util: Add EncryptionTypeNone and unit tests

Add type none to distinguish disabled encryption (positive result) from invalid configuration (negative result). Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2024-11-09 16:00:22 +00:00 · 2022-09-06 18:44:00 +02:00 · 2022-09-06 18:44:00 +02:00 · 2abfafdf3f
commit 2abfafdf3f
parent f89076b1d7
3 changed files with 62 additions and 11 deletions
--- a/internal/journal/voljournal.go
+++ b/internal/journal/voljournal.go
@ -383,11 +383,13 @@ func (conn *Connection) CheckReservation(ctx context.Context,
 		}
 	}

-	if encryptionType != util.EncryptionTypeInvalid {
+	if encryptionType != util.EncryptionTypeNone {
 		if savedImageAttributes.EncryptionType != encryptionType {
 			return nil, fmt.Errorf("internal state inconsistent, omap encryption type"+
-				" mismatch, request KMS (%s) volume UUID (%s) volume omap KMS (%d)",
-				kmsConfig, objUUID, savedImageAttributes.EncryptionType)
+				" mismatch, request type %q(%d) volume UUID (%s) volume omap encryption type %q (%d)",
+				util.EncryptionTypeString(encryptionType), encryptionType,
+				objUUID, util.EncryptionTypeString(savedImageAttributes.EncryptionType),
+				savedImageAttributes.EncryptionType)
 		}
 	}

--- a/internal/util/crypto.go
+++ b/internal/util/crypto.go
@ -83,17 +83,29 @@ func FetchEncryptionKMSID(encrypted, kmsID string) (string, error) {
 type EncryptionType int

 const (
+	// EncryptionTypeInvalid signals invalid or unsupported configuration.
 	EncryptionTypeInvalid EncryptionType = iota
-	EncryptionTypeBlock                  = iota
-	EncryptionTypeFile                   = iota
+	// EncryptionTypeNone disables encryption.
+	EncryptionTypeNone
+	// EncryptionTypeBlock enables block encryption.
+	EncryptionTypeBlock
+	// EncryptionTypeBlock enables file encryption (fscrypt).
+	EncryptionTypeFile
+)
+
+const (
+	encryptionTypeBlockString = "block"
+	encryptionTypeFileString  = "file"
 )

 func ParseEncryptionType(typeStr string) EncryptionType {
 	switch typeStr {
-	case "block":
+	case encryptionTypeBlockString:
 		return EncryptionTypeBlock
-	case "file":
+	case encryptionTypeFileString:
 		return EncryptionTypeFile
+	case "":
+		return EncryptionTypeNone
 	default:
 		return EncryptionTypeInvalid
 	}
@ -102,13 +114,15 @@ func ParseEncryptionType(typeStr string) EncryptionType {
 func EncryptionTypeString(encType EncryptionType) string {
 	switch encType {
 	case EncryptionTypeBlock:
-		return "block"
+		return encryptionTypeBlockString
 	case EncryptionTypeFile:
-		return "file"
+		return encryptionTypeFileString
+	case EncryptionTypeNone:
+		return ""
 	case EncryptionTypeInvalid:
-		return ""
+		return "INVALID"
 	default:
-		return ""
+		return "UNKNOWN"
 	}
 }

@ -121,6 +135,10 @@ func FetchEncryptionType(volOptions map[string]string, fallback EncryptionType)
 		return fallback
 	}

+	if encType == "" {
+		return EncryptionTypeInvalid
+	}
+
 	return ParseEncryptionType(encType)
 }

--- a/internal/util/crypto_test.go
+++ b/internal/util/crypto_test.go
@ -63,3 +63,34 @@ func TestKMSWorkflow(t *testing.T) {
 	assert.NoError(t, err)
 	assert.Equal(t, secrets["encryptionPassphrase"], passphrase)
 }
+
+func TestEncryptionType(t *testing.T) {
+	t.Parallel()
+	assert.EqualValues(t, EncryptionTypeInvalid, ParseEncryptionType("wat?"))
+	assert.EqualValues(t, EncryptionTypeInvalid, ParseEncryptionType("both"))
+	assert.EqualValues(t, EncryptionTypeInvalid, ParseEncryptionType("file,block"))
+	assert.EqualValues(t, EncryptionTypeInvalid, ParseEncryptionType("block,file"))
+	assert.EqualValues(t, EncryptionTypeBlock, ParseEncryptionType("block"))
+	assert.EqualValues(t, EncryptionTypeFile, ParseEncryptionType("file"))
+	assert.EqualValues(t, EncryptionTypeNone, ParseEncryptionType(""))
+
+	for _, s := range []string{"file", "block", ""} {
+		assert.EqualValues(t, s, EncryptionTypeString(ParseEncryptionType(s)))
+	}
+}
+
+func TestFetchEncryptionType(t *testing.T) {
+	t.Parallel()
+	volOpts := map[string]string{}
+	assert.EqualValues(t, EncryptionTypeBlock, FetchEncryptionType(volOpts, EncryptionTypeBlock))
+	assert.EqualValues(t, EncryptionTypeFile, FetchEncryptionType(volOpts, EncryptionTypeFile))
+	assert.EqualValues(t, EncryptionTypeNone, FetchEncryptionType(volOpts, EncryptionTypeNone))
+	volOpts["encryptionType"] = ""
+	assert.EqualValues(t, EncryptionTypeInvalid, FetchEncryptionType(volOpts, EncryptionTypeNone))
+	volOpts["encryptionType"] = "block"
+	assert.EqualValues(t, EncryptionTypeBlock, FetchEncryptionType(volOpts, EncryptionTypeNone))
+	volOpts["encryptionType"] = "file"
+	assert.EqualValues(t, EncryptionTypeFile, FetchEncryptionType(volOpts, EncryptionTypeNone))
+	volOpts["encryptionType"] = "INVALID"
+	assert.EqualValues(t, EncryptionTypeInvalid, FetchEncryptionType(volOpts, EncryptionTypeNone))
+}