Skip to content

Commit

Permalink
adding in initial KMS (#1555)
Browse files Browse the repository at this point in the history
Co-authored-by: Ian Eyberg <[email protected]>
  • Loading branch information
eyberg and Ian Eyberg authored Dec 1, 2023
1 parent e0fc870 commit afd81a7
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 4 deletions.
18 changes: 14 additions & 4 deletions provider/aws/aws_image.go
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ func (p *AWS) CreateImage(ctx *lepton.Context, imagePath string) error {
key := c.CloudConfig.ImageName

ctx.Logger().Info("Creating snapshot")
snapshotID, err := p.createSnapshot(imagePath)
snapshotID, err := p.createSnapshot(imagePath, c.CloudConfig.KMS)
if err != nil {
return err
}
Expand Down Expand Up @@ -227,7 +227,7 @@ func (p *AWS) MirrorImage(ctx *lepton.Context, imageName, srcRegion, dstRegion s

// createSnapshot process create Snapshot to EBS
// Returns snapshotID and err
func (p *AWS) createSnapshot(imagePath string) (string, error) {
func (p *AWS) createSnapshot(imagePath string, kms string) (string, error) {
// Open file first
f, err := os.Open(imagePath)
if err != nil {
Expand All @@ -250,10 +250,20 @@ func (p *AWS) createSnapshot(imagePath string) (string, error) {
maxBar := (snapshotSize/int64(SnapshotBlockDataLength))*2 + 2
bar := progressbar.Default(maxBar)

snapshotOutput, err := p.volumeService.StartSnapshot(&ebs.StartSnapshotInput{
esi := &ebs.StartSnapshotInput{
Tags: []*ebs.Tag{},
VolumeSize: aws.Int64(sizeInGb),
})
}

if kms != "" {
esi.Encrypted = aws.Bool(true)

if kms != "default" {
esi.KmsKeyArn = aws.String(kms)
}
}

snapshotOutput, err := p.volumeService.StartSnapshot(esi)
if err != nil {
return "", err
}
Expand Down
4 changes: 4 additions & 0 deletions types/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -168,6 +168,10 @@ type ProviderConfig struct {
// you can use to pass role information to an EC2 instance when the instance starts.
InstanceProfile string `json:",omitempty"`

// KMS optionally encrypts AMIs if set. 'default' may be used for
// the default key or a KMS arn may be specified.
KMS string `json:",omitempty"`

// Platform defines the cloud provider to use with the ops CLI, currently
// supporting aws, azure, and gcp.
Platform string `cloud:"platform" json:",omitempty"`
Expand Down

0 comments on commit afd81a7

Please sign in to comment.