Add EFS access point support (aws-parallelcluster#2337)

Signed-off-by: Thomas Heinen <[email protected]>

Author: thheinen

cookbooks/aws-parallelcluster-environment/attributes/environment.rb

@@ -37,6 +37,7 @@
 default['cluster']['efs_fs_ids'] = ''
 default['cluster']['efs_encryption_in_transits'] = ''
 default['cluster']['efs_iam_authorizations'] = ''
+default['cluster']['efs_accesspoint_ids'] = ''
 default['cluster']['fsx_shared_dirs'] = ''
 default['cluster']['fsx_fs_ids'] = ''
 default['cluster']['fsx_dns_names'] = ''

cookbooks/aws-parallelcluster-environment/recipes/config/efs.rb

@@ -15,14 +15,16 @@
 id_array = node['cluster']['efs_fs_ids'].split(',')
 encryption_array = node['cluster']['efs_encryption_in_transits'].split(',')
 iam_array = node['cluster']['efs_iam_authorizations'].split(',')
+accesspoint_id_array = node['cluster']['efs_accesspoint_ids'].split(',')
 
 # Identify the previously mounted filesystems and remove them from the set of filesystems to mount
 shared_dir_array.each_with_index do |dir, index|
-  next unless node['cluster']['internal_shared_dirs'].include?(dir) || dir == "/home" || dir == "home" || dir == node['cluster']['internal_initial_shared_dir']
+  next unless node['cluster']['internal_shared_dirs'].include?(dir) || dir == node['cluster']['internal_initial_shared_dir']
   shared_dir_array.delete(dir)
   id_array.delete_at(index)
   encryption_array.delete_at(index)
   iam_array.delete_at(index)
+  accesspoint_id_array.delete_at(index)
 end
 
 # Mount EFS directories with the efs resource
@@ -31,6 +33,7 @@
   efs_fs_id_array id_array
   efs_encryption_in_transit_array encryption_array
   efs_iam_authorization_array iam_array
+  efs_accesspoint_id_array accesspoint_id_array
   action :mount
   not_if { shared_dir_array.empty? }
 end

cookbooks/aws-parallelcluster-environment/recipes/config/mount_home.rb

@@ -73,6 +73,7 @@
         efs_fs_id_array [node['cluster']['efs_fs_ids'].split(',')[index]]
         efs_encryption_in_transit_array [node['cluster']['efs_encryption_in_transits'].split(',')[index]]
         efs_iam_authorization_array [node['cluster']['efs_iam_authorizations'].split(',')[index]]
+        efs_accesspoint_id [node['cluster']['efs_accesspoint_id'].split(',')[index]]
         action :mount
       end
       break

cookbooks/aws-parallelcluster-environment/resources/efs/partial/_mount_umount.rb

@@ -18,6 +18,7 @@
 property :efs_fs_id_array, Array, required: %i(mount unmount)
 property :efs_encryption_in_transit_array, Array, required: false
 property :efs_iam_authorization_array, Array, required: false
+property :efs_accesspoint_id_array, Array, required: false
 # This is the mount point on the EFS itself, as opposed to the local system directory, defaults to "/"
 property :efs_mount_point_array, Array, required: false
 property :efs_unmount_forced_array, Array, required: false
@@ -28,19 +29,23 @@
   efs_fs_id_array = new_resource.efs_fs_id_array.dup
   efs_encryption_in_transit_array = new_resource.efs_encryption_in_transit_array.dup
   efs_iam_authorization_array = new_resource.efs_iam_authorization_array.dup
+  efs_accesspoint_id_array = new_resource.efs_accesspoint_id_array.dup
   efs_mount_point_array = new_resource.efs_mount_point_array.dup
 
   efs_fs_id_array.each_with_index do |efs_fs_id, index|
     efs_shared_dir = efs_shared_dir_array[index]
     efs_encryption_in_transit = efs_encryption_in_transit_array[index] unless efs_encryption_in_transit_array.nil?
     efs_iam_authorization = efs_iam_authorization_array[index] unless efs_iam_authorization_array.nil?
+    efs_accesspoint_id = efs_accesspoint_id_array[index] unless efs_accesspoint_id_array.nil?
 
     # Path needs to be fully qualified, for example "shared/temp" becomes "/shared/temp"
     efs_shared_dir = "/#{efs_shared_dir}" unless efs_shared_dir.start_with?('/')
 
     # See reference of mount options: https://docs.aws.amazon.com/efs/latest/ug/automount-with-efs-mount-helper.html
     mount_options = "_netdev,noresvport"
-    if efs_encryption_in_transit == "true"
+    if efs_accesspoint_id
+      mount_options = "iam,tls,accesspoint=#{efs_accesspoint_id}"
+    elsif efs_encryption_in_transit == "true"
       mount_options += ",tls"
       if efs_iam_authorization == "true"
         mount_options += ",iam"