2021-12-21 14:23:26 +00:00
|
|
|
/*
|
|
|
|
Copyright 2021 The Ceph-CSI Authors.
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
limitations under the License.
|
|
|
|
*/
|
|
|
|
|
2020-09-03 09:34:29 +00:00
|
|
|
package e2e
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"encoding/json"
|
|
|
|
"fmt"
|
2021-02-10 08:19:40 +00:00
|
|
|
"regexp"
|
2020-09-03 09:34:29 +00:00
|
|
|
"strings"
|
2022-02-14 15:55:43 +00:00
|
|
|
"time"
|
2020-09-03 09:34:29 +00:00
|
|
|
|
2024-09-09 13:11:01 +00:00
|
|
|
snapapi "github.com/kubernetes-csi/external-snapshotter/client/v8/apis/volumesnapshot/v1"
|
2020-09-03 09:34:29 +00:00
|
|
|
v1 "k8s.io/api/core/v1"
|
|
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
2022-02-14 15:55:43 +00:00
|
|
|
"k8s.io/apimachinery/pkg/util/wait"
|
2020-09-03 09:34:29 +00:00
|
|
|
"k8s.io/client-go/kubernetes"
|
|
|
|
"k8s.io/kubernetes/test/e2e/framework"
|
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
adminUser = "admin"
|
|
|
|
)
|
|
|
|
|
|
|
|
// validateSubvolumegroup validates whether subvolumegroup is present.
|
|
|
|
func validateSubvolumegroup(f *framework.Framework, subvolgrp string) error {
|
2022-04-07 15:36:45 +00:00
|
|
|
cmd := fmt.Sprintf("ceph fs subvolumegroup getpath %s %s", fileSystemName, subvolgrp)
|
2020-09-03 09:34:29 +00:00
|
|
|
stdOut, stdErr, err := execCommandInToolBoxPod(f, cmd, rookNamespace)
|
|
|
|
if err != nil {
|
2021-05-11 09:28:56 +00:00
|
|
|
return fmt.Errorf("failed to exec command in toolbox: %w", err)
|
2020-09-03 09:34:29 +00:00
|
|
|
}
|
|
|
|
if stdErr != "" {
|
2021-11-22 06:56:06 +00:00
|
|
|
return fmt.Errorf("failed to getpath for subvolumegroup %s : %v", subvolgrp, stdErr)
|
2020-09-03 09:34:29 +00:00
|
|
|
}
|
|
|
|
expectedGrpPath := "/volumes/" + subvolgrp
|
|
|
|
stdOut = strings.TrimSpace(stdOut)
|
|
|
|
if stdOut != expectedGrpPath {
|
|
|
|
return fmt.Errorf("error unexpected group path. Found: %s", stdOut)
|
|
|
|
}
|
2021-07-22 05:45:17 +00:00
|
|
|
|
2020-09-03 09:34:29 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2021-06-25 12:31:28 +00:00
|
|
|
func createCephfsStorageClass(
|
|
|
|
c kubernetes.Interface,
|
|
|
|
f *framework.Framework,
|
|
|
|
enablePool bool,
|
2022-06-01 10:17:19 +00:00
|
|
|
params map[string]string,
|
|
|
|
) error {
|
2021-09-20 10:16:55 +00:00
|
|
|
scPath := fmt.Sprintf("%s/%s", cephFSExamplePath, "storageclass.yaml")
|
2020-09-03 09:34:29 +00:00
|
|
|
sc, err := getStorageClass(scPath)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2023-06-13 09:49:01 +00:00
|
|
|
|
2022-04-07 15:36:45 +00:00
|
|
|
sc.Parameters["fsName"] = fileSystemName
|
2021-02-22 11:13:40 +00:00
|
|
|
sc.Parameters["csi.storage.k8s.io/provisioner-secret-namespace"] = cephCSINamespace
|
|
|
|
sc.Parameters["csi.storage.k8s.io/provisioner-secret-name"] = cephFSProvisionerSecretName
|
2020-09-03 09:34:29 +00:00
|
|
|
|
2021-02-22 11:13:40 +00:00
|
|
|
sc.Parameters["csi.storage.k8s.io/controller-expand-secret-namespace"] = cephCSINamespace
|
|
|
|
sc.Parameters["csi.storage.k8s.io/controller-expand-secret-name"] = cephFSProvisionerSecretName
|
2020-09-03 09:34:29 +00:00
|
|
|
|
2021-02-22 11:13:40 +00:00
|
|
|
sc.Parameters["csi.storage.k8s.io/node-stage-secret-namespace"] = cephCSINamespace
|
|
|
|
sc.Parameters["csi.storage.k8s.io/node-stage-secret-name"] = cephFSNodePluginSecretName
|
2020-09-03 09:34:29 +00:00
|
|
|
|
|
|
|
if enablePool {
|
2022-01-25 07:53:04 +00:00
|
|
|
sc.Parameters["pool"] = "myfs-replicated"
|
2020-09-03 09:34:29 +00:00
|
|
|
}
|
2020-09-21 14:56:15 +00:00
|
|
|
|
|
|
|
// overload any parameters that were passed
|
|
|
|
if params == nil {
|
|
|
|
// create an empty params, so that params["clusterID"] below
|
|
|
|
// does not panic
|
|
|
|
params = map[string]string{}
|
2020-09-03 09:34:29 +00:00
|
|
|
}
|
2020-09-21 14:56:15 +00:00
|
|
|
for param, value := range params {
|
|
|
|
sc.Parameters[param] = value
|
2020-09-03 09:34:29 +00:00
|
|
|
}
|
2020-09-21 14:56:15 +00:00
|
|
|
|
|
|
|
// fetch and set fsID from the cluster if not set in params
|
|
|
|
if _, found := params["clusterID"]; !found {
|
2022-04-08 11:08:32 +00:00
|
|
|
var fsID string
|
|
|
|
fsID, err = getClusterID(f)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("failed to get clusterID: %w", err)
|
2020-09-21 14:56:15 +00:00
|
|
|
}
|
2022-04-08 11:08:32 +00:00
|
|
|
sc.Parameters["clusterID"] = fsID
|
2020-09-03 09:34:29 +00:00
|
|
|
}
|
2021-07-22 05:45:17 +00:00
|
|
|
|
2022-02-14 15:55:43 +00:00
|
|
|
timeout := time.Duration(deployTimeout) * time.Minute
|
2022-02-14 15:56:15 +00:00
|
|
|
|
2023-06-05 14:41:04 +00:00
|
|
|
return wait.PollUntilContextTimeout(context.TODO(), poll, timeout, true, func(ctx context.Context) (bool, error) {
|
|
|
|
_, err = c.StorageV1().StorageClasses().Create(ctx, &sc, metav1.CreateOptions{})
|
2022-02-14 15:55:43 +00:00
|
|
|
if err != nil {
|
2023-02-01 17:06:36 +00:00
|
|
|
framework.Logf("error creating StorageClass %q: %v", sc.Name, err)
|
2022-02-14 15:55:43 +00:00
|
|
|
if isRetryableAPIError(err) {
|
|
|
|
return false, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
return false, fmt.Errorf("failed to create StorageClass %q: %w", sc.Name, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return true, nil
|
|
|
|
})
|
2020-09-03 09:34:29 +00:00
|
|
|
}
|
|
|
|
|
2021-02-22 11:13:40 +00:00
|
|
|
func createCephfsSecret(f *framework.Framework, secretName, userName, userKey string) error {
|
2021-09-20 10:16:55 +00:00
|
|
|
scPath := fmt.Sprintf("%s/%s", cephFSExamplePath, "secret.yaml")
|
2020-09-03 09:34:29 +00:00
|
|
|
sc, err := getSecret(scPath)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2021-02-22 11:13:40 +00:00
|
|
|
if secretName != "" {
|
|
|
|
sc.Name = secretName
|
2020-09-03 09:34:29 +00:00
|
|
|
}
|
2024-12-09 12:22:36 +00:00
|
|
|
// TODO: Update the secrets to use userID and userKey once
|
|
|
|
// the version used for upgrade testing does not depend on
|
|
|
|
// adminID and adminKey.
|
2021-02-22 11:13:40 +00:00
|
|
|
sc.StringData["adminID"] = userName
|
|
|
|
sc.StringData["adminKey"] = userKey
|
2020-09-03 09:34:29 +00:00
|
|
|
delete(sc.StringData, "userID")
|
|
|
|
delete(sc.StringData, "userKey")
|
|
|
|
sc.Namespace = cephCSINamespace
|
2021-02-22 11:13:40 +00:00
|
|
|
_, err = f.ClientSet.CoreV1().Secrets(cephCSINamespace).Create(context.TODO(), &sc, metav1.CreateOptions{})
|
2021-07-22 05:45:17 +00:00
|
|
|
|
2020-09-03 09:34:29 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2021-03-22 06:17:42 +00:00
|
|
|
// unmountCephFSVolume unmounts a cephFS volume mounted on a pod.
|
|
|
|
func unmountCephFSVolume(f *framework.Framework, appName, pvcName string) error {
|
|
|
|
pod, err := f.ClientSet.CoreV1().Pods(f.UniqueName).Get(context.TODO(), appName, metav1.GetOptions{})
|
|
|
|
if err != nil {
|
2023-02-01 17:06:36 +00:00
|
|
|
framework.Logf("Error occurred getting pod %s in namespace %s", appName, f.UniqueName)
|
2021-07-22 05:45:17 +00:00
|
|
|
|
2021-05-11 09:28:56 +00:00
|
|
|
return fmt.Errorf("failed to get pod: %w", err)
|
2021-03-22 06:17:42 +00:00
|
|
|
}
|
2022-05-06 06:59:50 +00:00
|
|
|
pvc, err := getPersistentVolumeClaim(f.ClientSet, f.UniqueName, pvcName)
|
2021-03-22 06:17:42 +00:00
|
|
|
if err != nil {
|
2023-02-01 17:06:36 +00:00
|
|
|
framework.Logf("Error occurred getting PVC %s in namespace %s", pvcName, f.UniqueName)
|
2021-07-22 05:45:17 +00:00
|
|
|
|
2021-05-11 09:28:56 +00:00
|
|
|
return fmt.Errorf("failed to get pvc: %w", err)
|
2021-03-22 06:17:42 +00:00
|
|
|
}
|
2021-06-25 12:31:28 +00:00
|
|
|
cmd := fmt.Sprintf(
|
|
|
|
"umount /var/lib/kubelet/pods/%s/volumes/kubernetes.io~csi/%s/mount",
|
|
|
|
pod.UID,
|
|
|
|
pvc.Spec.VolumeName)
|
2022-04-25 08:29:18 +00:00
|
|
|
stdErr, err := execCommandInDaemonsetPod(
|
2021-06-25 12:31:28 +00:00
|
|
|
f,
|
|
|
|
cmd,
|
2021-09-20 10:16:55 +00:00
|
|
|
cephFSDeamonSetName,
|
2021-06-25 12:31:28 +00:00
|
|
|
pod.Spec.NodeName,
|
2021-09-20 10:16:55 +00:00
|
|
|
cephFSContainerName,
|
2021-06-25 12:31:28 +00:00
|
|
|
cephCSINamespace)
|
2021-03-22 06:17:42 +00:00
|
|
|
if stdErr != "" {
|
2023-02-01 17:06:36 +00:00
|
|
|
framework.Logf("StdErr occurred: %s", stdErr)
|
2021-03-22 06:17:42 +00:00
|
|
|
}
|
2021-07-22 05:45:17 +00:00
|
|
|
|
2021-03-22 06:17:42 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2020-09-03 09:34:29 +00:00
|
|
|
func deleteBackingCephFSVolume(f *framework.Framework, pvc *v1.PersistentVolumeClaim) error {
|
|
|
|
imageData, err := getImageInfoFromPVC(pvc.Namespace, pvc.Name, f)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2021-02-10 08:19:40 +00:00
|
|
|
cmd := fmt.Sprintf("ceph fs subvolume rm %s %s %s", fileSystemName, imageData.imageName, subvolumegroup)
|
|
|
|
_, stdErr, err := execCommandInToolBoxPod(f, cmd, rookNamespace)
|
2020-09-03 09:34:29 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if stdErr != "" {
|
|
|
|
return fmt.Errorf("error deleting backing volume %s %v", imageData.imageName, stdErr)
|
|
|
|
}
|
2021-07-22 05:45:17 +00:00
|
|
|
|
2020-09-03 09:34:29 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2024-10-03 10:35:23 +00:00
|
|
|
func cephfsOptions(pool string) string {
|
|
|
|
if radosNamespace != "" {
|
|
|
|
return "--pool=" + pool + " --namespace=" + radosNamespace
|
|
|
|
}
|
|
|
|
|
|
|
|
// default namespace is csi
|
|
|
|
return "--pool=" + pool + " --namespace=csi"
|
|
|
|
}
|
|
|
|
|
2020-09-03 09:34:29 +00:00
|
|
|
type cephfsSubVolume struct {
|
|
|
|
Name string `json:"name"`
|
|
|
|
}
|
|
|
|
|
|
|
|
func listCephFSSubVolumes(f *framework.Framework, filesystem, groupname string) ([]cephfsSubVolume, error) {
|
|
|
|
var subVols []cephfsSubVolume
|
2021-06-25 12:31:28 +00:00
|
|
|
stdout, stdErr, err := execCommandInToolBoxPod(
|
|
|
|
f,
|
|
|
|
fmt.Sprintf("ceph fs subvolume ls %s --group_name=%s --format=json", filesystem, groupname),
|
|
|
|
rookNamespace)
|
2020-09-03 09:34:29 +00:00
|
|
|
if err != nil {
|
|
|
|
return subVols, err
|
|
|
|
}
|
|
|
|
if stdErr != "" {
|
2022-06-08 09:17:09 +00:00
|
|
|
return subVols, fmt.Errorf("error listing subvolumes %v", stdErr)
|
2020-09-03 09:34:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
err = json.Unmarshal([]byte(stdout), &subVols)
|
|
|
|
if err != nil {
|
|
|
|
return subVols, err
|
|
|
|
}
|
2021-07-22 05:45:17 +00:00
|
|
|
|
2020-09-03 09:34:29 +00:00
|
|
|
return subVols, nil
|
|
|
|
}
|
2021-02-09 10:32:40 +00:00
|
|
|
|
2022-05-24 14:08:12 +00:00
|
|
|
type cephfsSubvolumeMetadata struct {
|
|
|
|
PVCNameKey string `json:"csi.storage.k8s.io/pvc/name"`
|
|
|
|
PVCNamespaceKey string `json:"csi.storage.k8s.io/pvc/namespace"`
|
|
|
|
PVNameKey string `json:"csi.storage.k8s.io/pv/name"`
|
2022-06-14 13:50:42 +00:00
|
|
|
ClusterNameKey string `json:"csi.ceph.com/cluster/name"`
|
2022-05-24 14:08:12 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func listCephFSSubvolumeMetadata(
|
|
|
|
f *framework.Framework,
|
|
|
|
filesystem,
|
|
|
|
subvolume,
|
|
|
|
groupname string,
|
2022-06-08 09:17:09 +00:00
|
|
|
) (*cephfsSubvolumeMetadata, error) {
|
2022-05-24 14:08:12 +00:00
|
|
|
stdout, stdErr, err := execCommandInToolBoxPod(
|
|
|
|
f,
|
|
|
|
fmt.Sprintf("ceph fs subvolume metadata ls %s %s --group_name=%s --format=json", filesystem, subvolume, groupname),
|
|
|
|
rookNamespace)
|
2022-06-08 09:17:09 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
if stdErr != "" {
|
|
|
|
return nil, fmt.Errorf("error listing subvolume metadata %v", stdErr)
|
|
|
|
}
|
|
|
|
|
|
|
|
metadata := &cephfsSubvolumeMetadata{}
|
|
|
|
err = json.Unmarshal([]byte(stdout), metadata)
|
2022-05-24 14:08:12 +00:00
|
|
|
if err != nil {
|
|
|
|
return metadata, err
|
|
|
|
}
|
2022-06-08 09:17:09 +00:00
|
|
|
|
|
|
|
return metadata, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
type cephfsSnapshotMetadata struct {
|
|
|
|
VolSnapNameKey string `json:"csi.storage.k8s.io/volumesnapshot/name"`
|
|
|
|
VolSnapNamespaceKey string `json:"csi.storage.k8s.io/volumesnapshot/namespace"`
|
|
|
|
VolSnapContentNameKey string `json:"csi.storage.k8s.io/volumesnapshotcontent/name"`
|
2022-07-28 10:48:00 +00:00
|
|
|
ClusterNameKey string `json:"csi.ceph.com/cluster/name"`
|
2022-06-08 09:17:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func listCephFSSnapshotMetadata(
|
|
|
|
f *framework.Framework,
|
|
|
|
filesystem,
|
|
|
|
subvolume,
|
|
|
|
snapname,
|
|
|
|
groupname string,
|
|
|
|
) (*cephfsSnapshotMetadata, error) {
|
|
|
|
stdout, stdErr, err := execCommandInToolBoxPod(
|
|
|
|
f,
|
|
|
|
fmt.Sprintf("ceph fs subvolume snapshot metadata ls %s %s %s --group_name=%s --format=json",
|
|
|
|
filesystem, subvolume, snapname, groupname),
|
|
|
|
rookNamespace)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2022-05-24 14:08:12 +00:00
|
|
|
if stdErr != "" {
|
2022-06-08 09:17:09 +00:00
|
|
|
return nil, fmt.Errorf("error listing subvolume snapshots metadata %v", stdErr)
|
2022-05-24 14:08:12 +00:00
|
|
|
}
|
|
|
|
|
2022-06-08 09:17:09 +00:00
|
|
|
metadata := &cephfsSnapshotMetadata{}
|
|
|
|
err = json.Unmarshal([]byte(stdout), metadata)
|
2022-05-24 14:08:12 +00:00
|
|
|
if err != nil {
|
|
|
|
return metadata, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return metadata, nil
|
|
|
|
}
|
|
|
|
|
2022-06-08 09:17:09 +00:00
|
|
|
type cephfsSnapshot struct {
|
|
|
|
Name string `json:"name"`
|
|
|
|
}
|
|
|
|
|
|
|
|
func listCephFSSnapshots(f *framework.Framework, filesystem, subvolume, groupname string) ([]cephfsSnapshot, error) {
|
|
|
|
var snaps []cephfsSnapshot
|
|
|
|
stdout, stdErr, err := execCommandInToolBoxPod(
|
|
|
|
f,
|
|
|
|
fmt.Sprintf("ceph fs subvolume snapshot ls %s %s --group_name=%s --format=json", filesystem, subvolume, groupname),
|
|
|
|
rookNamespace)
|
|
|
|
if err != nil {
|
|
|
|
return snaps, err
|
|
|
|
}
|
|
|
|
if stdErr != "" {
|
|
|
|
return snaps, fmt.Errorf("error listing subolume snapshots %v", stdErr)
|
|
|
|
}
|
|
|
|
|
|
|
|
err = json.Unmarshal([]byte(stdout), &snaps)
|
|
|
|
if err != nil {
|
|
|
|
return snaps, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return snaps, nil
|
|
|
|
}
|
|
|
|
|
2021-02-09 10:32:40 +00:00
|
|
|
// getSubvolumepath validates whether subvolumegroup is present.
|
|
|
|
func getSubvolumePath(f *framework.Framework, filesystem, subvolgrp, subvolume string) (string, error) {
|
|
|
|
cmd := fmt.Sprintf("ceph fs subvolume getpath %s %s --group_name=%s", filesystem, subvolume, subvolgrp)
|
|
|
|
stdOut, stdErr, err := execCommandInToolBoxPod(f, cmd, rookNamespace)
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
if stdErr != "" {
|
2021-11-22 06:56:06 +00:00
|
|
|
return "", fmt.Errorf("failed to getpath for subvolume %s : %s", subvolume, stdErr)
|
2021-02-09 10:32:40 +00:00
|
|
|
}
|
2021-07-22 05:45:17 +00:00
|
|
|
|
2021-02-09 10:32:40 +00:00
|
|
|
return strings.TrimSpace(stdOut), nil
|
|
|
|
}
|
2021-02-10 08:19:40 +00:00
|
|
|
|
|
|
|
func getSnapName(snapNamespace, snapName string) (string, error) {
|
|
|
|
sclient, err := newSnapshotClient()
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
2021-06-25 12:31:28 +00:00
|
|
|
snap, err := sclient.
|
|
|
|
VolumeSnapshots(snapNamespace).
|
|
|
|
Get(context.TODO(), snapName, metav1.GetOptions{})
|
2021-02-10 08:19:40 +00:00
|
|
|
if err != nil {
|
2021-05-11 09:28:56 +00:00
|
|
|
return "", fmt.Errorf("failed to get volumesnapshot: %w", err)
|
2021-02-10 08:19:40 +00:00
|
|
|
}
|
2021-06-25 12:31:28 +00:00
|
|
|
sc, err := sclient.
|
|
|
|
VolumeSnapshotContents().
|
|
|
|
Get(context.TODO(), *snap.Status.BoundVolumeSnapshotContentName, metav1.GetOptions{})
|
2021-02-10 08:19:40 +00:00
|
|
|
if err != nil {
|
2021-05-11 09:28:56 +00:00
|
|
|
return "", fmt.Errorf("failed to get volumesnapshotcontent: %w", err)
|
2021-02-10 08:19:40 +00:00
|
|
|
}
|
|
|
|
snapIDRegex := regexp.MustCompile(`(\w+\-?){5}$`)
|
|
|
|
snapID := snapIDRegex.FindString(*sc.Status.SnapshotHandle)
|
2024-04-04 08:49:32 +00:00
|
|
|
snapshotName := "csi-snap-" + snapID
|
2023-02-01 17:06:36 +00:00
|
|
|
framework.Logf("snapshotName= %s", snapshotName)
|
2021-07-22 05:45:17 +00:00
|
|
|
|
2021-02-10 08:19:40 +00:00
|
|
|
return snapshotName, nil
|
|
|
|
}
|
|
|
|
|
2021-06-25 12:31:28 +00:00
|
|
|
func deleteBackingCephFSSubvolumeSnapshot(
|
|
|
|
f *framework.Framework,
|
|
|
|
pvc *v1.PersistentVolumeClaim,
|
2022-06-01 10:17:19 +00:00
|
|
|
snap *snapapi.VolumeSnapshot,
|
|
|
|
) error {
|
2021-02-10 08:19:40 +00:00
|
|
|
snapshotName, err := getSnapName(snap.Namespace, snap.Name)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
imageData, err := getImageInfoFromPVC(pvc.Namespace, pvc.Name, f)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2021-06-25 12:31:28 +00:00
|
|
|
cmd := fmt.Sprintf(
|
|
|
|
"ceph fs subvolume snapshot rm %s %s %s %s",
|
|
|
|
fileSystemName,
|
|
|
|
imageData.imageName,
|
|
|
|
snapshotName,
|
|
|
|
subvolumegroup)
|
2021-02-10 08:19:40 +00:00
|
|
|
_, stdErr, err := execCommandInToolBoxPod(f, cmd, rookNamespace)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if stdErr != "" {
|
|
|
|
return fmt.Errorf("error deleting backing snapshot %s %v", snapshotName, stdErr)
|
|
|
|
}
|
2021-07-22 05:45:17 +00:00
|
|
|
|
2021-02-10 08:19:40 +00:00
|
|
|
return nil
|
|
|
|
}
|
2022-08-19 16:23:52 +00:00
|
|
|
|
|
|
|
func validateEncryptedCephfs(f *framework.Framework, pvName, appName string) error {
|
|
|
|
pod, err := f.ClientSet.CoreV1().Pods(f.UniqueName).Get(context.TODO(), appName, metav1.GetOptions{})
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("failed to get pod %q in namespace %q: %w", appName, f.UniqueName, err)
|
|
|
|
}
|
|
|
|
volumeMountPath := fmt.Sprintf(
|
|
|
|
"/var/lib/kubelet/pods/%s/volumes/kubernetes.io~csi/%s/mount",
|
|
|
|
pod.UID,
|
|
|
|
pvName)
|
|
|
|
|
|
|
|
selector, err := getDaemonSetLabelSelector(f, cephCSINamespace, cephFSDeamonSetName)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("failed to get labels: %w", err)
|
|
|
|
}
|
|
|
|
opt := metav1.ListOptions{
|
|
|
|
LabelSelector: selector,
|
|
|
|
}
|
|
|
|
|
2024-04-04 08:49:32 +00:00
|
|
|
cmd := "getfattr --name=ceph.fscrypt.auth --only-values " + volumeMountPath
|
2022-08-19 16:23:52 +00:00
|
|
|
_, _, err = execCommandInContainer(f, cmd, cephCSINamespace, "csi-cephfsplugin", &opt)
|
|
|
|
if err != nil {
|
2024-04-04 08:49:32 +00:00
|
|
|
cmd = "getfattr --recursive --dump " + volumeMountPath
|
2022-08-19 16:23:52 +00:00
|
|
|
stdOut, stdErr, listErr := execCommandInContainer(f, cmd, cephCSINamespace, "csi-cephfsplugin", &opt)
|
|
|
|
if listErr == nil {
|
|
|
|
return fmt.Errorf("error checking for cephfs fscrypt xattr on %q. listing: %s %s",
|
|
|
|
volumeMountPath, stdOut, stdErr)
|
|
|
|
}
|
|
|
|
|
|
|
|
return fmt.Errorf("error checking file xattr: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func getInfoFromPVC(pvcNamespace, pvcName string, f *framework.Framework) (string, string, error) {
|
|
|
|
c := f.ClientSet.CoreV1()
|
|
|
|
pvc, err := c.PersistentVolumeClaims(pvcNamespace).Get(context.TODO(), pvcName, metav1.GetOptions{})
|
|
|
|
if err != nil {
|
|
|
|
return "", "", fmt.Errorf("failed to get pvc: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
pv, err := c.PersistentVolumes().Get(context.TODO(), pvc.Spec.VolumeName, metav1.GetOptions{})
|
|
|
|
if err != nil {
|
|
|
|
return "", "", fmt.Errorf("failed to get pv: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return pv.Name, pv.Spec.CSI.VolumeHandle, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func validateFscryptAndAppBinding(pvcPath, appPath string, kms kmsConfig, f *framework.Framework) error {
|
|
|
|
pvc, app, err := createPVCAndAppBinding(pvcPath, appPath, f, deployTimeout)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
pvName, csiVolumeHandle, err := getInfoFromPVC(pvc.Namespace, pvc.Name, f)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
err = validateEncryptedCephfs(f, pvName, app.Name)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if kms != noKMS && kms.canGetPassphrase() {
|
|
|
|
// check new passphrase created
|
|
|
|
_, stdErr := kms.getPassphrase(f, csiVolumeHandle)
|
|
|
|
if stdErr != "" {
|
|
|
|
return fmt.Errorf("failed to read passphrase from vault: %s", stdErr)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
err = deletePVCAndApp("", f, pvc, app)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if kms != noKMS && kms.canGetPassphrase() {
|
|
|
|
// check new passphrase created
|
|
|
|
stdOut, _ := kms.getPassphrase(f, csiVolumeHandle)
|
|
|
|
if stdOut != "" {
|
|
|
|
return fmt.Errorf("passphrase found in vault while should be deleted: %s", stdOut)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if kms != noKMS && kms.canVerifyKeyDestroyed() {
|
|
|
|
destroyed, msg := kms.verifyKeyDestroyed(f, csiVolumeHandle)
|
|
|
|
if !destroyed {
|
|
|
|
return fmt.Errorf("passphrased was not destroyed: %s", msg)
|
|
|
|
} else if msg != "" {
|
2023-02-01 17:06:36 +00:00
|
|
|
framework.Logf("passphrase destroyed, but message returned: %s", msg)
|
2022-08-19 16:23:52 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
//nolint:gocyclo,cyclop // test function
|
|
|
|
func validateFscryptClone(
|
|
|
|
pvcPath, appPath, pvcSmartClonePath, appSmartClonePath string,
|
|
|
|
kms kmsConfig,
|
|
|
|
f *framework.Framework,
|
|
|
|
) {
|
|
|
|
pvc, err := loadPVC(pvcPath)
|
|
|
|
if err != nil {
|
2023-02-01 17:06:36 +00:00
|
|
|
framework.Failf("failed to load PVC: %v", err)
|
2022-08-19 16:23:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
pvc.Namespace = f.UniqueName
|
|
|
|
err = createPVCAndvalidatePV(f.ClientSet, pvc, deployTimeout)
|
|
|
|
if err != nil {
|
2023-02-01 17:06:36 +00:00
|
|
|
framework.Failf("failed to create PVC: %v", err)
|
2022-08-19 16:23:52 +00:00
|
|
|
}
|
|
|
|
app, err := loadApp(appPath)
|
|
|
|
if err != nil {
|
2023-02-01 17:06:36 +00:00
|
|
|
framework.Failf("failed to load application: %v", err)
|
2022-08-19 16:23:52 +00:00
|
|
|
}
|
|
|
|
label := make(map[string]string)
|
|
|
|
label[appKey] = appLabel
|
|
|
|
app.Namespace = f.UniqueName
|
|
|
|
app.Spec.Volumes[0].PersistentVolumeClaim.ClaimName = pvc.Name
|
|
|
|
app.Labels = label
|
|
|
|
opt := metav1.ListOptions{
|
|
|
|
LabelSelector: fmt.Sprintf("%s=%s", appKey, label[appKey]),
|
|
|
|
}
|
|
|
|
wErr := writeDataInPod(app, &opt, f)
|
|
|
|
if wErr != nil {
|
2023-02-01 17:06:36 +00:00
|
|
|
framework.Failf("failed to write data from application %v", wErr)
|
2022-08-19 16:23:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
pvcClone, err := loadPVC(pvcSmartClonePath)
|
|
|
|
if err != nil {
|
2023-02-01 17:06:36 +00:00
|
|
|
framework.Failf("failed to load PVC: %v", err)
|
2022-08-19 16:23:52 +00:00
|
|
|
}
|
|
|
|
pvcClone.Spec.DataSource.Name = pvc.Name
|
|
|
|
pvcClone.Namespace = f.UniqueName
|
|
|
|
appClone, err := loadApp(appSmartClonePath)
|
|
|
|
if err != nil {
|
2023-02-01 17:06:36 +00:00
|
|
|
framework.Failf("failed to load application: %v", err)
|
2022-08-19 16:23:52 +00:00
|
|
|
}
|
|
|
|
appClone.Namespace = f.UniqueName
|
|
|
|
appClone.Labels = map[string]string{
|
|
|
|
appKey: f.UniqueName,
|
|
|
|
}
|
|
|
|
|
|
|
|
err = createPVCAndApp(f.UniqueName, f, pvcClone, appClone, deployTimeout)
|
|
|
|
if err != nil {
|
2023-02-01 17:06:36 +00:00
|
|
|
framework.Failf("failed to create PVC or application (%s): %v", f.UniqueName, err)
|
2022-08-19 16:23:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
_, csiVolumeHandle, err := getInfoFromPVC(pvcClone.Namespace, pvcClone.Name, f)
|
|
|
|
if err != nil {
|
2023-02-01 17:06:36 +00:00
|
|
|
framework.Failf("failed to get pvc info: %s", err)
|
2022-08-19 16:23:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if kms != noKMS && kms.canGetPassphrase() {
|
|
|
|
// check new passphrase created
|
|
|
|
stdOut, stdErr := kms.getPassphrase(f, csiVolumeHandle)
|
|
|
|
if stdOut != "" {
|
2023-02-01 17:06:36 +00:00
|
|
|
framework.Logf("successfully read the passphrase from vault: %s", stdOut)
|
2022-08-19 16:23:52 +00:00
|
|
|
}
|
|
|
|
if stdErr != "" {
|
2023-02-01 17:06:36 +00:00
|
|
|
framework.Failf("failed to read passphrase from vault: %s", stdErr)
|
2022-08-19 16:23:52 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// delete parent pvc
|
|
|
|
err = deletePVCAndApp("", f, pvc, app)
|
|
|
|
if err != nil {
|
2023-02-01 17:06:36 +00:00
|
|
|
framework.Failf("failed to delete PVC or application: %v", err)
|
2022-08-19 16:23:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
err = deletePVCAndApp(f.UniqueName, f, pvcClone, appClone)
|
|
|
|
if err != nil {
|
2023-02-01 17:06:36 +00:00
|
|
|
framework.Failf("failed to delete PVC or application (%s): %v", f.UniqueName, err)
|
2022-08-19 16:23:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if kms != noKMS && kms.canGetPassphrase() {
|
|
|
|
// check passphrase deleted
|
|
|
|
stdOut, _ := kms.getPassphrase(f, csiVolumeHandle)
|
|
|
|
if stdOut != "" {
|
2023-02-01 17:06:36 +00:00
|
|
|
framework.Failf("passphrase found in vault while should be deleted: %s", stdOut)
|
2022-08-19 16:23:52 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if kms != noKMS && kms.canVerifyKeyDestroyed() {
|
|
|
|
destroyed, msg := kms.verifyKeyDestroyed(f, csiVolumeHandle)
|
|
|
|
if !destroyed {
|
2023-02-01 17:06:36 +00:00
|
|
|
framework.Failf("passphrased was not destroyed: %s", msg)
|
2022-08-19 16:23:52 +00:00
|
|
|
} else if msg != "" {
|
2023-02-01 17:06:36 +00:00
|
|
|
framework.Logf("passphrase destroyed, but message returned: %s", msg)
|
2022-08-19 16:23:52 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|