From 1da8e4969e9e7ec3999a44d1cef71d1b3d71f09b Mon Sep 17 00:00:00 2001 From: Erik Zilber Date: Wed, 11 Sep 2024 15:48:00 -0400 Subject: [PATCH] Implemented changes for Linode Disk Encryption (re-merge) (#582) * Implemented changes for LDE * Added tests * Fix lint * Addressed PR comments * fixed * Fixed docs * Removed default --- docs/modules/instance.md | 7 +- docs/modules/instance_info.md | 5 +- docs/modules/instance_list.md | 4 +- docs/modules/lke_cluster.md | 1 + docs/modules/lke_cluster_info.md | 1 + docs/modules/lke_node_pool.md | 1 + .../module_utils/doc_fragments/instance.py | 5 +- .../doc_fragments/instance_list.py | 4 +- .../module_utils/doc_fragments/lke_cluster.py | 1 + .../doc_fragments/lke_node_pool.py | 1 + plugins/modules/instance.py | 12 ++ .../instance_disk_encryption/tasks/main.yaml | 143 ++++++++++++++++++ .../targets/lke_cluster_basic/tasks/main.yaml | 30 ++++ .../lke_node_pool_basic/tasks/main.yaml | 54 +++++++ 14 files changed, 264 insertions(+), 5 deletions(-) create mode 100644 tests/integration/targets/instance_disk_encryption/tasks/main.yaml diff --git a/docs/modules/instance.md b/docs/modules/instance.md index 581e93f2..919e66ee 100644 --- a/docs/modules/instance.md +++ b/docs/modules/instance.md @@ -149,6 +149,7 @@ Manage Linode Instances, Configs, and Disks. | `auto_disk_resize` |
`bool`
|
Optional
| Whether implicitly created disks should be resized during a type change operation. **(Default: `False`)** | | `tags` |
`list`
|
Optional
| An array of tags applied to this object. Tags are for organizational purposes only. **(Updatable)** | | [`placement_group` (sub-options)](#placement_group) |
`dict`
|
Optional
| A Placement Group to create this Linode under. | +| `disk_encryption` |
`str`
|
Optional
| The disk encryption status of this Linode. NOTE: Disk encryption may not currently be available to all users. **(Choices: `enabled`, `disabled`)** | | `swap_size` |
`int`
|
Optional
| When deploying from an Image, this field is optional, otherwise it is ignored. This is used to set the swap disk size for the newly-created Linode. | ### configs @@ -274,6 +275,7 @@ Manage Linode Instances, Configs, and Disks. | `authorized_keys` |
`list`
|
Optional
| A list of SSH public key parts to deploy for the root user. | | `authorized_users` |
`list`
|
Optional
| A list of usernames. | | `filesystem` |
`str`
|
Optional
| The filesystem to create this disk with. | +| `disk_encryption` |
`str`
|
Optional
| The disk encryption status of this disk.NOTE: Disk encryption may not currently be available to all users. **(Choices: `enabled`, `disabled`)** | | `image` |
`str`
|
Optional
| An Image ID to deploy the Disk from. | | `root_pass` |
`str`
|
Optional
| The root user’s password on the newly-created Linode. | | `stackscript_id` |
`int`
|
Optional
| The ID of the StackScript to use when creating the instance. See the [Linode API documentation](https://techdocs.akamai.com/linode-api/reference/get-stack-scripts). | @@ -354,6 +356,8 @@ Manage Linode Instances, Configs, and Disks. "placement_group_type": "anti_affinity:local", "placement_group_policy": "strict" } + "disk_encryption": "enabled", + "lke_cluster_id": null } ``` - See the [Linode API response documentation](https://techdocs.akamai.com/linode-api/reference/get-linode-instance) for a list of returned fields @@ -439,7 +443,8 @@ Manage Linode Instances, Configs, and Disks. "label": "Debian 9 Disk", "size": 48640, "status": "ready", - "updated": "2018-01-01T00:01:01" + "updated": "2018-01-01T00:01:01", + "disk_encryption": "enabled" } ] ``` diff --git a/docs/modules/instance_info.md b/docs/modules/instance_info.md index 93578f0b..2bb5b53e 100644 --- a/docs/modules/instance_info.md +++ b/docs/modules/instance_info.md @@ -89,6 +89,8 @@ Get info about a Linode Instance. "placement_group_type": "anti_affinity:local", "placement_group_policy": "strict" } + "disk_encryption": "enabled", + "lke_cluster_id": null } ``` - See the [Linode API response documentation](https://techdocs.akamai.com/linode-api/reference/get-linode-instance) for a list of returned fields @@ -174,7 +176,8 @@ Get info about a Linode Instance. "label": "Debian 9 Disk", "size": 48640, "status": "ready", - "updated": "2018-01-01T00:01:01" + "updated": "2018-01-01T00:01:01", + "disk_encryption": "enabled" } ] ``` diff --git a/docs/modules/instance_list.md b/docs/modules/instance_list.md index e0b63c07..156a41a3 100644 --- a/docs/modules/instance_list.md +++ b/docs/modules/instance_list.md @@ -94,7 +94,9 @@ List and filter on Instances. ], "type": "g6-standard-1", "updated": "2018-01-01T00:01:01", - "watchdog_enabled": true + "watchdog_enabled": true, + "disk_encryption": "enabled", + "lke_cluster_id": null } ] ``` diff --git a/docs/modules/lke_cluster.md b/docs/modules/lke_cluster.md index 6bebdbab..bf02a695 100644 --- a/docs/modules/lke_cluster.md +++ b/docs/modules/lke_cluster.md @@ -150,6 +150,7 @@ Manage Linode LKE clusters. "max": 12, "min": 3 }, + "disk_encryption": "enabled", "count": 6, "disks": [ { diff --git a/docs/modules/lke_cluster_info.md b/docs/modules/lke_cluster_info.md index 3c395fce..23dbfe75 100644 --- a/docs/modules/lke_cluster_info.md +++ b/docs/modules/lke_cluster_info.md @@ -77,6 +77,7 @@ Get info about a Linode LKE cluster. "max": 12, "min": 3 }, + "disk_encryption": "enabled", "count": 6, "disks": [ { diff --git a/docs/modules/lke_node_pool.md b/docs/modules/lke_node_pool.md index 4d0c0b86..c86314e2 100644 --- a/docs/modules/lke_node_pool.md +++ b/docs/modules/lke_node_pool.md @@ -99,6 +99,7 @@ Manage Linode LKE cluster node pools. "max": 12, "min": 3 }, + "disk_encryption": "enabled", "count": 6, "disks": [ { diff --git a/plugins/module_utils/doc_fragments/instance.py b/plugins/module_utils/doc_fragments/instance.py index f13bf3d3..a71d3fa9 100644 --- a/plugins/module_utils/doc_fragments/instance.py +++ b/plugins/module_utils/doc_fragments/instance.py @@ -135,6 +135,8 @@ "placement_group_type": "anti_affinity:local", "placement_group_policy": "strict" } + "disk_encryption": "enabled", + "lke_cluster_id": null }'''] result_configs_samples = ['''[ @@ -206,7 +208,8 @@ "label": "Debian 9 Disk", "size": 48640, "status": "ready", - "updated": "2018-01-01T00:01:01" + "updated": "2018-01-01T00:01:01", + "disk_encryption": "enabled" } ]'''] diff --git a/plugins/module_utils/doc_fragments/instance_list.py b/plugins/module_utils/doc_fragments/instance_list.py index d69ef97c..41191845 100644 --- a/plugins/module_utils/doc_fragments/instance_list.py +++ b/plugins/module_utils/doc_fragments/instance_list.py @@ -53,6 +53,8 @@ ], "type": "g6-standard-1", "updated": "2018-01-01T00:01:01", - "watchdog_enabled": true + "watchdog_enabled": true, + "disk_encryption": "enabled", + "lke_cluster_id": null } ]'''] diff --git a/plugins/module_utils/doc_fragments/lke_cluster.py b/plugins/module_utils/doc_fragments/lke_cluster.py index f9b9ba8f..2a89d0b7 100644 --- a/plugins/module_utils/doc_fragments/lke_cluster.py +++ b/plugins/module_utils/doc_fragments/lke_cluster.py @@ -60,6 +60,7 @@ "max": 12, "min": 3 }, + "disk_encryption": "enabled", "count": 6, "disks": [ { diff --git a/plugins/module_utils/doc_fragments/lke_node_pool.py b/plugins/module_utils/doc_fragments/lke_node_pool.py index d58bb9fd..e7d86544 100644 --- a/plugins/module_utils/doc_fragments/lke_node_pool.py +++ b/plugins/module_utils/doc_fragments/lke_node_pool.py @@ -35,6 +35,7 @@ "max": 12, "min": 3 }, + "disk_encryption": "enabled", "count": 6, "disks": [ { diff --git a/plugins/modules/instance.py b/plugins/modules/instance.py index eeb38bc6..d7740953 100644 --- a/plugins/modules/instance.py +++ b/plugins/modules/instance.py @@ -83,6 +83,12 @@ type=FieldType.string, description=["The filesystem to create this disk with."], ), + "disk_encryption": SpecField( + type=FieldType.string, + description="The disk encryption status of this disk." + + "NOTE: Disk encryption may not currently be available to all users.", + choices=["enabled", "disabled"], + ), "image": SpecField( type=FieldType.string, description=["An Image ID to deploy the Disk from."], @@ -523,6 +529,12 @@ suboptions=linode_instance_placement_group_spec, description=["A Placement Group to create this Linode under."], ), + "disk_encryption": SpecField( + type=FieldType.string, + description="The disk encryption status of this Linode. " + + "NOTE: Disk encryption may not currently be available to all users.", + choices=["enabled", "disabled"], + ), "swap_size": SpecField( type=FieldType.integer, description=[ diff --git a/tests/integration/targets/instance_disk_encryption/tasks/main.yaml b/tests/integration/targets/instance_disk_encryption/tasks/main.yaml new file mode 100644 index 00000000..cbb92667 --- /dev/null +++ b/tests/integration/targets/instance_disk_encryption/tasks/main.yaml @@ -0,0 +1,143 @@ +- name: instance_disk_encryption + block: + - set_fact: + r: "{{ 1000000000 | random }}" + + - name: List regions that support Disk Encryption + linode.cloud.region_list: {} + register: all_regions + + - set_fact: + lde_region: '{{ (all_regions.regions | selectattr("capabilities", "search", "Disk Encryption") | list)[0].id }}' + + - name: Create a Linode instance with disk encryption set + linode.cloud.instance: + label: 'ansible-test-disk-encryption-{{ r }}' + region: '{{ lde_region }}' + type: g6-standard-1 + image: linode/ubuntu22.04 + private_ip: true + wait: false + state: present + firewall_id: '{{ firewall_id }}' + disk_encryption: 'enabled' + register: create_instance_with_disk_encryption + + - name: Assert instance created + assert: + that: + - create_instance_with_disk_encryption.changed + - create_instance_with_disk_encryption.instance.disk_encryption == 'enabled' + + - name: Create a Linode instance with explicit disks with disk encryption set + linode.cloud.instance: + label: 'ansible-test-disks-disk-encryption-{{ r }}' + region: '{{ lde_region }}' + type: g6-standard-1 + booted: false + disks: + - label: test-disk + filesystem: ext4 + size: 5000 + state: present + firewall_id: '{{ firewall_id }}' + disk_encryption: 'enabled' + register: create_instance_disks_disk_encryption + + - name: Assert instance created + assert: + that: + - create_instance_disks_disk_encryption.changed + - create_instance_disks_disk_encryption.instance.disk_encryption == 'enabled' + - create_instance_disks_disk_encryption.disks[0].disk_encryption == 'enabled' + + - name: Create a small Linode instance with two disks that sum up to its max size + linode.cloud.instance: + label: 'ansible-test-disks-max-size-{{ r }}' + region: '{{ lde_region }}' + type: g6-nanode-1 + booted: false + disks: + - label: test-disk-1 + filesystem: ext4 + size: 15000 + - label: test-disk-2 + filesystem: ext4 + size: 10000 + state: present + firewall_id: '{{ firewall_id }}' + disk_encryption: 'enabled' + register: create_instance_disks_max_size + + - name: Assert instance created + assert: + that: + - create_instance_disks_max_size.changed + - create_instance_disks_max_size.disks[0].size == 15000 + - create_instance_disks_max_size.disks[1].size == 10000 + + - name: Update the instance to resize test-disk-1 and test-disk-2 + linode.cloud.instance: + label: "{{ create_instance_disks_max_size.instance.label }}" + disks: + - label: test-disk-1 + filesystem: ext4 + size: 14500 + - label: test-disk-2 + filesystem: ext4 + size: 10500 + state: present + register: resize_disks + + - name: Assert instance created + assert: + that: + - resize_disks.changed + - resize_disks.disks[0].size == 14500 + - resize_disks.disks[1].size == 10500 + + always: + - ignore_errors: yes + block: + - name: Delete a Linode instance + linode.cloud.instance: + label: 'ansible-test-disk-encryption-{{ r }}' + state: absent + register: delete_disk_encryption + + - name: Assert instance delete succeeded + assert: + that: + - delete_disk_encryption.changed + - delete_disk_encryption.instance.id == create_instance_with_disk_encryption.instance.id + + - name: Delete a Linode instance + linode.cloud.instance: + label: 'ansible-test-disks-disk-encryption-{{ r }}' + state: absent + register: delete_disks_disk_encryption + + - name: Assert instance delete succeeded + assert: + that: + - delete_disks_disk_encryption.changed + - delete_disks_disk_encryption.instance.id == create_instance_disks_disk_encryption.instance.id + + - name: Delete a Linode instance + linode.cloud.instance: + label: 'ansible-test-disks-max-size-{{ r }}' + state: absent + register: delete_disks_max_size + + - name: Assert instance delete succeeded + assert: + that: + - delete_disks_max_size.changed + - delete_disks_max_size.instance.id == create_instance_disks_max_size.instance.id + + environment: + LINODE_UA_PREFIX: '{{ ua_prefix }}' + LINODE_API_TOKEN: '{{ api_token }}' + LINODE_API_URL: '{{ api_url }}' + LINODE_API_VERSION: '{{ api_version }}' + LINODE_CA: '{{ ca_file or "" }}' \ No newline at end of file diff --git a/tests/integration/targets/lke_cluster_basic/tasks/main.yaml b/tests/integration/targets/lke_cluster_basic/tasks/main.yaml index 9f1e0597..203f3eba 100644 --- a/tests/integration/targets/lke_cluster_basic/tasks/main.yaml +++ b/tests/integration/targets/lke_cluster_basic/tasks/main.yaml @@ -16,6 +16,13 @@ # Sometimes only one LKE version is available for provisioning kube_version: '{{ lke_versions[1].id if lke_versions|length > 1 else lke_versions[0].id }}' + - name: List regions that support Disk Encryption + linode.cloud.region_list: {} + register: all_regions + + - set_fact: + lde_region: '{{ (all_regions.regions | selectattr("capabilities", "search", "Disk Encryption") | list)[0].id }}' + - name: Create a Linode LKE cluster linode.cloud.lke_cluster: label: 'ansible-test-{{ r }}' @@ -172,6 +179,23 @@ - info_by_label.node_pools[0].count == 1 - info_by_label.node_pools[0].id == create_cluster.node_pools[0].id + - name: Create a Linode LKE cluster with a pool with disk encryption enabled + linode.cloud.lke_cluster: + label: 'ansible-test-de-{{ r }}' + region: '{{ lde_region }}' + k8s_version: '{{ old_kube_version }}' + node_pools: + - type: g6-standard-1 + count: 3 + skip_polling: true + state: present + register: create_cluster_disk_encryption + + - name: Assert LKE cluster is created + assert: + that: + - create_cluster_disk_encryption.node_pools[0].disk_encryption == 'enabled' + always: - ignore_errors: yes block: @@ -180,6 +204,12 @@ label: '{{ create_cluster.cluster.label }}' state: absent + - name: Delete the LKE cluster + linode.cloud.lke_cluster: + label: '{{ create_cluster_disk_encryption.cluster.label }}' + state: absent + + environment: LINODE_UA_PREFIX: '{{ ua_prefix }}' LINODE_API_TOKEN: '{{ api_token }}' diff --git a/tests/integration/targets/lke_node_pool_basic/tasks/main.yaml b/tests/integration/targets/lke_node_pool_basic/tasks/main.yaml index ff0596eb..52b35ccc 100644 --- a/tests/integration/targets/lke_node_pool_basic/tasks/main.yaml +++ b/tests/integration/targets/lke_node_pool_basic/tasks/main.yaml @@ -10,6 +10,13 @@ - set_fact: kube_version: '{{ lke_versions.lke_versions[0].id }}' + - name: List regions that support Disk Encryption + linode.cloud.region_list: {} + register: all_regions + + - set_fact: + lde_region: '{{ (all_regions.regions | selectattr("capabilities", "search", "Disk Encryption") | list)[0].id }}' + - name: Create a minimal LKE cluster linode.cloud.lke_cluster: label: 'ansible-test-{{ r }}' @@ -107,6 +114,44 @@ - update_pool.node_pool.taints[0].value == 'updated' - update_pool.node_pool.taints[0].effect == 'PreferNoSchedule' + - name: Create a minimal LKE cluster + linode.cloud.lke_cluster: + label: 'ansible-test-de-{{ r }}' + region: '{{ lde_region }}' + k8s_version: '{{ kube_version }}' + node_pools: + - type: g6-standard-1 + count: 1 + skip_polling: true + state: present + register: create_cluster_de + + - name: Assert minimal LKE cluster is created + assert: + that: + - create_cluster_de.cluster.k8s_version == kube_version + - create_cluster_de.node_pools[0].type == 'g6-standard-1' + - create_cluster_de.node_pools[0].count == 1 + + - name: Add a node pool to the cluster + linode.cloud.lke_node_pool: + cluster_id: '{{ create_cluster_de.cluster.id }}' + + tags: ['my-pool'] + type: g6-standard-1 + count: 2 + state: present + register: new_pool_de + + - name: Assert node pool is added to cluster + assert: + that: + - new_pool_de.node_pool.count == 2 + - new_pool_de.node_pool.type == 'g6-standard-1' + - new_pool_de.node_pool.disk_encryption == 'enabled' + - new_pool_de.node_pool.nodes[0].status == 'ready' + - new_pool_de.node_pool.nodes[1].status == 'ready' + always: - ignore_errors: yes block: @@ -119,6 +164,15 @@ linode.cloud.lke_cluster: label: '{{ create_cluster.cluster.label }}' state: absent + - name: Delete the LKE cluster node pool + linode.cloud.lke_node_pool: + cluster_id: '{{ create_cluster_de.cluster.id }}' + tags: ['my-pool'] + state: absent + - name: Delete the LKE cluster + linode.cloud.lke_cluster: + label: '{{ create_cluster_de.cluster.label }}' + state: absent environment: LINODE_UA_PREFIX: '{{ ua_prefix }}'