Skip to content

Commit

Permalink
BR: Support encryption for restored ebs volumes (#48900) (#48938)
Browse files Browse the repository at this point in the history
close #48899
  • Loading branch information
ti-chi-bot authored Feb 7, 2024
1 parent 523a313 commit ffdba04
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 2 deletions.
3 changes: 2 additions & 1 deletion br/pkg/aws/ebs.go
Original file line number Diff line number Diff line change
Expand Up @@ -284,7 +284,7 @@ func (e *EC2Session) DeleteSnapshots(snapIDMap map[string]string) {
// CreateVolumes create volumes from snapshots
// if err happens in the middle, return half-done result
// returned map: store id -> old volume id -> new volume id
func (e *EC2Session) CreateVolumes(meta *config.EBSBasedBRMeta, volumeType string, iops, throughput int64, targetAZ string) (map[string]string, error) {
func (e *EC2Session) CreateVolumes(meta *config.EBSBasedBRMeta, volumeType string, iops, throughput int64, encrypted bool, targetAZ string) (map[string]string, error) {
template := ec2.CreateVolumeInput{
VolumeType: &volumeType,
}
Expand All @@ -294,6 +294,7 @@ func (e *EC2Session) CreateVolumes(meta *config.EBSBasedBRMeta, volumeType strin
if throughput > 0 {
template.SetThroughput(throughput)
}
template.Encrypted = &encrypted

newVolumeIDMap := make(map[string]string)
var mutex sync.Mutex
Expand Down
4 changes: 4 additions & 0 deletions br/pkg/task/restore.go
Original file line number Diff line number Diff line change
Expand Up @@ -216,6 +216,7 @@ type RestoreConfig struct {
VolumeType pconfig.EBSVolumeType `json:"volume-type" toml:"volume-type"`
VolumeIOPS int64 `json:"volume-iops" toml:"volume-iops"`
VolumeThroughput int64 `json:"volume-throughput" toml:"volume-throughput"`
VolumeEncrypted bool `json:"volume-encrypted" toml:"volume-encrypted"`
ProgressFile string `json:"progress-file" toml:"progress-file"`
TargetAZ string `json:"target-az" toml:"target-az"`
}
Expand Down Expand Up @@ -380,6 +381,9 @@ func (cfg *RestoreConfig) ParseFromFlags(flags *pflag.FlagSet) error {
if cfg.VolumeThroughput, err = flags.GetInt64(flagVolumeThroughput); err != nil {
return errors.Trace(err)
}
if cfg.VolumeEncrypted, err = flags.GetBool(flagVolumeEncrypted); err != nil {
return errors.Trace(err)
}

cfg.ProgressFile, err = flags.GetString(flagProgressFile)
if err != nil {
Expand Down
5 changes: 4 additions & 1 deletion br/pkg/task/restore_ebs_meta.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ const (
flagVolumeType = "volume-type"
flagVolumeIOPS = "volume-iops"
flagVolumeThroughput = "volume-throughput"
flagVolumeEncrypted = "volume-encrypted"
flagTargetAZ = "target-az"
)

Expand All @@ -54,6 +55,7 @@ func DefineRestoreSnapshotFlags(command *cobra.Command) {
command.Flags().String(flagVolumeType, string(config.GP3Volume), "volume type: gp3, io1, io2")
command.Flags().Int64(flagVolumeIOPS, 0, "volume iops(0 means default for that volume type)")
command.Flags().Int64(flagVolumeThroughput, 0, "volume throughout in MiB/s(0 means default for that volume type)")
command.Flags().Bool(flagVolumeEncrypted, false, "whether encryption is enabled for the volume")
command.Flags().String(flagProgressFile, "progress.txt", "the file name of progress file")
command.Flags().String(flagTargetAZ, "", "the target AZ for restored volumes")

Expand All @@ -65,6 +67,7 @@ func DefineRestoreSnapshotFlags(command *cobra.Command) {
_ = command.Flags().MarkHidden(flagVolumeType)
_ = command.Flags().MarkHidden(flagVolumeIOPS)
_ = command.Flags().MarkHidden(flagVolumeThroughput)
_ = command.Flags().MarkHidden(flagVolumeEncrypted)
_ = command.Flags().MarkHidden(flagProgressFile)
_ = command.Flags().MarkHidden(flagTargetAZ)
}
Expand Down Expand Up @@ -238,7 +241,7 @@ func (h *restoreEBSMetaHelper) restoreVolumes(progress glue.Progress) (map[strin
}
}()
volumeIDMap, err = ec2Session.CreateVolumes(h.metaInfo,
string(h.cfg.VolumeType), h.cfg.VolumeIOPS, h.cfg.VolumeThroughput, h.cfg.TargetAZ)
string(h.cfg.VolumeType), h.cfg.VolumeIOPS, h.cfg.VolumeThroughput, h.cfg.VolumeEncrypted, h.cfg.TargetAZ)
if err != nil {
return nil, 0, errors.Trace(err)
}
Expand Down

0 comments on commit ffdba04

Please sign in to comment.