OBS KMS encryption - Githubissues

FlexibleEngineCloud / terraform-provider-flexibleengine

Terraform flexibleengine provider

https://www.terraform.io/docs/providers/flexibleengine/

Mozilla Public License 2.0

30 stars 53 forks source link

OBS KMS encryption #419

Closed fculpo closed 3 years ago

fculpo commented 3 years ago

Hi,

Is there any way to enable OBS bucket default encryption with terraform ? I can't find any parameter allowing passing kms information in flexibleengine_obs_bucket

antonin-a commented 3 years ago

Hello @fculpo , on platform side the API call is described here : https://docs.prod-cloud-ocb.orange-business.com/api/obs/en-us_topic_0190318905.html @niuzhenguo is the ressources already existing on terraform side ? If not, is it possible to add this one ? Regards

ShiChangkuo commented 3 years ago

@fculpo you can encrypt an object with encryption = true. please refer to the example

fculpo commented 3 years ago

I saw that possibility, but what I want is the possibility to enable default bucket encryption while creating it.

ShiChangkuo commented 3 years ago

due to the limitation of SDK , only object encryption can be supported now.

@antonin-a maybe you can submit a requirement to OBS.

Note: the link above is python SDK as I can not find the Go SDK of OBS on the support docs, but I think both of them have the same functions.

antonin-a commented 3 years ago

ok @ShiChangkuo noted. @DafuSHI can you help us here ?

sbernier-corp commented 3 years ago

Hi,

Any news ? My customer is waiting for this feature ;-)

qukuijin1989 commented 3 years ago

@ShiChangkuo could you provide a release date for this requirement?

sbernier-corp commented 3 years ago

Well we raise the issue in January .. so now customer wants it asap ;-)

ShiChangkuo commented 3 years ago

@sbernier-corp we will release the feature before the end of June.

Also, you can try to build with #554 to check whether it meets the requirement.

sbernier-corp commented 3 years ago

@ShiChangkuo, perfect sounds good. Just have the following issue https://github.com/FlexibleEngineCloud/terraform-provider-flexibleengine/issues/548 that avoid my customer to migrate to last version of the terraform provider. Can the 548 issue be fixed also ?

fculpo commented 3 years ago

@niuzhenguo We get an Access Denied when trying to apply encryption through terraform

...
encryption = true
kms_key_id = flexibleengine_kms_key_v1.customer.id
...

│ Error: failed to enable default encryption of OBS bucket <REDACTED>: AccessDenied,
│  Reason: Access Denied

fculpo commented 3 years ago

We also see different key ids between OBS encryption key selection, and KMS page