mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-25 14:30:22 +00:00
util: Add EncryptionTypeNone and unit tests
Add type none to distinguish disabled encryption (positive result) from invalid configuration (negative result). Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
This commit is contained in:
parent
f89076b1d7
commit
2abfafdf3f
@ -383,11 +383,13 @@ func (conn *Connection) CheckReservation(ctx context.Context,
|
||||
}
|
||||
}
|
||||
|
||||
if encryptionType != util.EncryptionTypeInvalid {
|
||||
if encryptionType != util.EncryptionTypeNone {
|
||||
if savedImageAttributes.EncryptionType != encryptionType {
|
||||
return nil, fmt.Errorf("internal state inconsistent, omap encryption type"+
|
||||
" mismatch, request KMS (%s) volume UUID (%s) volume omap KMS (%d)",
|
||||
kmsConfig, objUUID, savedImageAttributes.EncryptionType)
|
||||
" mismatch, request type %q(%d) volume UUID (%s) volume omap encryption type %q (%d)",
|
||||
util.EncryptionTypeString(encryptionType), encryptionType,
|
||||
objUUID, util.EncryptionTypeString(savedImageAttributes.EncryptionType),
|
||||
savedImageAttributes.EncryptionType)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -83,17 +83,29 @@ func FetchEncryptionKMSID(encrypted, kmsID string) (string, error) {
|
||||
type EncryptionType int
|
||||
|
||||
const (
|
||||
// EncryptionTypeInvalid signals invalid or unsupported configuration.
|
||||
EncryptionTypeInvalid EncryptionType = iota
|
||||
EncryptionTypeBlock = iota
|
||||
EncryptionTypeFile = iota
|
||||
// EncryptionTypeNone disables encryption.
|
||||
EncryptionTypeNone
|
||||
// EncryptionTypeBlock enables block encryption.
|
||||
EncryptionTypeBlock
|
||||
// EncryptionTypeBlock enables file encryption (fscrypt).
|
||||
EncryptionTypeFile
|
||||
)
|
||||
|
||||
const (
|
||||
encryptionTypeBlockString = "block"
|
||||
encryptionTypeFileString = "file"
|
||||
)
|
||||
|
||||
func ParseEncryptionType(typeStr string) EncryptionType {
|
||||
switch typeStr {
|
||||
case "block":
|
||||
case encryptionTypeBlockString:
|
||||
return EncryptionTypeBlock
|
||||
case "file":
|
||||
case encryptionTypeFileString:
|
||||
return EncryptionTypeFile
|
||||
case "":
|
||||
return EncryptionTypeNone
|
||||
default:
|
||||
return EncryptionTypeInvalid
|
||||
}
|
||||
@ -102,13 +114,15 @@ func ParseEncryptionType(typeStr string) EncryptionType {
|
||||
func EncryptionTypeString(encType EncryptionType) string {
|
||||
switch encType {
|
||||
case EncryptionTypeBlock:
|
||||
return "block"
|
||||
return encryptionTypeBlockString
|
||||
case EncryptionTypeFile:
|
||||
return "file"
|
||||
return encryptionTypeFileString
|
||||
case EncryptionTypeNone:
|
||||
return ""
|
||||
case EncryptionTypeInvalid:
|
||||
return ""
|
||||
return "INVALID"
|
||||
default:
|
||||
return ""
|
||||
return "UNKNOWN"
|
||||
}
|
||||
}
|
||||
|
||||
@ -121,6 +135,10 @@ func FetchEncryptionType(volOptions map[string]string, fallback EncryptionType)
|
||||
return fallback
|
||||
}
|
||||
|
||||
if encType == "" {
|
||||
return EncryptionTypeInvalid
|
||||
}
|
||||
|
||||
return ParseEncryptionType(encType)
|
||||
}
|
||||
|
||||
|
@ -63,3 +63,34 @@ func TestKMSWorkflow(t *testing.T) {
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, secrets["encryptionPassphrase"], passphrase)
|
||||
}
|
||||
|
||||
func TestEncryptionType(t *testing.T) {
|
||||
t.Parallel()
|
||||
assert.EqualValues(t, EncryptionTypeInvalid, ParseEncryptionType("wat?"))
|
||||
assert.EqualValues(t, EncryptionTypeInvalid, ParseEncryptionType("both"))
|
||||
assert.EqualValues(t, EncryptionTypeInvalid, ParseEncryptionType("file,block"))
|
||||
assert.EqualValues(t, EncryptionTypeInvalid, ParseEncryptionType("block,file"))
|
||||
assert.EqualValues(t, EncryptionTypeBlock, ParseEncryptionType("block"))
|
||||
assert.EqualValues(t, EncryptionTypeFile, ParseEncryptionType("file"))
|
||||
assert.EqualValues(t, EncryptionTypeNone, ParseEncryptionType(""))
|
||||
|
||||
for _, s := range []string{"file", "block", ""} {
|
||||
assert.EqualValues(t, s, EncryptionTypeString(ParseEncryptionType(s)))
|
||||
}
|
||||
}
|
||||
|
||||
func TestFetchEncryptionType(t *testing.T) {
|
||||
t.Parallel()
|
||||
volOpts := map[string]string{}
|
||||
assert.EqualValues(t, EncryptionTypeBlock, FetchEncryptionType(volOpts, EncryptionTypeBlock))
|
||||
assert.EqualValues(t, EncryptionTypeFile, FetchEncryptionType(volOpts, EncryptionTypeFile))
|
||||
assert.EqualValues(t, EncryptionTypeNone, FetchEncryptionType(volOpts, EncryptionTypeNone))
|
||||
volOpts["encryptionType"] = ""
|
||||
assert.EqualValues(t, EncryptionTypeInvalid, FetchEncryptionType(volOpts, EncryptionTypeNone))
|
||||
volOpts["encryptionType"] = "block"
|
||||
assert.EqualValues(t, EncryptionTypeBlock, FetchEncryptionType(volOpts, EncryptionTypeNone))
|
||||
volOpts["encryptionType"] = "file"
|
||||
assert.EqualValues(t, EncryptionTypeFile, FetchEncryptionType(volOpts, EncryptionTypeNone))
|
||||
volOpts["encryptionType"] = "INVALID"
|
||||
assert.EqualValues(t, EncryptionTypeInvalid, FetchEncryptionType(volOpts, EncryptionTypeNone))
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user