Force update_shared_storages to pass the string true for _mount_unmount in the efs resource

Updates to a cluster result in boolean values for the iam_authorization and efs_encryption_in_transit variables when the
mapping yaml file is loaded.  Need to force strings to be consistent with the dna.json pattern.

Author: dreambeyondorange

CHANGELOG.md

@@ -3,6 +3,16 @@ aws-parallelcluster-cookbook CHANGELOG
 
 This file is used to list changes made in each version of the AWS ParallelCluster cookbook.
 
+3.10.0
+------
+
+**ENHANCEMENTS**
+
+**CHANGES**
+
+**BUG FIXES**
+- Fixed an issue that prevented cluster updates from including EFS filesystems with encryption in transit.
+
 3.9.0
 ------
 

cookbooks/aws-parallelcluster-environment/recipes/config/update_shared_storages.rb

@@ -83,8 +83,17 @@ def get_efs(action)
         next unless not_in_shared_storages_mapping["efs"].nil? || !not_in_shared_storages_mapping["efs"].include?(storage)
         shared_dir_array.push(storage["mount_dir"])
         efs_fs_id_array.push(storage["efs_fs_id"])
-        efs_encryption_in_transit_array.push(storage["efs_encryption_in_transit"])
-        efs_iam_authorization_array.push(storage["efs_iam_authorization"])
+        # The EFS resource expects strings for these attributes, not booleans
+        if storage["efs_encryption_in_transit"]
+          efs_encryption_in_transit_array.push("true")
+        else
+          efs_encryption_in_transit_array.push("false")
+        end
+        if storage["efs_iam_authorization"]
+          efs_iam_authorization_array.push("true")
+        else
+          efs_iam_authorization_array.push("false")
+        end
       end
     end
     [shared_dir_array, efs_fs_id_array, efs_encryption_in_transit_array, efs_iam_authorization_array]

cookbooks/aws-parallelcluster-environment/spec/unit/resources/efs_spec.rb

@@ -335,6 +335,94 @@ def mock_already_installed(package, expected_version, installed)
   end
 end
 
+describe 'efs:mount_bool' do
+  for_all_oses do |platform, version|
+    %w(HeadNode ComputeFleet).each do |node_type|
+      context "on #{platform}#{version} and node type #{node_type}" do
+        cached(:chef_run) do
+          runner = runner(platform: platform, version: version, step_into: ['efs']) do |node|
+            node.override['cluster']['region'] = "REGION"
+            node.override['cluster']['aws_domain'] = "DOMAIN"
+            node.override['cluster']['node_type'] = node_type
+          end
+          runner.converge_dsl do
+            efs 'mount' do
+              efs_fs_id_array %w(id_1 id_2 id_3)
+              shared_dir_array %w(shared_dir_1 /shared_dir_2 /shared_dir_3)
+              efs_encryption_in_transit_array [true, true, false]
+              efs_iam_authorization_array [false, true, true]
+              action :mount
+            end
+          end
+        end
+
+        before do
+          stub_command("mount | grep ' /shared_dir_1 '").and_return(false)
+          stub_command("mount | grep ' /shared_dir_2 '").and_return(true)
+          stub_command("mount | grep ' /shared_dir_3 '").and_return(true)
+        end
+
+        it 'mounts efs' do
+          is_expected.to mount_efs('mount')
+        end
+
+        it 'creates shared directory' do
+          %w(/shared_dir_1 /shared_dir_2 /shared_dir_3).each do |shared_dir|
+            is_expected.to create_directory(shared_dir)
+              .with(owner: 'root')
+              .with(group: 'root')
+              .with(mode: '1777')
+            # .with(recursive: true) # even if we set recursive a true, the test fails
+          end
+        end
+
+        it 'mounts shared dir if not already mounted' do
+          is_expected.to mount_mount('/shared_dir_1')
+            .with(device: 'id_1:/')
+            .with(fstype: 'efs')
+            .with(dump: 0)
+            .with(pass: 0)
+            .with(options: %w(_netdev noresvport tls))
+            .with(retries: 10)
+            .with(retry_delay: 60)
+        end
+
+        it 'enables shared dir mount if already mounted' do
+          is_expected.to enable_mount('/shared_dir_2')
+            .with(device: 'id_2:/')
+            .with(fstype: 'efs')
+            .with(dump: 0)
+            .with(pass: 0)
+            .with(options: %w(_netdev noresvport tls iam))
+            .with(retries: 10)
+            .with(retry_delay: 6)
+
+          is_expected.to enable_mount('/shared_dir_3')
+            .with(device: 'id_3:/')
+            .with(fstype: 'efs')
+            .with(dump: 0)
+            .with(pass: 0)
+            .with(options: %w(_netdev noresvport))
+            .with(retries: 10)
+            .with(retry_delay: 6)
+        end
+
+        if node_type == "HeadNode"
+          it 'changes permissions' do
+            %w(/shared_dir_1 /shared_dir_2 /shared_dir_3).each do |shared_dir|
+              is_expected.to create_directory("change permissions for #{shared_dir}")
+                .with(path: shared_dir)
+                .with(owner: 'root')
+                .with(group: 'root')
+                .with(mode: '1777')
+            end
+          end
+        end
+      end
+    end
+  end
+end
+
 describe 'efs:unmount' do
   for_all_oses do |platform, version|
     context "on #{platform}#{version}" do