From 3690533d4e28d4cae80def9c23bb08ed8ff18b18 Mon Sep 17 00:00:00 2001 From: naman-gupta Date: Fri, 24 Nov 2023 10:37:46 -0800 Subject: [PATCH] Support encryption for restored ebs volumes Signed-off-by: Naman Gupta --- br/pkg/aws/ebs.go | 3 ++- br/pkg/task/restore.go | 4 ++++ br/pkg/task/restore_ebs_meta.go | 5 ++++- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/br/pkg/aws/ebs.go b/br/pkg/aws/ebs.go index 9383b1123338a..12beb2c5967a5 100644 --- a/br/pkg/aws/ebs.go +++ b/br/pkg/aws/ebs.go @@ -285,7 +285,7 @@ func (e *EC2Session) DeleteSnapshots(snapIDMap map[string]string) { // CreateVolumes create volumes from snapshots // if err happens in the middle, return half-done result // returned map: store id -> old volume id -> new volume id -func (e *EC2Session) CreateVolumes(meta *config.EBSBasedBRMeta, volumeType string, iops, throughput int64, targetAZ string) (map[string]string, error) { +func (e *EC2Session) CreateVolumes(meta *config.EBSBasedBRMeta, volumeType string, iops, throughput int64, encrypted bool, targetAZ string) (map[string]string, error) { template := ec2.CreateVolumeInput{ VolumeType: &volumeType, } @@ -295,6 +295,7 @@ func (e *EC2Session) CreateVolumes(meta *config.EBSBasedBRMeta, volumeType strin if throughput > 0 { template.SetThroughput(throughput) } + template.Encrypted = &encrypted newVolumeIDMap := make(map[string]string) var mutex sync.Mutex diff --git a/br/pkg/task/restore.go b/br/pkg/task/restore.go index d96f129036114..7c88cc865945e 100644 --- a/br/pkg/task/restore.go +++ b/br/pkg/task/restore.go @@ -216,6 +216,7 @@ type RestoreConfig struct { VolumeType pconfig.EBSVolumeType `json:"volume-type" toml:"volume-type"` VolumeIOPS int64 `json:"volume-iops" toml:"volume-iops"` VolumeThroughput int64 `json:"volume-throughput" toml:"volume-throughput"` + VolumeEncrypted bool `json:"volume-encrypted" toml:"volume-encrypted"` ProgressFile string `json:"progress-file" toml:"progress-file"` TargetAZ string `json:"target-az" toml:"target-az"` } @@ -380,6 +381,9 @@ func (cfg *RestoreConfig) ParseFromFlags(flags *pflag.FlagSet) error { if cfg.VolumeThroughput, err = flags.GetInt64(flagVolumeThroughput); err != nil { return errors.Trace(err) } + if cfg.VolumeEncrypted, err = flags.GetBool(flagVolumeEncrypted); err != nil { + return errors.Trace(err) + } cfg.ProgressFile, err = flags.GetString(flagProgressFile) if err != nil { diff --git a/br/pkg/task/restore_ebs_meta.go b/br/pkg/task/restore_ebs_meta.go index 53286505b5b9c..4d092636ffcf3 100644 --- a/br/pkg/task/restore_ebs_meta.go +++ b/br/pkg/task/restore_ebs_meta.go @@ -41,6 +41,7 @@ const ( flagVolumeType = "volume-type" flagVolumeIOPS = "volume-iops" flagVolumeThroughput = "volume-throughput" + flagVolumeEncrypted = "volume-encrypted" flagTargetAZ = "target-az" ) @@ -54,6 +55,7 @@ func DefineRestoreSnapshotFlags(command *cobra.Command) { command.Flags().String(flagVolumeType, string(config.GP3Volume), "volume type: gp3, io1, io2") command.Flags().Int64(flagVolumeIOPS, 0, "volume iops(0 means default for that volume type)") command.Flags().Int64(flagVolumeThroughput, 0, "volume throughout in MiB/s(0 means default for that volume type)") + command.Flags().Bool(flagVolumeEncrypted, false, "whether encryption is enabled for the volume") command.Flags().String(flagProgressFile, "progress.txt", "the file name of progress file") command.Flags().String(flagTargetAZ, "", "the target AZ for restored volumes") @@ -65,6 +67,7 @@ func DefineRestoreSnapshotFlags(command *cobra.Command) { _ = command.Flags().MarkHidden(flagVolumeType) _ = command.Flags().MarkHidden(flagVolumeIOPS) _ = command.Flags().MarkHidden(flagVolumeThroughput) + _ = command.Flags().MarkHidden(flagVolumeEncrypted) _ = command.Flags().MarkHidden(flagProgressFile) _ = command.Flags().MarkHidden(flagTargetAZ) } @@ -238,7 +241,7 @@ func (h *restoreEBSMetaHelper) restoreVolumes(progress glue.Progress) (map[strin } }() volumeIDMap, err = ec2Session.CreateVolumes(h.metaInfo, - string(h.cfg.VolumeType), h.cfg.VolumeIOPS, h.cfg.VolumeThroughput, h.cfg.TargetAZ) + string(h.cfg.VolumeType), h.cfg.VolumeIOPS, h.cfg.VolumeThroughput, h.cfg.VolumeEncrypted, h.cfg.TargetAZ) if err != nil { return nil, 0, errors.Trace(err) }