Added EFS Accesspoint Ids to mount commands (aws#2791)

mapk-amazon · dreambeyondorange · web-flow · commit b39929f849dc · 2024-08-20T13:13:31.000-04:00
* improved mount commands to include the accesspoint id option


---------

Co-authored-by: Ryan Anderson &lt;ndry@amazon.com&gt;
diff --git a/cookbooks/aws-parallelcluster-environment/recipes/config/update_shared_storages.rb b/cookbooks/aws-parallelcluster-environment/recipes/config/update_shared_storages.rb
@@ -37,7 +37,7 @@
     # get efs to unmount
     node.default['cluster']['unmount_efs_shared_dir_array'], node.default['cluster']['unmount_efs_fs_id_array'], = get_efs(UNMOUNT_ACTION)
     # get efs to mount
-    node.default['cluster']['mount_efs_shared_dir_array'], node.default['cluster']['mount_efs_fs_id_array'], node.default['cluster']['mount_efs_encryption_in_transit_array'], node.default['cluster']['mount_efs_iam_authorization_array'] = get_efs(MOUNT_ACTION)
+    node.default['cluster']['mount_efs_shared_dir_array'], node.default['cluster']['mount_efs_fs_id_array'], node.default['cluster']['mount_efs_encryption_in_transit_array'], node.default['cluster']['mount_efs_iam_authorization_array'], node.default['cluster']['mount_efs_access_point_array'] = get_efs(MOUNT_ACTION)
     # get fsx to unmount
     node.default['cluster']['unmount_fsx_fs_id_array'], node.default['cluster']['unmount_fsx_fs_type_array'], node.default['cluster']['unmount_fsx_shared_dir_array'], node.default['cluster']['unmount_fsx_dns_name_array'], node.default['cluster']['unmount_fsx_mount_name_array'], node.default['cluster']['unmount_fsx_volume_junction_path_array'] = get_fsx(UNMOUNT_ACTION)
     # get fsx to mount
@@ -78,6 +78,7 @@ def get_efs(action)
     efs_fs_id_array = []
     efs_encryption_in_transit_array = []
     efs_iam_authorization_array = []
+    efs_access_point_id_array = []
     unless in_shared_storages_mapping["efs"].nil?
       in_shared_storages_mapping["efs"].each do |storage|
         next unless not_in_shared_storages_mapping["efs"].nil? || !not_in_shared_storages_mapping["efs"].include?(storage)
@@ -86,9 +87,10 @@ def get_efs(action)
         # The EFS resource expects strings for these attributes, not booleans
         efs_encryption_in_transit_array.push(String(storage["efs_encryption_in_transit"]))
         efs_iam_authorization_array.push(String(storage["efs_iam_authorization"]))
+        efs_access_point_id_array.push(String(storage["efs_access_point_id"]))
       end
     end
-    [shared_dir_array, efs_fs_id_array, efs_encryption_in_transit_array, efs_iam_authorization_array]
+    [shared_dir_array, efs_fs_id_array, efs_encryption_in_transit_array, efs_iam_authorization_array, efs_access_point_id_array]
   end
 
   def get_fsx(action)
diff --git a/cookbooks/aws-parallelcluster-environment/resources/efs/partial/_mount_umount.rb b/cookbooks/aws-parallelcluster-environment/resources/efs/partial/_mount_umount.rb
@@ -43,14 +43,18 @@
 
     # See reference of mount options: https://docs.aws.amazon.com/efs/latest/ug/automount-with-efs-mount-helper.html
     mount_options = "_netdev,noresvport"
-    if efs_access_point_id
-      mount_options = "iam,tls,access_point=#{efs_access_point_id}"
-    elsif efs_encryption_in_transit == "true"
+    if efs_encryption_in_transit == "true"
       mount_options += ",tls"
+      # iam authorization requires tls
       if efs_iam_authorization == "true"
         mount_options += ",iam"
       end
+      # accesspoint requires tls
+      if efs_access_point_id && efs_access_point_id != ''
+        mount_options += ",accesspoint=#{efs_access_point_id}"
+      end
     end
+
     mount_point = efs_mount_point_array.nil? ? "/" : efs_mount_point_array[index]
 
     # Create the EFS shared directory
