Merge pull request #685 from jrosinsk/add-oke-kms-key-id

Add the kms-key-id parameter to oke config

Author: rawmind0

docs/resources/cluster.md

@@ -1480,6 +1480,7 @@ The following arguments are supported:
 * `enable_private_nodes` - (Optional) Specifies whether worker nodes will be deployed into a new, private, subnet. Default `false` (bool)
 * `fingerprint` - (Required) The fingerprint corresponding to the specified user's private API Key (string)
 * `flex_ocpus` - (Optional) Specifies number of OCPUs for nodes (requires flexible shape specified with `node_shape`) (int)
+* `kms_key_id` - (Optional) The OCID of a KMS vault master key used to encrypt secrets at rest. See [here](https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengencryptingdata.htm) for help creating a vault and master encryption key. Just for Rancher v2.5.9 or above (string)
 * `kubernetes_version` - (Required) The Kubernetes version that will be used for your master *and* OKE worker nodes (string)
 * `limit_node_count` - (Optional) The maximum number of worker nodes. Can limit `quantity_per_subnet`. Default `0` (no limit) (int)
 * `load_balancer_subnet_name_1` - (Optional) The name of the first existing subnet to use for Kubernetes services / LB. `vcn_name` is also required when specifying an existing subnet. (string)

rancher2/schema_cluster_oke_config.go

@@ -23,6 +23,7 @@ type OracleKubernetesEngineConfig struct {
 	FlexOCPUs                   int64  `json:"flexOcpus,omitempty" yaml:"flexOcpus,omitempty"`
 	KubernetesVersion           string `json:"kubernetesVersion,omitempty" yaml:"kubernetesVersion,omitempty"`
 	DriverName                  string `json:"driverName,omitempty" yaml:"driverName,omitempty"`
+	KMSKeyID                    string `json:"kmsKeyId" yaml:"kmsKeyId"`
 	LimitNodeCount              int64  `json:"limitNodeCount,omitempty" yaml:"limitNodeCount,omitempty"`
 	Name                        string `json:"name,omitempty" yaml:"name,omitempty"`
 	NodeImage                   string `json:"nodeImage,omitempty" yaml:"nodeImage,omitempty"`
@@ -74,6 +75,12 @@ func clusterOKEConfigFields() map[string]*schema.Schema {
 			Optional:    true,
 			Description: "Optional number of OCPUs for nodes (requires flexible node_shape)",
 		},
+		"kms_key_id": {
+			Type:        schema.TypeString,
+			Optional:    true,
+			Sensitive:   true,
+			Description: "Optional specify the OCID of the KMS Vault master key",
+		},
 		"kubernetes_version": {
 			Type:        schema.TypeString,
 			Required:    true,

rancher2/structure_cluster_oke_config.go

@@ -39,6 +39,10 @@ func flattenClusterOKEConfig(in *OracleKubernetesEngineConfig, p []interface{})
 		obj["flex_ocpus"] = int(in.FlexOCPUs)
 	}
 
+	if len(in.KMSKeyID) > 0 {
+		obj["kms_key_id"] = in.KMSKeyID
+	}
+
 	if len(in.KubernetesVersion) > 0 {
 		obj["kubernetes_version"] = in.KubernetesVersion
 	}
@@ -173,6 +177,10 @@ func expandClusterOKEConfig(p []interface{}, name string) (*OracleKubernetesEngi
 		obj.FlexOCPUs = int64(v)
 	}
 
+	if v, ok := in["kms_key_id"].(string); ok && len(v) > 0 {
+		obj.KMSKeyID = v
+	}
+
 	if v, ok := in["kubernetes_version"].(string); ok && len(v) > 0 {
 		obj.KubernetesVersion = v
 	}

rancher2/structure_cluster_oke_config_test.go

@@ -23,6 +23,7 @@ func init() {
 		Fingerprint:                 "fingerprint",
 		FlexOCPUs:                   0,
 		KubernetesVersion:           "version",
+		KMSKeyID:                    "ocid1.key.oc1.reg.xxxxxxxxxxxxxxxxxx",
 		LimitNodeCount:              0,
 		Name:                        "test",
 		NodeImage:                   "image",
@@ -57,6 +58,7 @@ func init() {
 			"enable_private_nodes":        false,
 			"fingerprint":                 "fingerprint",
 			"flex_ocpus":                  0,
+			"kms_key_id":                  "ocid1.key.oc1.phx.xxxxxxxxxxxxxxxxxx",
 			"kubernetes_version":          "version",
 			"limit_node_count":            0,
 			"node_image":                  "image",