jlengrand/engine
1
0
Fork 0
mirror of https://github.com/jlengrand/engine.git synced 2026-03-10 08:11:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: adding rds disk encryption option

Browse Source
This commit is contained in:
Pierre Mavro
2021-12-21 00:45:55 +01:00
committed by Pierre Mavro
parent b4402cf03b
commit 3e8c93e902
18 changed files with 41 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/aws/services/mongodb/main.j2.tf
View File

@@ -90,6 +90,7 @@ resource "aws_docdb_cluster" "documentdb_cluster" {
master_username = var.username
engine = "docdb"
{%- endif %}
storage_encrypted = var.encrypt_disk
# Network
db_subnet_group_name = data.aws_subnet_ids.k8s_subnet_ids.id

6
lib/aws/services/mongodb/variables.j2.tf
View File

@@ -34,4 +34,10 @@ variable "password" {
description = "Admin password for the master DB user"
default = "{{ database_password }}"
type = string
}
variable "encrypt_disk" {
description = "Enable disk encryption"
default = "{{ encrypt_disk }}"
type = string
}

1
lib/aws/services/mysql/main.j2.tf
View File

@@ -87,6 +87,7 @@ resource "aws_db_instance" "mysql_instance" {
password = var.password
name = var.database_name
parameter_group_name = aws_db_parameter_group.mysql_parameter_group.name
storage_encrypted = var.encrypt_disk
{%- if snapshot is defined and snapshot["snapshot_id"] %}
# Snapshot
snapshot_identifier = var.snapshot_identifier

6
lib/aws/services/mysql/variables.j2.tf
View File

@@ -36,6 +36,12 @@ variable "storage_type" {
type = string
}
variable "encrypt_disk" {
description = "Enable disk encryption"
default = "{{ encrypt_disk }}"
type = string
}
variable "instance_class" {
description = "Type of instance: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html"
default = "{{database_instance_type}}"

1
lib/aws/services/postgresql/main.j2.tf
View File

@@ -73,6 +73,7 @@ resource "aws_db_instance" "postgresql_instance" {
delete = "60m"
}
password = var.password
storage_encrypted = var.encrypt_disk
{%- if snapshot and snapshot["snapshot_id"] %}
# Snapshot
snapshot_identifier = var.snapshot_identifier

6
lib/aws/services/postgresql/variables.j2.tf
View File

@@ -30,6 +30,12 @@ variable "storage_type" {
type = string
}
variable "encrypt_disk" {
description = "Enable disk encryption"
default = "{{ encrypt_disk }}"
type = string
}
variable "instance_class" {
description = "Type of instance: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html"
default = "{{ database_instance_type }}"

2
src/cloud_provider/aws/databases/mongodb.rs
View File

@@ -192,6 +192,7 @@ impl Service for MongoDB {
context.insert("database_disk_size_in_gib", &self.options.disk_size_in_gib);
context.insert("database_instance_type", &self.database_instance_type);
context.insert("database_disk_type", &self.options.database_disk_type);
context.insert("encrypt_disk", &self.options.encrypt_disk);
context.insert("database_ram_size_in_mib", &self.total_ram_in_mib);
context.insert("database_total_cpus", &self.total_cpus);
context.insert("database_fqdn", &self.options.host.as_str());
@@ -444,6 +445,7 @@ mod tests_mongodb {
mode: DatabaseMode::CONTAINER,
disk_size_in_gib: 10,
database_disk_type: "gp2".to_string(),
encrypt_disk: false,
activate_high_availability: false,
activate_backups: false,
publicly_accessible: false,

2
src/cloud_provider/aws/databases/mysql.rs
View File

@@ -202,6 +202,7 @@ impl Service for MySQL {
context.insert("database_disk_size_in_gib", &self.options.disk_size_in_gib);
context.insert("database_instance_type", &self.database_instance_type);
context.insert("database_disk_type", &self.options.database_disk_type);
context.insert("encrypt_disk", &self.options.encrypt_disk);
context.insert("database_name", &self.sanitized_name());
context.insert("database_ram_size_in_mib", &self.total_ram_in_mib);
context.insert("database_total_cpus", &self.total_cpus);
@@ -468,6 +469,7 @@ mod tests_mysql {
mode: DatabaseMode::MANAGED,
disk_size_in_gib: 10,
database_disk_type: "gp2".to_string(),
encrypt_disk: false,
activate_high_availability: false,
activate_backups: false,
publicly_accessible: false,

2
src/cloud_provider/aws/databases/postgresql.rs
View File

@@ -189,6 +189,7 @@ impl Service for PostgreSQL {
context.insert("database_disk_size_in_gib", &self.options.disk_size_in_gib);
context.insert("database_instance_type", &self.database_instance_type);
context.insert("database_disk_type", &self.options.database_disk_type);
context.insert("encrypt_disk", &self.options.encrypt_disk);
context.insert("database_ram_size_in_mib", &self.total_ram_in_mib);
context.insert("database_total_cpus", &self.total_cpus);
context.insert("database_fqdn", &self.options.host.as_str());
@@ -462,6 +463,7 @@ mod tests_postgres {
mode: DatabaseMode::MANAGED,
disk_size_in_gib: 10,
database_disk_type: "gp2".to_string(),
encrypt_disk: false,
activate_high_availability: false,
activate_backups: false,
publicly_accessible: false,

1
src/cloud_provider/aws/databases/redis.rs
View File

@@ -452,6 +452,7 @@ mod tests {
mode: DatabaseMode::MANAGED,
disk_size_in_gib: 10,
database_disk_type: "gp2".to_string(),
encrypt_disk: false,
activate_high_availability: false,
activate_backups: false,
publicly_accessible: false,

1
src/cloud_provider/service.rs
View File

@@ -228,6 +228,7 @@ pub struct DatabaseOptions {
pub mode: DatabaseMode,
pub disk_size_in_gib: u32,
pub database_disk_type: String,
pub encrypt_disk: bool,
pub activate_high_availability: bool,
pub activate_backups: bool,
pub publicly_accessible: bool,

2
src/models.rs
View File

@@ -609,6 +609,7 @@ pub struct Database {
pub disk_size_in_gib: u32,
pub database_instance_type: String,
pub database_disk_type: String,
pub encrypt_disk: bool,
#[serde(default)] // => false if not present in input
pub activate_high_availability: bool,
#[serde(default)] // => false if not present in input
@@ -631,6 +632,7 @@ impl Database {
port: self.port,
disk_size_in_gib: self.disk_size_in_gib,
database_disk_type: self.database_disk_type.clone(),
encrypt_disk: self.encrypt_disk,
activate_high_availability: self.activate_high_availability,
activate_backups: self.activate_backups,
publicly_accessible: self.publicly_accessible,

2
test_utilities/src/aws.rs
View File

@@ -23,7 +23,7 @@ pub const AWS_KUBERNETES_MAJOR_VERSION: u8 = 1;
pub const AWS_KUBERNETES_MINOR_VERSION: u8 = 18;
pub const AWS_KUBERNETES_VERSION: &'static str =
formatcp!("{}.{}", AWS_KUBERNETES_MAJOR_VERSION, AWS_KUBERNETES_MINOR_VERSION);
pub const AWS_DATABASE_INSTANCE_TYPE: &str = "db.t2.micro";
pub const AWS_DATABASE_INSTANCE_TYPE: &str = "db.t3.micro";
pub const AWS_DATABASE_DISK_TYPE: &str = "gp2";
pub fn container_registry_ecr(context: &Context) -> ECR {

5
test_utilities/src/common.rs
View File

@@ -429,6 +429,7 @@ pub fn environment_3_apps_3_routers_3_databases(
disk_size_in_gib: 10,
database_instance_type: database_instance_type.to_string(),
database_disk_type: database_disk_type.to_string(),
encrypt_disk: true,
activate_high_availability: false,
activate_backups: false,
publicly_accessible: false,
@@ -450,6 +451,7 @@ pub fn environment_3_apps_3_routers_3_databases(
disk_size_in_gib: 10,
database_instance_type: database_instance_type.to_string(),
database_disk_type: database_disk_type.to_string(),
encrypt_disk: true,
activate_high_availability: false,
activate_backups: false,
publicly_accessible: false,
@@ -471,6 +473,7 @@ pub fn environment_3_apps_3_routers_3_databases(
disk_size_in_gib: 10,
database_instance_type: database_instance_type.to_string(),
database_disk_type: database_disk_type.to_string(),
encrypt_disk: true,
activate_high_availability: false,
activate_backups: false,
publicly_accessible: false,
@@ -588,6 +591,7 @@ pub fn environnement_2_app_2_routers_1_psql(
disk_size_in_gib: 10,
database_instance_type: database_instance_type.to_string(),
database_disk_type: database_disk_type.to_string(),
encrypt_disk: true,
activate_high_availability: false,
activate_backups: false,
publicly_accessible: false,
@@ -971,6 +975,7 @@ pub fn test_db(
disk_size_in_gib: storage_size.clone(),
database_instance_type: db_instance_type.to_string(),
database_disk_type: db_disk_type.to_string(),
encrypt_disk: true,
activate_high_availability: false,
activate_backups: false,
publicly_accessible: is_public.clone(),

2
test_utilities/src/utilities.rs
View File

@@ -1084,7 +1084,7 @@ pub fn db_instance_type(provider_kind: Kind, db_kind: DatabaseKind, database_mod
match provider_kind {
Kind::Aws => match db_kind {
DatabaseKind::Mongodb => "db.t3.medium",
DatabaseKind::Mysql => "db.t2.micro",
DatabaseKind::Mysql => "db.t3.micro",
DatabaseKind::Postgresql => "db.t3.micro",
DatabaseKind::Redis => "cache.t3.micro",
},

1
tests/aws/aws_databases.rs
View File

@@ -400,6 +400,7 @@ fn postgresql_deploy_a_working_environment_and_redeploy() {
disk_size_in_gib: 10,
database_instance_type: "db.t2.micro".to_string(),
database_disk_type: "gp2".to_string(),
encrypt_disk: false,
activate_high_availability: false,
activate_backups: false,
publicly_accessible: false,

1
tests/digitalocean/do_databases.rs
View File

@@ -431,6 +431,7 @@ fn postgresql_deploy_a_working_environment_and_redeploy() {
DO_SELF_HOSTED_DATABASE_DISK_TYPE
}
.to_string(),
encrypt_disk: false,
activate_high_availability: false,
activate_backups: false,
publicly_accessible: false,

1
tests/scaleway/scw_databases.rs
View File

@@ -443,6 +443,7 @@ fn postgresql_deploy_a_working_environment_and_redeploy() {
SCW_SELF_HOSTED_DATABASE_DISK_TYPE
}
.to_string(),
encrypt_disk: false,
activate_high_availability: false,
activate_backups: false,
publicly_accessible: false,