1
0
mirror of https://github.com/ceph/ceph-csi.git synced 2024-12-19 19:40:19 +00:00

e2e: validate encrypted image mount inside the nodeplugin

currently the mountType validation of the encrypted volume is done in
the application, we should rather validate this inside the nodeplugin
pod.

Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
This commit is contained in:
Prasanna Kumar Kalever 2021-11-15 17:11:24 +05:30 committed by mergify[bot]
parent e6fa392df1
commit 0bf9db822b
2 changed files with 19 additions and 9 deletions

View File

@ -447,7 +447,7 @@ func validateEncryptedPVCAndAppBinding(pvcPath, appPath string, kms kmsConfig, f
}
rbdImageSpec := imageSpec(defaultRBDPool, imageData.imageName)
err = validateEncryptedImage(f, rbdImageSpec, app)
err = validateEncryptedImage(f, rbdImageSpec, imageData.pvName, app.Name)
if err != nil {
return err
}
@ -498,7 +498,7 @@ func isEncryptedPVC(f *framework.Framework, pvc *v1.PersistentVolumeClaim, app *
}
rbdImageSpec := imageSpec(defaultRBDPool, imageData.imageName)
return validateEncryptedImage(f, rbdImageSpec, app)
return validateEncryptedImage(f, rbdImageSpec, imageData.pvName, app.Name)
}
func isThickPVC(f *framework.Framework, pvc *v1.PersistentVolumeClaim, app *v1.Pod) error {
@ -538,7 +538,7 @@ func validateThickImageMetadata(f *framework.Framework, pvc *v1.PersistentVolume
// following checks are performed:
// - Metadata of the image should be set with the encryption state;
// - The pvc should be mounted by a pod, so the filesystem type can be fetched.
func validateEncryptedImage(f *framework.Framework, rbdImageSpec string, app *v1.Pod) error {
func validateEncryptedImage(f *framework.Framework, rbdImageSpec, pvName, appName string) error {
encryptedState, err := getImageMeta(rbdImageSpec, "rbd.csi.ceph.com/encrypted", f)
if err != nil {
return err
@ -547,8 +547,19 @@ func validateEncryptedImage(f *framework.Framework, rbdImageSpec string, app *v1
return fmt.Errorf("%v not equal to encrypted", encryptedState)
}
volumeMountPath := app.Spec.Containers[0].VolumeMounts[0].MountPath
mountType, err := getMountType(app.Name, app.Namespace, volumeMountPath, f)
pod, err := f.ClientSet.CoreV1().Pods(f.UniqueName).Get(context.TODO(), appName, metav1.GetOptions{})
if err != nil {
return fmt.Errorf("failed to get pod %q in namespace %q: %w", appName, f.UniqueName, err)
}
volumeMountPath := fmt.Sprintf(
"/var/lib/kubelet/pods/%s/volumes/kubernetes.io~csi/%s/mount",
pod.UID,
pvName)
selector, err := getDaemonSetLabelSelector(f, cephCSINamespace, rbdDaemonsetName)
if err != nil {
return fmt.Errorf("failed to get labels: %w", err)
}
mountType, err := getMountType(selector, volumeMountPath, f)
if err != nil {
return err
}

View File

@ -20,7 +20,6 @@ import (
scv1 "k8s.io/api/storage/v1"
"k8s.io/apimachinery/pkg/api/resource"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/fields"
"k8s.io/apimachinery/pkg/util/wait"
utilyaml "k8s.io/apimachinery/pkg/util/yaml"
"k8s.io/client-go/kubernetes"
@ -230,12 +229,12 @@ func validatePVCAndAppBinding(pvcPath, appPath string, f *framework.Framework) e
return err
}
func getMountType(appName, appNamespace, mountPath string, f *framework.Framework) (string, error) {
func getMountType(selector, mountPath string, f *framework.Framework) (string, error) {
opt := metav1.ListOptions{
FieldSelector: fields.OneTermEqualSelector("metadata.name", appName).String(),
LabelSelector: selector,
}
cmd := fmt.Sprintf("lsblk -o TYPE,MOUNTPOINT | grep '%s' | awk '{print $1}'", mountPath)
stdOut, stdErr, err := execCommandInPod(f, cmd, appNamespace, &opt)
stdOut, stdErr, err := execCommandInContainer(f, cmd, cephCSINamespace, "csi-rbdplugin", &opt)
if err != nil {
return "", err
}