Adding dedicated tenancy and KMS keys

dougalb · dougalb · commit 4587a7660212 · 2015-04-19T21:52:00.000-04:00
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -2,6 +2,11 @@
 CHANGELOG
 =========
 
+develop
+=======
+* feature:``cfncluster``: Support for dedicated tenancy
+* feature:``cfncluster``: Support for customer provided KMS keys (EBS and ephemeral)
+
 0.0.20
 ======
 * feature:``cfncluster``: Support for D2 instances
diff --git a/cli/cfncluster/cfnconfig.py b/cli/cfncluster/cfnconfig.py
@@ -203,7 +203,8 @@ def __init__(self, args):
                                       encrypted_ephemeral=('EncryptedEphemeral',None),pre_install_args=('PreInstallArgs',None),
                                       post_install_args=('PostInstallArgs',None), s3_read_resource=('S3ReadResource',None),
                                       s3_read_write_resource=('S3ReadWriteResource',None),cwl_region=('CWLRegion',None),
-                                      cwl_log_group=('CWLLogGroup',None),shared_dir=('SharedDir',None)
+                                      cwl_log_group=('CWLLogGroup',None),shared_dir=('SharedDir',None),tenancy=('Tenancy',None),
+                                      ephemeral_kms_key_id=('EphemeralKMSKeyId',None), cluster_ready=('ClusterReadyScript','URL')
                                       )
 
         # Loop over all the cluster options and add define to parameters, raise Exception if defined but null
@@ -234,7 +235,7 @@ def __init__(self, args):
 
         # Dictionary list of all EBS options
         self.__ebs_options = dict(ebs_snapshot_id=('EBSSnapshotId','EC2Snapshot'), volume_type=('VolumeType',None),
-                                  volume_size=('VolumeSize',None),
+                                  volume_size=('VolumeSize',None), ebs_kms_key_id=('EBSKMSKeyId', None),
                                   volume_iops=('VolumeIOPS',None), encrypted=('EBSEncryption',None))
 
         try:
diff --git a/cli/setup.py b/cli/setup.py
@@ -20,7 +20,7 @@ def read(fname):
     return open(os.path.join(os.path.dirname(__file__), fname)).read()
 
 console_scripts = ['cfncluster = cfncluster.cli:main']
-version = "0.0.20"
+version = "0.0.99"
 requires = ['boto>=2.38'] 
 
 if sys.version_info[:2] == (2, 6):
diff --git a/cloudformation/cfncluster.cfn.json b/cloudformation/cfncluster.cfn.json
@@ -358,6 +358,30 @@
       "Description" : "CloudWatch Logs LogGroup",
       "Type" : "String",
       "Default" : "NONE"
+    },
+    "Tenancy" : {
+      "Description" : "Type of placement requird in cfncluster, it can either be cluster or compute.",
+      "Type" : "String",
+      "Default" : "default",
+      "AllowedValues" : [
+        "default",
+        "dedicated"
+      ]
+    },
+    "EBSKMSKeyId" : {
+      "Description" : "KMS ARN for customer created master key, will be used for EBS encryption",
+      "Type" : "String",
+      "Default" : "NONE"
+    },
+    "EphemeralKMSKeyId" : {
+      "Description" : "KMS ARN for customer created master key, will be used for ephemeral encryption",
+      "Type" : "String",
+      "Default" : "NONE"
+    },
+    "ClusterReadyScript" : {
+      "Description" : "Cluster ready script URL. This is only on the MasterServer, when the cluster reaches CREATE_COMPLETE.",
+      "Type" : "String",
+      "Default" : "NONE"
     }
   },
   "Conditions" : {
@@ -598,6 +622,25 @@
           ]
         }
       ]
+    },
+    "UseEBSKMSKey" : {
+      "Fn::And" : [
+        {
+          "Fn::Not" : [
+            {
+              "Fn::Equals" : [
+                {
+                  "Ref" : "EBSKMSKeyId"
+                },
+                "NONE"
+              ]
+            }
+          ]
+        },
+        {
+          "Condition" : "UseEBSEncryption"
+        }
+      ]
     }
   },
   "Mappings" : {
@@ -1390,6 +1433,9 @@
               "Ref" : "AWS::NoValue"
             }
           ]
+        },
+        "Tenancy" : {
+          "Ref" : "Tenancy"
         }
       },
       "Metadata" : {
@@ -1941,7 +1987,10 @@
             }
           ]
         },
-        "InstanceMonitoring" : "false"
+        "InstanceMonitoring" : "false",
+        "PlacementTenancy" : {
+          "Ref" : "Tenancy"
+        }
       },
       "Metadata" : {
         "Comment" : "cfncluster Compute server",
@@ -2455,6 +2504,17 @@
               "Ref" : "AWS::NoValue"
             }
           ]
+        },
+        "KmsKeyId" : {
+          "Fn::If" : [
+            "UseEBSKMSKey",
+            {
+              "Ref" : "EBSKMSKeyId"
+            },
+            {
+              "Ref" : "AWS::NoValue"
+            }
+          ]
         }
       }
     },
