[
https://issues.apache.org/jira/browse/AIRFLOW-3359?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16692987#comment-16692987
]
ASF GitHub Bot commented on AIRFLOW-3359:
-----------------------------------------
kaxil closed pull request #4200: [AIRFLOW-3359] Added customer managed
encryption keys as an option to…
URL: https://github.com/apache/incubator-airflow/pull/4200
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git a/airflow/contrib/operators/dataproc_operator.py
b/airflow/contrib/operators/dataproc_operator.py
index 120693c77d..ff7edee793 100644
--- a/airflow/contrib/operators/dataproc_operator.py
+++ b/airflow/contrib/operators/dataproc_operator.py
@@ -134,6 +134,9 @@ class DataprocClusterCreateOperator(BaseOperator):
auto-deleted at the end of this duration.
A duration in seconds. (If auto_delete_time is set this parameter will
be ignored)
:type auto_delete_ttl: int
+ :param customer_managed_key: The customer-managed key used for disk
encryption
+
(projects/[PROJECT_STORING_KEYS]/locations/[LOCATION]/keyRings/[KEY_RING_NAME]/cryptoKeys/[KEY_NAME])
+ :type customer_managed_key: str
"""
template_fields = ['cluster_name', 'project_id', 'zone', 'region']
@@ -171,6 +174,7 @@ def __init__(self,
idle_delete_ttl=None,
auto_delete_time=None,
auto_delete_ttl=None,
+ customer_managed_key=None,
*args,
**kwargs):
@@ -206,6 +210,7 @@ def __init__(self,
self.idle_delete_ttl = idle_delete_ttl
self.auto_delete_time = auto_delete_time
self.auto_delete_ttl = auto_delete_ttl
+ self.customer_managed_key = customer_managed_key
self.single_node = num_workers == 0
assert not (self.custom_image and self.image_version), \
@@ -316,7 +321,8 @@ def _build_cluster_data(self):
},
'secondaryWorkerConfig': {},
'softwareConfig': {},
- 'lifecycleConfig': {}
+ 'lifecycleConfig': {},
+ 'encryptionConfig': {}
}
}
if self.num_preemptible_workers > 0:
@@ -391,6 +397,9 @@ def _build_cluster_data(self):
if self.service_account_scopes:
cluster_data['config']['gceClusterConfig']['serviceAccountScopes']
=\
self.service_account_scopes
+ if self.customer_managed_key:
+ cluster_data['config']['encryptionConfig'] =\
+ {'gcePdKmsKeyName': self.customer_managed_key}
return cluster_data
def execute(self, context):
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> Add CMEK as a disk encryption option to the Dataproc operator
> -------------------------------------------------------------
>
> Key: AIRFLOW-3359
> URL: https://issues.apache.org/jira/browse/AIRFLOW-3359
> Project: Apache Airflow
> Issue Type: New Feature
> Components: gcp, operators
> Reporter: Bob Lee
> Assignee: Bob Lee
> Priority: Minor
>
> Add customer managed encryption keys as an option to the Dataproc operator
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
