Skip to content

Add Customer Managed Encryption Keys (CMEK) support in Managed Lustre#5449

Merged
parulbajaj01 merged 2 commits into
GoogleCloudPlatform:developfrom
parulbajaj01:parul/dev
Apr 6, 2026
Merged

Add Customer Managed Encryption Keys (CMEK) support in Managed Lustre#5449
parulbajaj01 merged 2 commits into
GoogleCloudPlatform:developfrom
parulbajaj01:parul/dev

Conversation

@parulbajaj01
Copy link
Copy Markdown
Contributor

@parulbajaj01 parulbajaj01 commented Apr 2, 2026

This PR adds support for Customer-Managed Encryption Keys (CMEK) to the Managed Lustre module.

Submission Checklist

NOTE: Community submissions can take up to 2 weeks to be reviewed.

Please take the following actions before submitting this pull request.

  • Fork your PR branch from the Toolkit "develop" branch (not main)
  • Test all changes with pre-commit in a local branch #
  • Confirm that "make tests" passes all tests
  • Add or modify unit tests to cover code changes
  • Ensure that unit test coverage remains above 80%
  • Update all applicable documentation
  • Follow Cluster Toolkit Contribution guidelines #

@parulbajaj01 parulbajaj01 requested a review from bytetwin April 2, 2026 09:42
@parulbajaj01 parulbajaj01 added the release-key-new-features Added to release notes under the "Key New Features" heading. label Apr 2, 2026
@parulbajaj01 parulbajaj01 requested review from a team and samskillman as code owners April 2, 2026 09:42
@gemini-code-assist
Copy link
Copy Markdown
Contributor

gemini-code-assist Bot commented Apr 2, 2026

Summary of Changes

Hello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enables users to secure their Managed Lustre instances using Customer-Managed Encryption Keys (CMEK). By adding the kms_key configuration option, the module now supports custom encryption, and the documentation has been updated to guide users through the required IAM permissions for the Managed Lustre service account.

Highlights

  • CMEK Support: Added support for Customer-Managed Encryption Keys (CMEK) to the Managed Lustre module by introducing a new kms_key variable.
  • Documentation: Updated the module README with an example configuration and necessary IAM setup instructions for using CMEK with Managed Lustre.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot]
gemini-code-assist Bot reviewed Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request adds support for Customer-Managed Encryption Keys (CMEK) to the Managed Lustre module, introducing a kms_key variable and updating the google_lustre_instance resource. Documentation and examples were also added to the README. Review feedback suggests refining the kms_key description in both the README and the variable definition to use the term 'resource ID' and provide the specific format for improved clarity.

Comment thread modules/file-system/managed-lustre/README.md Outdated
Comment thread modules/file-system/managed-lustre/variables.tf
@parulbajaj01 parulbajaj01 added the documentation Improvements or additions to documentation label Apr 6, 2026
@parulbajaj01 parulbajaj01 merged commit 6713c98 into GoogleCloudPlatform:develop Apr 6, 2026
14 of 77 checks passed
simrankaurb pushed a commit to simrankaurb/cluster-toolkit that referenced this pull request Apr 7, 2026
@parulbajaj01 @simrankaurb
Add Customer Managed Encryption Keys (CMEK) support in Managed Lustre (
74e0ba4 
…GoogleCloudPlatform#5449)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bytetwin bytetwin bytetwin approved these changes

@samskillman samskillman Awaiting requested review from samskillman

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

documentation Improvements or additions to documentation release-key-new-features Added to release notes under the "Key New Features" heading.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@parulbajaj01 @bytetwin