Implemented changes for Linode Disk Encryption (re-merge) (linode#582)

* Implemented changes for LDE * Added tests * Fix lint * Addressed PR comments * fixed * Fixed docs * Removed default
zliang-akamai · Sep 11, 2024 · 1da8e49 · 1da8e49
1 parent 5b8caff
commit 1da8e49
Show file tree

Hide file tree

Showing 14 changed files with 264 additions and 5 deletions.
diff --git a/docs/modules/instance.md b/docs/modules/instance.md
@@ -149,6 +149,7 @@ Manage Linode Instances, Configs, and Disks.
 | `auto_disk_resize` | <center>`bool`</center> | <center>Optional</center> | Whether implicitly created disks should be resized during a type change operation.  **(Default: `False`)** |
 | `tags` | <center>`list`</center> | <center>Optional</center> | An array of tags applied to this object. Tags are for organizational purposes only.  **(Updatable)** |
 | [`placement_group` (sub-options)](#placement_group) | <center>`dict`</center> | <center>Optional</center> | A Placement Group to create this Linode under.   |
+| `disk_encryption` | <center>`str`</center> | <center>Optional</center> | The disk encryption status of this Linode. NOTE: Disk encryption may not currently be available to all users.  **(Choices: `enabled`, `disabled`)** |
 | `swap_size` | <center>`int`</center> | <center>Optional</center> | When deploying from an Image, this field is optional, otherwise it is ignored. This is used to set the swap disk size for the newly-created Linode.   |
 
 ### configs
@@ -274,6 +275,7 @@ Manage Linode Instances, Configs, and Disks.
 | `authorized_keys` | <center>`list`</center> | <center>Optional</center> | A list of SSH public key parts to deploy for the root user.   |
 | `authorized_users` | <center>`list`</center> | <center>Optional</center> | A list of usernames.   |
 | `filesystem` | <center>`str`</center> | <center>Optional</center> | The filesystem to create this disk with.   |
+| `disk_encryption` | <center>`str`</center> | <center>Optional</center> | The disk encryption status of this disk.NOTE: Disk encryption may not currently be available to all users.  **(Choices: `enabled`, `disabled`)** |
 | `image` | <center>`str`</center> | <center>Optional</center> | An Image ID to deploy the Disk from.   |
 | `root_pass` | <center>`str`</center> | <center>Optional</center> | The root user’s password on the newly-created Linode.   |
 | `stackscript_id` | <center>`int`</center> | <center>Optional</center> | The ID of the StackScript to use when creating the instance. See the [Linode API documentation](https://techdocs.akamai.com/linode-api/reference/get-stack-scripts).   |
@@ -354,6 +356,8 @@ Manage Linode Instances, Configs, and Disks.
             "placement_group_type": "anti_affinity:local",
             "placement_group_policy": "strict"
           }
+          "disk_encryption": "enabled",
+          "lke_cluster_id": null                      
         }
         ```
     - See the [Linode API response documentation](https://techdocs.akamai.com/linode-api/reference/get-linode-instance) for a list of returned fields
@@ -439,7 +443,8 @@ Manage Linode Instances, Configs, and Disks.
             "label": "Debian 9 Disk",
             "size": 48640,
             "status": "ready",
-            "updated": "2018-01-01T00:01:01"
+            "updated": "2018-01-01T00:01:01",
+            "disk_encryption": "enabled"
           }
         ]
         ```

diff --git a/docs/modules/instance_info.md b/docs/modules/instance_info.md
@@ -89,6 +89,8 @@ Get info about a Linode Instance.
             "placement_group_type": "anti_affinity:local",
             "placement_group_policy": "strict"
           }
+          "disk_encryption": "enabled",
+          "lke_cluster_id": null                      
         }
         ```
     - See the [Linode API response documentation](https://techdocs.akamai.com/linode-api/reference/get-linode-instance) for a list of returned fields
@@ -174,7 +176,8 @@ Get info about a Linode Instance.
             "label": "Debian 9 Disk",
             "size": 48640,
             "status": "ready",
-            "updated": "2018-01-01T00:01:01"
+            "updated": "2018-01-01T00:01:01",
+            "disk_encryption": "enabled"
           }
         ]
         ```

diff --git a/docs/modules/instance_list.md b/docs/modules/instance_list.md
@@ -94,7 +94,9 @@ List and filter on Instances.
               ],
               "type": "g6-standard-1",
               "updated": "2018-01-01T00:01:01",
-              "watchdog_enabled": true
+              "watchdog_enabled": true,
+              "disk_encryption": "enabled",
+              "lke_cluster_id": null
             }
         ]
         ```

diff --git a/docs/modules/lke_cluster.md b/docs/modules/lke_cluster.md
@@ -150,6 +150,7 @@ Manage Linode LKE clusters.
               "max": 12,
               "min": 3
             },
+            "disk_encryption": "enabled",
             "count": 6,
             "disks": [
               {

diff --git a/docs/modules/lke_cluster_info.md b/docs/modules/lke_cluster_info.md
@@ -77,6 +77,7 @@ Get info about a Linode LKE cluster.
               "max": 12,
               "min": 3
             },
+            "disk_encryption": "enabled",
             "count": 6,
             "disks": [
               {

diff --git a/docs/modules/lke_node_pool.md b/docs/modules/lke_node_pool.md
@@ -99,6 +99,7 @@ Manage Linode LKE cluster node pools.
             "max": 12,
             "min": 3
           },
+          "disk_encryption": "enabled",
           "count": 6,
           "disks": [
             {

diff --git a/plugins/module_utils/doc_fragments/instance.py b/plugins/module_utils/doc_fragments/instance.py
@@ -135,6 +135,8 @@
     "placement_group_type": "anti_affinity:local",
     "placement_group_policy": "strict"
   }
+  "disk_encryption": "enabled",
+  "lke_cluster_id": null                      
 }''']
 
 result_configs_samples = ['''[
@@ -206,7 +208,8 @@
     "label": "Debian 9 Disk",
     "size": 48640,
     "status": "ready",
-    "updated": "2018-01-01T00:01:01"
+    "updated": "2018-01-01T00:01:01",
+    "disk_encryption": "enabled"
   }
 ]''']
 

diff --git a/plugins/module_utils/doc_fragments/instance_list.py b/plugins/module_utils/doc_fragments/instance_list.py
@@ -53,6 +53,8 @@
       ],
       "type": "g6-standard-1",
       "updated": "2018-01-01T00:01:01",
-      "watchdog_enabled": true
+      "watchdog_enabled": true,
+      "disk_encryption": "enabled",
+      "lke_cluster_id": null
     }
 ]''']
diff --git a/plugins/module_utils/doc_fragments/lke_cluster.py b/plugins/module_utils/doc_fragments/lke_cluster.py
@@ -60,6 +60,7 @@
       "max": 12,
       "min": 3
     },
+    "disk_encryption": "enabled",
     "count": 6,
     "disks": [
       {

diff --git a/plugins/module_utils/doc_fragments/lke_node_pool.py b/plugins/module_utils/doc_fragments/lke_node_pool.py
@@ -35,6 +35,7 @@
     "max": 12,
     "min": 3
   },
+  "disk_encryption": "enabled",
   "count": 6,
   "disks": [
     {

diff --git a/plugins/modules/instance.py b/plugins/modules/instance.py
@@ -83,6 +83,12 @@
         type=FieldType.string,
         description=["The filesystem to create this disk with."],
     ),
+    "disk_encryption": SpecField(
+        type=FieldType.string,
+        description="The disk encryption status of this disk."
+        + "NOTE: Disk encryption may not currently be available to all users.",
+        choices=["enabled", "disabled"],
+    ),
     "image": SpecField(
         type=FieldType.string,
         description=["An Image ID to deploy the Disk from."],
@@ -523,6 +529,12 @@
         suboptions=linode_instance_placement_group_spec,
         description=["A Placement Group to create this Linode under."],
     ),
+    "disk_encryption": SpecField(
+        type=FieldType.string,
+        description="The disk encryption status of this Linode. "
+        + "NOTE: Disk encryption may not currently be available to all users.",
+        choices=["enabled", "disabled"],
+    ),
     "swap_size": SpecField(
         type=FieldType.integer,
         description=[

diff --git a/tests/integration/targets/instance_disk_encryption/tasks/main.yaml b/tests/integration/targets/instance_disk_encryption/tasks/main.yaml
@@ -0,0 +1,143 @@
+- name: instance_disk_encryption
+  block:
+    - set_fact:
+        r: "{{ 1000000000 | random }}"
+
+    - name: List regions that support Disk Encryption
+      linode.cloud.region_list: {}
+      register: all_regions
+
+    - set_fact:
+        lde_region: '{{ (all_regions.regions | selectattr("capabilities", "search", "Disk Encryption") | list)[0].id }}'
+
+    - name: Create a Linode instance with disk encryption set
+      linode.cloud.instance:
+        label: 'ansible-test-disk-encryption-{{ r }}'
+        region: '{{ lde_region }}'
+        type: g6-standard-1
+        image: linode/ubuntu22.04
+        private_ip: true
+        wait: false
+        state: present
+        firewall_id: '{{ firewall_id }}'
+        disk_encryption: 'enabled'
+      register: create_instance_with_disk_encryption
+
+    - name: Assert instance created
+      assert:
+        that:
+          - create_instance_with_disk_encryption.changed
+          - create_instance_with_disk_encryption.instance.disk_encryption == 'enabled'
+
+    - name: Create a Linode instance with explicit disks with disk encryption set
+      linode.cloud.instance:
+        label: 'ansible-test-disks-disk-encryption-{{ r }}'
+        region: '{{ lde_region }}'
+        type: g6-standard-1
+        booted: false
+        disks:
+          - label: test-disk
+            filesystem: ext4
+            size: 5000
+        state: present
+        firewall_id: '{{ firewall_id }}'
+        disk_encryption: 'enabled'
+      register: create_instance_disks_disk_encryption
+
+    - name: Assert instance created
+      assert:
+        that:
+          - create_instance_disks_disk_encryption.changed
+          - create_instance_disks_disk_encryption.instance.disk_encryption == 'enabled'
+          - create_instance_disks_disk_encryption.disks[0].disk_encryption == 'enabled'
+
+    - name: Create a small Linode instance with two disks that sum up to its max size
+      linode.cloud.instance:
+        label: 'ansible-test-disks-max-size-{{ r }}'
+        region: '{{ lde_region }}'
+        type: g6-nanode-1
+        booted: false
+        disks:
+          - label: test-disk-1
+            filesystem: ext4
+            size: 15000
+          - label: test-disk-2
+            filesystem: ext4
+            size: 10000
+        state: present
+        firewall_id: '{{ firewall_id }}'
+        disk_encryption: 'enabled'
+      register: create_instance_disks_max_size
+
+    - name: Assert instance created
+      assert:
+        that:
+          - create_instance_disks_max_size.changed
+          - create_instance_disks_max_size.disks[0].size == 15000
+          - create_instance_disks_max_size.disks[1].size == 10000
+
+    - name: Update the instance to resize test-disk-1 and test-disk-2
+      linode.cloud.instance:
+        label: "{{ create_instance_disks_max_size.instance.label }}"
+        disks:
+          - label: test-disk-1
+            filesystem: ext4
+            size: 14500
+          - label: test-disk-2
+            filesystem: ext4
+            size: 10500
+        state: present
+      register: resize_disks
+
+    - name: Assert instance created
+      assert:
+        that:
+          - resize_disks.changed
+          - resize_disks.disks[0].size == 14500
+          - resize_disks.disks[1].size == 10500
+
+  always:
+    - ignore_errors: yes
+      block:
+        - name: Delete a Linode instance
+          linode.cloud.instance:
+            label: 'ansible-test-disk-encryption-{{ r }}'
+            state: absent
+          register: delete_disk_encryption
+
+        - name: Assert instance delete succeeded
+          assert:
+            that:
+              - delete_disk_encryption.changed
+              - delete_disk_encryption.instance.id == create_instance_with_disk_encryption.instance.id
+
+        - name: Delete a Linode instance
+          linode.cloud.instance:
+            label: 'ansible-test-disks-disk-encryption-{{ r }}'
+            state: absent
+          register: delete_disks_disk_encryption
+
+        - name: Assert instance delete succeeded
+          assert:
+            that:
+              - delete_disks_disk_encryption.changed
+              - delete_disks_disk_encryption.instance.id == create_instance_disks_disk_encryption.instance.id
+
+        - name: Delete a Linode instance
+          linode.cloud.instance:
+            label: 'ansible-test-disks-max-size-{{ r }}'
+            state: absent
+          register: delete_disks_max_size
+
+        - name: Assert instance delete succeeded
+          assert:
+            that:
+              - delete_disks_max_size.changed
+              - delete_disks_max_size.instance.id == create_instance_disks_max_size.instance.id
+
+  environment:
+    LINODE_UA_PREFIX: '{{ ua_prefix }}'
+    LINODE_API_TOKEN: '{{ api_token }}'
+    LINODE_API_URL: '{{ api_url }}'
+    LINODE_API_VERSION: '{{ api_version }}'
+    LINODE_CA: '{{ ca_file or "" }}'
diff --git a/tests/integration/targets/lke_cluster_basic/tasks/main.yaml b/tests/integration/targets/lke_cluster_basic/tasks/main.yaml
@@ -16,6 +16,13 @@
         # Sometimes only one LKE version is available for provisioning
         kube_version: '{{ lke_versions[1].id if lke_versions|length > 1 else lke_versions[0].id }}'
 
+    - name: List regions that support Disk Encryption
+      linode.cloud.region_list: {}
+      register: all_regions
+
+    - set_fact:
+        lde_region: '{{ (all_regions.regions | selectattr("capabilities", "search", "Disk Encryption") | list)[0].id }}'
+
     - name: Create a Linode LKE cluster
       linode.cloud.lke_cluster:
         label: 'ansible-test-{{ r }}'
@@ -172,6 +179,23 @@
           - info_by_label.node_pools[0].count == 1
           - info_by_label.node_pools[0].id == create_cluster.node_pools[0].id
 
+    - name: Create a Linode LKE cluster with a pool with disk encryption enabled
+      linode.cloud.lke_cluster:
+        label: 'ansible-test-de-{{ r }}'
+        region: '{{ lde_region }}'
+        k8s_version: '{{ old_kube_version }}'
+        node_pools:
+          - type: g6-standard-1
+            count: 3
+        skip_polling: true
+        state: present
+      register: create_cluster_disk_encryption
+
+    - name: Assert LKE cluster is created
+      assert:
+        that:
+          - create_cluster_disk_encryption.node_pools[0].disk_encryption == 'enabled'
+
   always:
     - ignore_errors: yes
       block:
@@ -180,6 +204,12 @@
             label: '{{ create_cluster.cluster.label }}'
             state: absent
 
+        - name: Delete the LKE cluster
+          linode.cloud.lke_cluster:
+            label: '{{ create_cluster_disk_encryption.cluster.label }}'
+            state: absent
+
+
   environment:
     LINODE_UA_PREFIX: '{{ ua_prefix }}'
     LINODE_API_TOKEN: '{{ api_token }}'