From 4ef6d468e973ba61bc5c53f49055bcca140133da Mon Sep 17 00:00:00 2001 From: "Reuven V. Gonzales" Date: Tue, 28 Apr 2015 10:54:30 -0700 Subject: [PATCH 1/3] Actually sends ebs encrypted flag --- builtin/providers/aws/resource_aws_instance.go | 1 + 1 file changed, 1 insertion(+) diff --git a/builtin/providers/aws/resource_aws_instance.go b/builtin/providers/aws/resource_aws_instance.go index 00124700579f..553610121a94 100644 --- a/builtin/providers/aws/resource_aws_instance.go +++ b/builtin/providers/aws/resource_aws_instance.go @@ -397,6 +397,7 @@ func resourceAwsInstanceCreate(d *schema.ResourceData, meta interface{}) error { bd := v.(map[string]interface{}) ebs := &ec2.EBSBlockDevice{ DeleteOnTermination: aws.Boolean(bd["delete_on_termination"].(bool)), + Encrypted: aws.Boolean(bd["encrypted"].(bool)), } if v, ok := bd["snapshot_id"].(string); ok && v != "" { From 25ab54b4e380dc9d734af6c0f21e96d3df0b64ed Mon Sep 17 00:00:00 2001 From: "Reuven V. Gonzales" Date: Tue, 28 Apr 2015 15:07:23 -0700 Subject: [PATCH 2/3] Added tests to check for encrypted flag --- .../aws/resource_aws_instance_test.go | 23 +++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/builtin/providers/aws/resource_aws_instance_test.go b/builtin/providers/aws/resource_aws_instance_test.go index 2dd863c10df4..1f6fad91ee4a 100644 --- a/builtin/providers/aws/resource_aws_instance_test.go +++ b/builtin/providers/aws/resource_aws_instance_test.go @@ -123,6 +123,11 @@ func TestAccAWSInstance_blockDevices(t *testing.T) { fmt.Errorf("block device doesn't exist: /dev/sdc") } + // Check if the encrypted block device exists + if _, ok := blockDevices["/dev/sdd"]; !ok { + fmt.Errorf("block device doesn't exist: /dev/sdd") + } + return nil } } @@ -144,7 +149,7 @@ func TestAccAWSInstance_blockDevices(t *testing.T) { resource.TestCheckResourceAttr( "aws_instance.foo", "root_block_device.0.volume_type", "gp2"), resource.TestCheckResourceAttr( - "aws_instance.foo", "ebs_block_device.#", "2"), + "aws_instance.foo", "ebs_block_device.#", "3"), resource.TestCheckResourceAttr( "aws_instance.foo", "ebs_block_device.2576023345.device_name", "/dev/sdb"), resource.TestCheckResourceAttr( @@ -159,6 +164,12 @@ func TestAccAWSInstance_blockDevices(t *testing.T) { "aws_instance.foo", "ebs_block_device.2554893574.volume_type", "io1"), resource.TestCheckResourceAttr( "aws_instance.foo", "ebs_block_device.2554893574.iops", "100"), + resource.TestCheckResourceAttr( + "aws_instance.foo", "ebs_block_device.2634515331.device_name", "/dev/sdd"), + resource.TestCheckResourceAttr( + "aws_instance.foo", "ebs_block_device.2634515331.encrypted", "true"), + resource.TestCheckResourceAttr( + "aws_instance.foo", "ebs_block_device.2634515331.volume_size", "12"), resource.TestCheckResourceAttr( "aws_instance.foo", "ephemeral_block_device.#", "1"), resource.TestCheckResourceAttr( @@ -462,7 +473,7 @@ const testAccInstanceConfigBlockDevices = ` resource "aws_instance" "foo" { # us-west-2 ami = "ami-55a7ea65" - instance_type = "m1.small" + instance_type = "m3.medium" root_block_device { volume_type = "gp2" @@ -478,6 +489,14 @@ resource "aws_instance" "foo" { volume_type = "io1" iops = 100 } + + # Encrypted ebs block device + ebs_block_device { + device_name = "/dev/sdd" + volume_size = 12 + encrypted = true + } + ephemeral_block_device { device_name = "/dev/sde" virtual_name = "ephemeral0" From e8e42decc9a0d400b6452aef9d7b92e12939979f Mon Sep 17 00:00:00 2001 From: "Reuven V. Gonzales" Date: Tue, 28 Apr 2015 15:19:31 -0700 Subject: [PATCH 3/3] Added docs about m3.medium to tests --- builtin/providers/aws/resource_aws_instance_test.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/builtin/providers/aws/resource_aws_instance_test.go b/builtin/providers/aws/resource_aws_instance_test.go index 1f6fad91ee4a..cdcbff5bd24c 100644 --- a/builtin/providers/aws/resource_aws_instance_test.go +++ b/builtin/providers/aws/resource_aws_instance_test.go @@ -473,6 +473,10 @@ const testAccInstanceConfigBlockDevices = ` resource "aws_instance" "foo" { # us-west-2 ami = "ami-55a7ea65" + + # In order to attach an encrypted volume to an instance you need to have an + # m3.medium or larger. See "Supported Instance Types" in: + # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html instance_type = "m3.medium" root_block_device {