From 0d8c9dfa424aaea0b1919d7eb4e33bcd3e34e4d1 Mon Sep 17 00:00:00 2001 From: Zhenyu Zhou Date: Fri, 19 Jun 2020 19:40:20 +0800 Subject: [PATCH] Support encryption in transit feature: Add a property when creating a cluster --- .../preview/2015-03-01-preview/cluster.json | 26 +++ ...InsightClusterWithEncryptionInTransit.json | 171 ++++++++++++++++++ .../stable/2018-06-01-preview/cluster.json | 26 +++ ...InsightClusterWithEncryptionInTransit.json | 171 ++++++++++++++++++ 4 files changed, 394 insertions(+) create mode 100644 specification/hdinsight/resource-manager/Microsoft.HDInsight/preview/2015-03-01-preview/examples/CreateHDInsightClusterWithEncryptionInTransit.json create mode 100644 specification/hdinsight/resource-manager/Microsoft.HDInsight/stable/2018-06-01-preview/examples/CreateHDInsightClusterWithEncryptionInTransit.json diff --git a/specification/hdinsight/resource-manager/Microsoft.HDInsight/preview/2015-03-01-preview/cluster.json b/specification/hdinsight/resource-manager/Microsoft.HDInsight/preview/2015-03-01-preview/cluster.json index a67e4f60e3d8..7d865e5b76f7 100644 --- a/specification/hdinsight/resource-manager/Microsoft.HDInsight/preview/2015-03-01-preview/cluster.json +++ b/specification/hdinsight/resource-manager/Microsoft.HDInsight/preview/2015-03-01-preview/cluster.json @@ -68,6 +68,9 @@ }, "Create cluster with custom network settings": { "$ref": "./examples/CreateHDInsightClusterWithCustomNetworkSettings.json" + }, + "Create cluster with encryption in transit": { + "$ref": "./examples/CreateHDInsightClusterWithEncryptionInTransit.json" } }, "parameters": [ @@ -1011,6 +1014,10 @@ "$ref": "#/definitions/DiskEncryptionProperties", "description": "The disk encryption properties." }, + "encryptionInTransitProperties": { + "$ref": "#/definitions/EncryptionInTransitProperties", + "description": "The encryption-in-transit properties." + }, "minSupportedTlsVersion": { "type": "string", "description": "The minimal supported tls version." @@ -1195,6 +1202,10 @@ "$ref": "#/definitions/DiskEncryptionProperties", "description": "The disk encryption properties." }, + "encryptionInTransitProperties": { + "$ref": "#/definitions/EncryptionInTransitProperties", + "description": "The encryption-in-transit properties." + }, "minSupportedTlsVersion": { "type": "string", "description": "The minimal supported tls version." @@ -1507,6 +1518,21 @@ "msiResourceId": { "type": "string", "description": "Resource ID of Managed Identity that is used to access the key vault." + }, + "encryptionAtHost": { + "type": "boolean", + "default": false, + "description": "Indicates whether or not resource disk encryption is enabled." + } + } + }, + "EncryptionInTransitProperties": { + "description": "The encryption-in-transit properties.", + "properties": { + "isEncryptionInTransitEnabled": { + "type": "boolean", + "default": false, + "description": "Indicates whether or not inter cluster node communication is encrypted in transit." } } }, diff --git a/specification/hdinsight/resource-manager/Microsoft.HDInsight/preview/2015-03-01-preview/examples/CreateHDInsightClusterWithEncryptionInTransit.json b/specification/hdinsight/resource-manager/Microsoft.HDInsight/preview/2015-03-01-preview/examples/CreateHDInsightClusterWithEncryptionInTransit.json new file mode 100644 index 000000000000..857e5c39f419 --- /dev/null +++ b/specification/hdinsight/resource-manager/Microsoft.HDInsight/preview/2015-03-01-preview/examples/CreateHDInsightClusterWithEncryptionInTransit.json @@ -0,0 +1,171 @@ +{ + "parameters": { + "clusterName": "cluster1", + "resourceGroupName": "rg1", + "api-version": "2015-03-01-preview", + "subscriptionId": "subid", + "parameters": { + "properties": { + "clusterVersion": "3.6", + "osType": "Linux", + "tier": "Standard", + "clusterDefinition": { + "kind": "Hadoop", + "configurations": { + "gateway": { + "restAuthCredential.isEnabled": true, + "restAuthCredential.username": "admin", + "restAuthCredential.password": "**********" + } + } + }, + "computeProfile": { + "roles": [ + { + "name": "headnode", + "targetInstanceCount": 2, + "hardwareProfile": { + "vmSize": "Large" + }, + "osProfile": { + "linuxOperatingSystemProfile": { + "username": "sshuser", + "password": "**********" + } + } + }, + { + "name": "workernode", + "targetInstanceCount": 3, + "hardwareProfile": { + "vmSize": "Large" + }, + "osProfile": { + "linuxOperatingSystemProfile": { + "username": "sshuser", + "password": "**********" + } + } + }, + { + "name": "zookeepernode", + "targetInstanceCount": 3, + "hardwareProfile": { + "vmSize": "Small" + }, + "osProfile": { + "linuxOperatingSystemProfile": { + "username": "sshuser", + "password": "**********" + } + } + } + ] + }, + "storageProfile": { + "storageaccounts": [ + { + "name": "mystorage.blob.core.windows.net", + "isDefault": true, + "container": "default8525", + "key": "storagekey" + } + ] + }, + "encryptionInTransitProperties": { + "isEncryptionInTransitEnabled": true + } + } + } + }, + "responses": { + "200": { + "headers": { + "location": "https://management.azure.com/subscriptions/subid/providers/Microsoft.HDInsight/pathToOperationResult" + }, + "body": { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.HDInsight/clusters/cluster1", + "name": "cluster1", + "type": "Microsoft.HDInsight/clusters", + "location": "South Central US", + "etag": "3b76ce3d-892c-4036-9d8b-8ade18ba7a4b", + "tags": null, + "properties": { + "clusterVersion": "3.6.1000.67", + "osType": "Linux", + "clusterDefinition": { + "blueprint": "https://blueprints.azurehdinsight.net/hadoop-3.6.1000.67.2001080246.json", + "kind": "Hadoop", + "componentVersion": { + "Hadoop": "2.7" + } + }, + "computeProfile": { + "roles": [ + { + "name": "headnode", + "targetInstanceCount": 2, + "hardwareProfile": { + "vmSize": "standard_a4_v2" + }, + "osProfile": { + "linuxOperatingSystemProfile": { + "username": "sshuser" + } + } + }, + { + "name": "workernode", + "targetInstanceCount": 3, + "hardwareProfile": { + "vmSize": "standard_a4_v2" + }, + "osProfile": { + "linuxOperatingSystemProfile": { + "username": "sshuser" + } + } + }, + { + "name": "zookeepernode", + "targetInstanceCount": 3, + "hardwareProfile": { + "vmSize": "standard_a2_v2" + }, + "osProfile": { + "linuxOperatingSystemProfile": { + "username": "sshuser" + } + } + } + ] + }, + "provisioningState": "Succeeded", + "clusterState": "Running", + "createdDate": "2020-01-10T08:36:39.153", + "quotaInfo": { + "coresUsed": 20 + }, + "connectivityEndpoints": [ + { + "name": "SSH", + "protocol": "TCP", + "location": "cluster1-ssh.azurehdinsight.net", + "port": 22 + }, + { + "name": "HTTPS", + "protocol": "TCP", + "location": "cluster1.azurehdinsight.net", + "port": 443 + } + ], + "tier": "Standard", + "encryptionInTransitProperties": { + "isEncryptionInTransitEnabled": true + } + } + } + } + } +} diff --git a/specification/hdinsight/resource-manager/Microsoft.HDInsight/stable/2018-06-01-preview/cluster.json b/specification/hdinsight/resource-manager/Microsoft.HDInsight/stable/2018-06-01-preview/cluster.json index 09d5ab955690..f0ca0b010cf4 100644 --- a/specification/hdinsight/resource-manager/Microsoft.HDInsight/stable/2018-06-01-preview/cluster.json +++ b/specification/hdinsight/resource-manager/Microsoft.HDInsight/stable/2018-06-01-preview/cluster.json @@ -68,6 +68,9 @@ }, "Create cluster with custom network settings": { "$ref": "./examples/CreateHDInsightClusterWithCustomNetworkSettings.json" + }, + "Create cluster with encryption in transit": { + "$ref": "./examples/CreateHDInsightClusterWithEncryptionInTransit.json" } }, "parameters": [ @@ -1011,6 +1014,10 @@ "$ref": "#/definitions/DiskEncryptionProperties", "description": "The disk encryption properties." }, + "encryptionInTransitProperties": { + "$ref": "#/definitions/EncryptionInTransitProperties", + "description": "The encryption-in-transit properties." + }, "minSupportedTlsVersion": { "type": "string", "description": "The minimal supported tls version." @@ -1195,6 +1202,10 @@ "$ref": "#/definitions/DiskEncryptionProperties", "description": "The disk encryption properties." }, + "encryptionInTransitProperties": { + "$ref": "#/definitions/EncryptionInTransitProperties", + "description": "The encryption-in-transit properties." + }, "minSupportedTlsVersion": { "type": "string", "description": "The minimal supported tls version." @@ -1507,6 +1518,21 @@ "msiResourceId": { "type": "string", "description": "Resource ID of Managed Identity that is used to access the key vault." + }, + "encryptionAtHost": { + "type": "boolean", + "default": false, + "description": "Indicates whether or not resource disk encryption is enabled." + } + } + }, + "EncryptionInTransitProperties": { + "description": "The encryption-in-transit properties.", + "properties": { + "isEncryptionInTransitEnabled": { + "type": "boolean", + "default": false, + "description": "Indicates whether or not inter cluster node communication is encrypted in transit." } } }, diff --git a/specification/hdinsight/resource-manager/Microsoft.HDInsight/stable/2018-06-01-preview/examples/CreateHDInsightClusterWithEncryptionInTransit.json b/specification/hdinsight/resource-manager/Microsoft.HDInsight/stable/2018-06-01-preview/examples/CreateHDInsightClusterWithEncryptionInTransit.json new file mode 100644 index 000000000000..e791e99a9a26 --- /dev/null +++ b/specification/hdinsight/resource-manager/Microsoft.HDInsight/stable/2018-06-01-preview/examples/CreateHDInsightClusterWithEncryptionInTransit.json @@ -0,0 +1,171 @@ +{ + "parameters": { + "clusterName": "cluster1", + "resourceGroupName": "rg1", + "api-version": "2018-06-01-preview", + "subscriptionId": "subid", + "parameters": { + "properties": { + "clusterVersion": "3.6", + "osType": "Linux", + "tier": "Standard", + "clusterDefinition": { + "kind": "Hadoop", + "configurations": { + "gateway": { + "restAuthCredential.isEnabled": true, + "restAuthCredential.username": "admin", + "restAuthCredential.password": "**********" + } + } + }, + "computeProfile": { + "roles": [ + { + "name": "headnode", + "targetInstanceCount": 2, + "hardwareProfile": { + "vmSize": "Large" + }, + "osProfile": { + "linuxOperatingSystemProfile": { + "username": "sshuser", + "password": "**********" + } + } + }, + { + "name": "workernode", + "targetInstanceCount": 3, + "hardwareProfile": { + "vmSize": "Large" + }, + "osProfile": { + "linuxOperatingSystemProfile": { + "username": "sshuser", + "password": "**********" + } + } + }, + { + "name": "zookeepernode", + "targetInstanceCount": 3, + "hardwareProfile": { + "vmSize": "Small" + }, + "osProfile": { + "linuxOperatingSystemProfile": { + "username": "sshuser", + "password": "**********" + } + } + } + ] + }, + "storageProfile": { + "storageaccounts": [ + { + "name": "mystorage.blob.core.windows.net", + "isDefault": true, + "container": "default8525", + "key": "storagekey" + } + ] + }, + "encryptionInTransitProperties": { + "isEncryptionInTransitEnabled": true + } + } + } + }, + "responses": { + "200": { + "headers": { + "location": "https://management.azure.com/subscriptions/subid/providers/Microsoft.HDInsight/pathToOperationResult" + }, + "body": { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.HDInsight/clusters/cluster1", + "name": "cluster1", + "type": "Microsoft.HDInsight/clusters", + "location": "South Central US", + "etag": "3b76ce3d-892c-4036-9d8b-8ade18ba7a4b", + "tags": null, + "properties": { + "clusterVersion": "3.6.1000.67", + "osType": "Linux", + "clusterDefinition": { + "blueprint": "https://blueprints.azurehdinsight.net/hadoop-3.6.1000.67.2001080246.json", + "kind": "Hadoop", + "componentVersion": { + "Hadoop": "2.7" + } + }, + "computeProfile": { + "roles": [ + { + "name": "headnode", + "targetInstanceCount": 2, + "hardwareProfile": { + "vmSize": "standard_a4_v2" + }, + "osProfile": { + "linuxOperatingSystemProfile": { + "username": "sshuser" + } + } + }, + { + "name": "workernode", + "targetInstanceCount": 3, + "hardwareProfile": { + "vmSize": "standard_a4_v2" + }, + "osProfile": { + "linuxOperatingSystemProfile": { + "username": "sshuser" + } + } + }, + { + "name": "zookeepernode", + "targetInstanceCount": 3, + "hardwareProfile": { + "vmSize": "standard_a2_v2" + }, + "osProfile": { + "linuxOperatingSystemProfile": { + "username": "sshuser" + } + } + } + ] + }, + "provisioningState": "Succeeded", + "clusterState": "Running", + "createdDate": "2020-01-10T08:36:39.153", + "quotaInfo": { + "coresUsed": 20 + }, + "connectivityEndpoints": [ + { + "name": "SSH", + "protocol": "TCP", + "location": "cluster1-ssh.azurehdinsight.net", + "port": 22 + }, + { + "name": "HTTPS", + "protocol": "TCP", + "location": "cluster1.azurehdinsight.net", + "port": 443 + } + ], + "tier": "Standard", + "encryptionInTransitProperties": { + "isEncryptionInTransitEnabled": true + } + } + } + } + } +}