util: Add EncryptionTypeNone and unit tests

Add type none to distinguish disabled encryption (positive result)
from invalid configuration (negative result).

Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
This commit is contained in:
Marcel Lauhoff 2022-09-06 18:44:00 +02:00 committed by mergify[bot]
parent f89076b1d7
commit 2abfafdf3f
3 changed files with 62 additions and 11 deletions

View File

@ -383,11 +383,13 @@ func (conn *Connection) CheckReservation(ctx context.Context,
}
}
if encryptionType != util.EncryptionTypeInvalid {
if encryptionType != util.EncryptionTypeNone {
if savedImageAttributes.EncryptionType != encryptionType {
return nil, fmt.Errorf("internal state inconsistent, omap encryption type"+
" mismatch, request KMS (%s) volume UUID (%s) volume omap KMS (%d)",
kmsConfig, objUUID, savedImageAttributes.EncryptionType)
" mismatch, request type %q(%d) volume UUID (%s) volume omap encryption type %q (%d)",
util.EncryptionTypeString(encryptionType), encryptionType,
objUUID, util.EncryptionTypeString(savedImageAttributes.EncryptionType),
savedImageAttributes.EncryptionType)
}
}

View File

@ -83,17 +83,29 @@ func FetchEncryptionKMSID(encrypted, kmsID string) (string, error) {
type EncryptionType int
const (
// EncryptionTypeInvalid signals invalid or unsupported configuration.
EncryptionTypeInvalid EncryptionType = iota
EncryptionTypeBlock = iota
EncryptionTypeFile = iota
// EncryptionTypeNone disables encryption.
EncryptionTypeNone
// EncryptionTypeBlock enables block encryption.
EncryptionTypeBlock
// EncryptionTypeBlock enables file encryption (fscrypt).
EncryptionTypeFile
)
const (
encryptionTypeBlockString = "block"
encryptionTypeFileString = "file"
)
func ParseEncryptionType(typeStr string) EncryptionType {
switch typeStr {
case "block":
case encryptionTypeBlockString:
return EncryptionTypeBlock
case "file":
case encryptionTypeFileString:
return EncryptionTypeFile
case "":
return EncryptionTypeNone
default:
return EncryptionTypeInvalid
}
@ -102,13 +114,15 @@ func ParseEncryptionType(typeStr string) EncryptionType {
func EncryptionTypeString(encType EncryptionType) string {
switch encType {
case EncryptionTypeBlock:
return "block"
return encryptionTypeBlockString
case EncryptionTypeFile:
return "file"
return encryptionTypeFileString
case EncryptionTypeNone:
return ""
case EncryptionTypeInvalid:
return ""
return "INVALID"
default:
return ""
return "UNKNOWN"
}
}
@ -121,6 +135,10 @@ func FetchEncryptionType(volOptions map[string]string, fallback EncryptionType)
return fallback
}
if encType == "" {
return EncryptionTypeInvalid
}
return ParseEncryptionType(encType)
}

View File

@ -63,3 +63,34 @@ func TestKMSWorkflow(t *testing.T) {
assert.NoError(t, err)
assert.Equal(t, secrets["encryptionPassphrase"], passphrase)
}
func TestEncryptionType(t *testing.T) {
t.Parallel()
assert.EqualValues(t, EncryptionTypeInvalid, ParseEncryptionType("wat?"))
assert.EqualValues(t, EncryptionTypeInvalid, ParseEncryptionType("both"))
assert.EqualValues(t, EncryptionTypeInvalid, ParseEncryptionType("file,block"))
assert.EqualValues(t, EncryptionTypeInvalid, ParseEncryptionType("block,file"))
assert.EqualValues(t, EncryptionTypeBlock, ParseEncryptionType("block"))
assert.EqualValues(t, EncryptionTypeFile, ParseEncryptionType("file"))
assert.EqualValues(t, EncryptionTypeNone, ParseEncryptionType(""))
for _, s := range []string{"file", "block", ""} {
assert.EqualValues(t, s, EncryptionTypeString(ParseEncryptionType(s)))
}
}
func TestFetchEncryptionType(t *testing.T) {
t.Parallel()
volOpts := map[string]string{}
assert.EqualValues(t, EncryptionTypeBlock, FetchEncryptionType(volOpts, EncryptionTypeBlock))
assert.EqualValues(t, EncryptionTypeFile, FetchEncryptionType(volOpts, EncryptionTypeFile))
assert.EqualValues(t, EncryptionTypeNone, FetchEncryptionType(volOpts, EncryptionTypeNone))
volOpts["encryptionType"] = ""
assert.EqualValues(t, EncryptionTypeInvalid, FetchEncryptionType(volOpts, EncryptionTypeNone))
volOpts["encryptionType"] = "block"
assert.EqualValues(t, EncryptionTypeBlock, FetchEncryptionType(volOpts, EncryptionTypeNone))
volOpts["encryptionType"] = "file"
assert.EqualValues(t, EncryptionTypeFile, FetchEncryptionType(volOpts, EncryptionTypeNone))
volOpts["encryptionType"] = "INVALID"
assert.EqualValues(t, EncryptionTypeInvalid, FetchEncryptionType(volOpts, EncryptionTypeNone))
}