluster_type = "VirtualMachine" @@ -543,7 +562,7 @@ resource "opentelekomcloud_cce_node_v3" "node_1" { } `, env.OS_VPC_ID, env.OS_NETWORK_ID, env.OS_AVAILABILITY_ZONE, env.OS_KEYPAIR_NAME) - testAccCCENodeV3_ipParams = fmt.Sprintf(` + testAccCCENodeV3IpParams = fmt.Sprintf(` resource "opentelekomcloud_cce_cluster_v3" "cluster_1" { name = "opentelekomcloud-cce" cluster_type = "VirtualMachine" @@ -577,7 +596,7 @@ resource "opentelekomcloud_cce_node_v3" "node_1" { } `, env.OS_VPC_ID, env.OS_NETWORK_ID, env.OS_AVAILABILITY_ZONE, env.OS_KEYPAIR_NAME) - testAccCCENodeV3_ipNull = fmt.Sprintf(` + testAccCCENodeV3IpNull = fmt.Sprintf(` resource "opentelekomcloud_cce_cluster_v3" "cluster_1" { name = "opentelekomcloud-cce" cluster_type = "VirtualMachine" @@ -611,7 +630,7 @@ resource "opentelekomcloud_cce_node_v3" "node_1" { } `, env.OS_VPC_ID, env.OS_NETWORK_ID, env.OS_AVAILABILITY_ZONE, env.OS_KEYPAIR_NAME) - testAccCCENodeV3_ipIds = fmt.Sprintf(` + testAccCCENodeV3IpIDs = fmt.Sprintf(` resource "opentelekomcloud_networking_floatingip_v2" "fip_1" {} resource "opentelekomcloud_networking_floatingip_v2" "fip_2" {} @@ -646,7 +665,7 @@ resource "opentelekomcloud_cce_node_v3" "node_1" { } `, env.OS_VPC_ID, env.OS_NETWORK_ID, env.OS_AVAILABILITY_ZONE, env.OS_KEYPAIR_NAME) - testAccCCENodeV3_eipIdsUnset = fmt.Sprintf(` + testAccCCENodeV3IpIDsUnset = fmt.Sprintf(` resource "opentelekomcloud_networking_floatingip_v2" "fip_1" {} resource "opentelekomcloud_networking_floatingip_v2" "fip_2" {} @@ -679,4 +698,35 @@ resource "opentelekomcloud_cce_node_v3" "node_1" { } } `, env.OS_VPC_ID, env.OS_NETWORK_ID, env.OS_AVAILABILITY_ZONE, env.OS_KEYPAIR_NAME) + + testAccCCENodeV3EncryptedVolume = fmt.Sprintf(` +resource "opentelekomcloud_cce_cluster_v3" "cluster_1" { + name = "opentelekomcloud-cce-encryption" + cluster_type = "VirtualMachine" + flavor_id = "cce.s1.small" + vpc_id = "%s" + subnet_id = "%s" + + container_network_type = "overlay_l2" + authentication_mode = "rbac" +} + +resource "opentelekomcloud_cce_node_v3" "node_1" { + cluster_id = opentelekomcloud_cce_cluster_v3.cluster_1.id + flavor_id = "s2.xlarge.2" + availability_zone = "%s" + key_pair = "%s" + + root_volume { + size = 40 + volumetype = "SATA" + } + + data_volumes { + size = 100 + volumetype = "SATA" + kms_id = "%s" + } +} +`, env.OS_VPC_ID, env.OS_NETWORK_ID, env.OS_AVAILABILITY_ZONE, env.OS_KEYPAIR_NAME, env.OS_KMS_ID) ) diff --git a/opentelekomcloud/acceptance/env/vars.go b/opentelekomcloud/acceptance/env/vars.go index 1a883a9e2..75f9dd574 100644 --- a/opentelekomcloud/acceptance/env/vars.go +++ b/opentelekomcloud/acceptance/env/vars.go @@ -24,6 +24,7 @@ var ( OS_VPC_ID = os.Getenv("OS_VPC_ID") OS_SUBNET_ID = os.Getenv("OS_SUBNET_ID") OS_KEYPAIR_NAME = os.Getenv("OS_KEYPAIR_NAME") + OS_KMS_ID = os.Getenv("OS_KMS_ID") OS_BMS_FLAVOR_NAME = os.Getenv("OS_BMS_FLAVOR_NAME") OS_NIC_ID = os.Getenv("OS_NIC_ID") OS_TO_TENANT_ID = os.Getenv("OS_TO_TENANT_ID") diff --git a/opentelekomcloud/services/cce/resource_opentelekomcloud_cce_node_v3.go b/opentelekomcloud/services/cce/resource_opentelekomcloud_cce_node_v3.go index 92b069a8a..0141cd2b2 100644 --- a/opentelekomcloud/services/cce/resource_opentelekomcloud_cce_node_v3.go +++ b/opentelekomcloud/services/cce/resource_opentelekomcloud_cce_node_v3.go @@ -11,7 +11,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" - golangsdk "github.com/opentelekomcloud/gophertelekomcloud" + "github.com/opentelekomcloud/gophertelekomcloud" "github.com/opentelekomcloud/gophertelekomcloud/openstack/cce/v3/clusters" "github.com/opentelekomcloud/gophertelekomcloud/openstack/cce/v3/nodes" "github.com/opentelekomcloud/gophertelekomcloud/openstack/common/tags" @@ -135,6 +135,12 @@ func ResourceCCENodeV3() *schema.Resource { Required: true, ForceNew: true, }, + "kms_id": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + DefaultFunc: schema.EnvDefaultFunc("OS_KMS_ID", nil), + }, "extend_param": { Type: schema.TypeString, Optional: true, @@ -332,6 +338,12 @@ func resourceCCEDataVolume(d *schema.ResourceData) []nodes.VolumeSpec { VolumeType: rawMap["volumetype"].(string), ExtendParam: rawMap["extend_param"].(string), } + if kmsID := rawMap["kms_id"]; kmsID != "" { + volumes[i].Metadata = map[string]interface{}{ + "__system__cmkid": kmsID, + "__system__encrypted": "1", + } + } } return volumes } @@ -525,6 +537,9 @@ func resourceCCENodeV3Read(_ context.Context, d *schema.ResourceData, meta inter volume["size"] = dataVolume.Size volume["volumetype"] = dataVolume.VolumeType volume["extend_param"] = dataVolume.ExtendParam + if dataVolume.Metadata != nil { + volume["kms_id"] = dataVolume.Metadata["__system__cmkid"] + } volumes = append(volumes, volume) } if err := d.Set("data_volumes", volumes); err != nil {