diff --git a/.gitignore b/.gitignore index 605549a914..3745ab6160 100644 --- a/.gitignore +++ b/.gitignore @@ -18,3 +18,4 @@ tests_outputs/ .python-version test.yaml .vscode +configs/ diff --git a/cli/src/pcluster/config/cluster_config.py b/cli/src/pcluster/config/cluster_config.py index dde2e58481..f6e7c89d87 100644 --- a/cli/src/pcluster/config/cluster_config.py +++ b/cli/src/pcluster/config/cluster_config.py @@ -478,6 +478,7 @@ def __init__( data_compression_type: str = None, export_path: str = None, import_path: str = None, + fsx_security_groups: list = None, imported_file_chunk_size: int = None, weekly_maintenance_start_time: str = None, automatic_backup_retention_days: int = None, @@ -503,6 +504,7 @@ def __init__( self.data_compression_type = Resource.init_param(data_compression_type) self.export_path = Resource.init_param(export_path) self.import_path = Resource.init_param(import_path) + self.fsx_security_groups = Resource.init_param(fsx_security_groups) self.imported_file_chunk_size = Resource.init_param(imported_file_chunk_size) self.weekly_maintenance_start_time = Resource.init_param(weekly_maintenance_start_time) self.automatic_backup_retention_days = Resource.init_param(automatic_backup_retention_days) @@ -582,6 +584,8 @@ def _register_validators(self, context: ValidatorContext = None): FsxAutoImportValidator, auto_import_policy=self.auto_import_policy, import_path=self.import_path ) self._register_validator(DeletionPolicyValidator, deletion_policy=self.deletion_policy, name=self.name) + if self.fsx_security_groups: + self._register_validator(SecurityGroupsValidator, security_group_ids=self.fsx_security_groups) @property def existing_mount_name(self): diff --git a/cli/src/pcluster/schemas/cluster_schema.py b/cli/src/pcluster/schemas/cluster_schema.py index a51d3710b5..d39993647c 100644 --- a/cli/src/pcluster/schemas/cluster_schema.py +++ b/cli/src/pcluster/schemas/cluster_schema.py @@ -402,6 +402,10 @@ class FsxLustreSettingsSchema(BaseSchema): ) export_path = fields.Str(metadata={"update_policy": UpdatePolicy.UNSUPPORTED}) import_path = fields.Str(metadata={"update_policy": UpdatePolicy.UNSUPPORTED}) + fsx_security_groups = fields.List( + fields.Str(validate=get_field_validator("security_group_id")), + metadata={"update_policy": UpdatePolicy.UNSUPPORTED}, + ) weekly_maintenance_start_time = fields.Str( validate=validate.Regexp(r"^[1-7]:([01]\d|2[0-3]):([0-5]\d)$"), metadata={"update_policy": UpdatePolicy.SUPPORTED}, diff --git a/cli/src/pcluster/templates/cluster_stack.py b/cli/src/pcluster/templates/cluster_stack.py index 82c4d25a17..6443ee725d 100644 --- a/cli/src/pcluster/templates/cluster_stack.py +++ b/cli/src/pcluster/templates/cluster_stack.py @@ -957,7 +957,11 @@ def _add_fsx_storage(self, id: str, shared_fsx: BaseSharedFsx): drive_cache_type = shared_fsx.drive_cache_type else: drive_cache_type = "NONE" - file_system_security_groups = [self._add_storage_security_group(id, shared_fsx)] + if shared_fsx.fsx_security_groups: + managed_file_system_security_groups = [self._add_storage_security_group(id, shared_fsx)] + file_system_security_groups = [sg.ref for sg in managed_file_system_security_groups] + else: + file_system_security_groups = shared_fsx.fsx_security_groups fsx_resource = fsx.CfnFileSystem( self.stack, id, @@ -981,7 +985,7 @@ def _add_fsx_storage(self, id: str, shared_fsx: BaseSharedFsx): file_system_type=LUSTRE, storage_type=shared_fsx.fsx_storage_type, subnet_ids=self.config.compute_subnet_ids[0:1], - security_group_ids=[sg.ref for sg in file_system_security_groups], + security_group_ids=file_system_security_groups, file_system_type_version=shared_fsx.file_system_type_version, tags=[CfnTag(key="Name", value=shared_fsx.name)], )