UPSTREAM: <carry>: openshift: Adding managed disk parameters to suppo…

…rt DES encryption This commit adds the ability to support customer supplied encryption keys. This feature requires a disk encryption set, a key vault, and a customer's encryption key. This feature assumes that the disk encryption set presides in a resource group where the cloud credentials operator has granted permissions or an additional reader role will be required to be granted on the disk encryption set.
openshift · Oct 16, 2020 · 4090a69 · 4090a69
1 parent 6c9c959
commit 4090a69
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 13 deletions.
diff --git a/pkg/apis/azureprovider/v1beta1/types.go b/pkg/apis/azureprovider/v1beta1/types.go
@@ -401,11 +401,16 @@ type Image struct {
 type VMIdentity string
 
 type OSDisk struct {
-	OSType      string      `json:"osType"`
-	ManagedDisk ManagedDisk `json:"managedDisk"`
-	DiskSizeGB  int32       `json:"diskSizeGB"`
+	OSType      string                `json:"osType"`
+	ManagedDisk ManagedDiskParameters `json:"managedDisk"`
+	DiskSizeGB  int32                 `json:"diskSizeGB"`
 }
 
-type ManagedDisk struct {
-	StorageAccountType string `json:"storageAccountType"`
+type ManagedDiskParameters struct {
+	StorageAccountType string                       `json:"storageAccountType"`
+	DiskEncryptionSet  *DiskEncryptionSetParameters `json:"diskEncryptionSet,omitempty"`
+}
+
+type DiskEncryptionSetParameters struct {
+	ID string `json:"id,omitempty"`
 }
diff --git a/pkg/apis/azureprovider/v1beta1/zz_generated.deepcopy.go b/pkg/apis/azureprovider/v1beta1/zz_generated.deepcopy.go
diff --git a/pkg/cloud/azure/actuators/machine/stubs.go b/pkg/cloud/azure/actuators/machine/stubs.go
@@ -39,7 +39,7 @@ func stubProviderConfig() *providerspecv1.AzureMachineProviderSpec {
 		Location:             "eastus2",
 		VMSize:               "Standard_B2ms",
 		Image:                providerspecv1.Image{ResourceID: "/resourceGroups/os4-common/providers/Microsoft.Compute/images/test1-controlplane-0-image-20190529150403"},
-		OSDisk:               providerspecv1.OSDisk{OSType: "Linux", ManagedDisk: providerspecv1.ManagedDisk{StorageAccountType: "Premium_LRS"}, DiskSizeGB: 60},
+		OSDisk:               providerspecv1.OSDisk{OSType: "Linux", ManagedDisk: providerspecv1.ManagedDiskParameters{StorageAccountType: "Premium_LRS"}, DiskSizeGB: 60},
 		SSHPublicKey:         "c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFDNEd4SGQ1L0pLZVJYMGZOMCt4YzM1eXhLdmtvb0Qwb0l2RnNCdDNHNTNaSXZlTWxwNUppQTRWT0Y3YjJ4cHZmL1FHbVpmWWl4d1JYMHdUKzRWUzYxV1ZNeUdZRUhPcE9QYy85MWZTcTg4bTJZbitBYVhTUUxTbFpaVkZJTDZsK296bjlRQ3NaSXhqSlpkTW5BTlRQdlhWMWpjSVNJeDhmU0pKeWVEdlhFU2FEQ2N1VjdPZTdvd01lVVpseCtUUEhkcU85eEV1OXFuREVYUXo1SUVQQUMwTElSQnVicmJVaTRQZUJFUlFieVBQd1p0Um9NN2pFZ3RuRFhDcmxYbXo2T0N3NXNiaE1FNEJCUVliVjBOV0J3Unl2bHJReDJtYzZHNnJjODJ6OWxJMkRKQ3ZJcnNkRW43NytQZThiWm1MVU83V0sxRUFyd2xXY0FiZU1kYUFkbzcgamNoYWxvdXBAZGhjcC0yNC0xNzAuYnJxLnJlZGhhdC5jb20K",
 		PublicIP:             false,
 		Subnet:               "stub-machine-subnet",

diff --git a/pkg/cloud/azure/services/virtualmachines/virtualmachines.go b/pkg/cloud/azure/services/virtualmachines/virtualmachines.go
@@ -231,6 +231,10 @@ func (s *Service) CreateOrUpdate(ctx context.Context, spec azure.Spec) error {
 		}
 	}
 
+	if vmSpec.OSDisk.ManagedDisk.DiskEncryptionSet != nil {
+		virtualMachine.StorageProfile.OsDisk.ManagedDisk.DiskEncryptionSet = &compute.DiskEncryptionSetParameters{ID: to.StringPtr(vmSpec.OSDisk.ManagedDisk.DiskEncryptionSet.ID)}
+	}
+
 	if vmSpec.Zone != "" {
 		zones := []string{vmSpec.Zone}
 		virtualMachine.Zones = &zones