Skip to content

Commit

Permalink
Support encryption in transit feature: Add a property when creating a…
Browse files Browse the repository at this point in the history 
… cluster (Azure#9894)

Co-authored-by: Zhenyu Zhou <zhezhou@microsoft.com>
  • Loading branch information
@aim-for-better @00Kai0
2 people authored and 00Kai0 committed Oct 12, 2020
1 parent 4d5827a commit ebab0b5
Show file tree
Hide file tree
Showing 4 changed files with 394 additions and 0 deletions.
26 changes: 26 additions & 0 deletions ...on/hdinsight/resource-manager/Microsoft.HDInsight/preview/2015-03-01-preview/cluster.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,9 @@
},
"Create cluster with custom network settings": {
"$ref": "./examples/CreateHDInsightClusterWithCustomNetworkSettings.json"
},
"Create cluster with encryption in transit": {
"$ref": "./examples/CreateHDInsightClusterWithEncryptionInTransit.json"
}
},
"parameters": [
Expand Down Expand Up @@ -1011,6 +1014,10 @@
"$ref": "#/definitions/DiskEncryptionProperties",
"description": "The disk encryption properties."
},
"encryptionInTransitProperties": {
"$ref": "#/definitions/EncryptionInTransitProperties",
"description": "The encryption-in-transit properties."
},
"minSupportedTlsVersion": {
"type": "string",
"description": "The minimal supported tls version."
Expand Down Expand Up @@ -1195,6 +1202,10 @@
"$ref": "#/definitions/DiskEncryptionProperties",
"description": "The disk encryption properties."
},
"encryptionInTransitProperties": {
"$ref": "#/definitions/EncryptionInTransitProperties",
"description": "The encryption-in-transit properties."
},
"minSupportedTlsVersion": {
"type": "string",
"description": "The minimal supported tls version."
Expand Down Expand Up @@ -1507,6 +1518,21 @@
"msiResourceId": {
"type": "string",
"description": "Resource ID of Managed Identity that is used to access the key vault."
},
"encryptionAtHost": {
"type": "boolean",
"default": false,
"description": "Indicates whether or not resource disk encryption is enabled."
}
}
},
"EncryptionInTransitProperties": {
"description": "The encryption-in-transit properties.",
"properties": {
"isEncryptionInTransitEnabled": {
"type": "boolean",
"default": false,
"description": "Indicates whether or not inter cluster node communication is encrypted in transit."
}
}
},
Expand Down
171 changes: 171 additions & 0 deletions ...ht/preview/2015-03-01-preview/examples/CreateHDInsightClusterWithEncryptionInTransit.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,171 @@
{
"parameters": {
"clusterName": "cluster1",
"resourceGroupName": "rg1",
"api-version": "2015-03-01-preview",
"subscriptionId": "subid",
"parameters": {
"properties": {
"clusterVersion": "3.6",
"osType": "Linux",
"tier": "Standard",
"clusterDefinition": {
"kind": "Hadoop",
"configurations": {
"gateway": {
"restAuthCredential.isEnabled": true,
"restAuthCredential.username": "admin",
"restAuthCredential.password": "**********"
}
}
},
"computeProfile": {
"roles": [
{
"name": "headnode",
"targetInstanceCount": 2,
"hardwareProfile": {
"vmSize": "Large"
},
"osProfile": {
"linuxOperatingSystemProfile": {
"username": "sshuser",
"password": "**********"
}
}
},
{
"name": "workernode",
"targetInstanceCount": 3,
"hardwareProfile": {
"vmSize": "Large"
},
"osProfile": {
"linuxOperatingSystemProfile": {
"username": "sshuser",
"password": "**********"
}
}
},
{
"name": "zookeepernode",
"targetInstanceCount": 3,
"hardwareProfile": {
"vmSize": "Small"
},
"osProfile": {
"linuxOperatingSystemProfile": {
"username": "sshuser",
"password": "**********"
}
}
}
]
},
"storageProfile": {
"storageaccounts": [
{
"name": "mystorage.blob.core.windows.net",
"isDefault": true,
"container": "default8525",
"key": "storagekey"
}
]
},
"encryptionInTransitProperties": {
"isEncryptionInTransitEnabled": true
}
}
}
},
"responses": {
"200": {
"headers": {
"location": "https://management.azure.com/subscriptions/subid/providers/Microsoft.HDInsight/pathToOperationResult"
},
"body": {
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.HDInsight/clusters/cluster1",
"name": "cluster1",
"type": "Microsoft.HDInsight/clusters",
"location": "South Central US",
"etag": "3b76ce3d-892c-4036-9d8b-8ade18ba7a4b",
"tags": null,
"properties": {
"clusterVersion": "3.6.1000.67",
"osType": "Linux",
"clusterDefinition": {
"blueprint": "https://blueprints.azurehdinsight.net/hadoop-3.6.1000.67.2001080246.json",
"kind": "Hadoop",
"componentVersion": {
"Hadoop": "2.7"
}
},
"computeProfile": {
"roles": [
{
"name": "headnode",
"targetInstanceCount": 2,
"hardwareProfile": {
"vmSize": "standard_a4_v2"
},
"osProfile": {
"linuxOperatingSystemProfile": {
"username": "sshuser"
}
}
},
{
"name": "workernode",
"targetInstanceCount": 3,
"hardwareProfile": {
"vmSize": "standard_a4_v2"
},
"osProfile": {
"linuxOperatingSystemProfile": {
"username": "sshuser"
}
}
},
{
"name": "zookeepernode",
"targetInstanceCount": 3,
"hardwareProfile": {
"vmSize": "standard_a2_v2"
},
"osProfile": {
"linuxOperatingSystemProfile": {
"username": "sshuser"
}
}
}
]
},
"provisioningState": "Succeeded",
"clusterState": "Running",
"createdDate": "2020-01-10T08:36:39.153",
"quotaInfo": {
"coresUsed": 20
},
"connectivityEndpoints": [
{
"name": "SSH",
"protocol": "TCP",
"location": "cluster1-ssh.azurehdinsight.net",
"port": 22
},
{
"name": "HTTPS",
"protocol": "TCP",
"location": "cluster1.azurehdinsight.net",
"port": 443
}
],
"tier": "Standard",
"encryptionInTransitProperties": {
"isEncryptionInTransitEnabled": true
}
}
}
}
}
}
26 changes: 26 additions & 0 deletions ...ion/hdinsight/resource-manager/Microsoft.HDInsight/stable/2018-06-01-preview/cluster.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,9 @@
},
"Create cluster with custom network settings": {
"$ref": "./examples/CreateHDInsightClusterWithCustomNetworkSettings.json"
},
"Create cluster with encryption in transit": {
"$ref": "./examples/CreateHDInsightClusterWithEncryptionInTransit.json"
}
},
"parameters": [
Expand Down Expand Up @@ -1011,6 +1014,10 @@
"$ref": "#/definitions/DiskEncryptionProperties",
"description": "The disk encryption properties."
},
"encryptionInTransitProperties": {
"$ref": "#/definitions/EncryptionInTransitProperties",
"description": "The encryption-in-transit properties."
},
"minSupportedTlsVersion": {
"type": "string",
"description": "The minimal supported tls version."
Expand Down Expand Up @@ -1195,6 +1202,10 @@
"$ref": "#/definitions/DiskEncryptionProperties",
"description": "The disk encryption properties."
},
"encryptionInTransitProperties": {
"$ref": "#/definitions/EncryptionInTransitProperties",
"description": "The encryption-in-transit properties."
},
"minSupportedTlsVersion": {
"type": "string",
"description": "The minimal supported tls version."
Expand Down Expand Up @@ -1507,6 +1518,21 @@
"msiResourceId": {
"type": "string",
"description": "Resource ID of Managed Identity that is used to access the key vault."
},
"encryptionAtHost": {
"type": "boolean",
"default": false,
"description": "Indicates whether or not resource disk encryption is enabled."
}
}
},
"EncryptionInTransitProperties": {
"description": "The encryption-in-transit properties.",
"properties": {
"isEncryptionInTransitEnabled": {
"type": "boolean",
"default": false,
"description": "Indicates whether or not inter cluster node communication is encrypted in transit."
}
}
},
Expand Down
Loading

0 comments on commit ebab0b5

Please sign in to comment.