mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2024-11-24 23:30:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

util: Add EncryptionTypeNone and unit tests

Browse Source 
Add type none to distinguish disabled encryption (positive result)
from invalid configuration (negative result).

Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
This commit is contained in:
Marcel Lauhoff 2022-09-06 18:44:00 +02:00 committed by mergify[bot]
parent f89076b1d7
commit 2abfafdf3f
3 changed files with 62 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
internal/journal/voljournal.go
View File

@ -383,11 +383,13 @@ func (conn *Connection) CheckReservation(ctx context.Context,
} }
} }
if encryptionType != util.EncryptionTypeInvalid { if encryptionType != util.EncryptionTypeNone {
if savedImageAttributes.EncryptionType != encryptionType { if savedImageAttributes.EncryptionType != encryptionType {
return nil, fmt.Errorf("internal state inconsistent, omap encryption type"+ return nil, fmt.Errorf("internal state inconsistent, omap encryption type"+
" mismatch, request KMS (%s) volume UUID (%s) volume omap KMS (%d)", " mismatch, request type %q(%d) volume UUID (%s) volume omap encryption type %q (%d)",
kmsConfig, objUUID, savedImageAttributes.EncryptionType) util.EncryptionTypeString(encryptionType), encryptionType,
objUUID, util.EncryptionTypeString(savedImageAttributes.EncryptionType),
savedImageAttributes.EncryptionType)
} }
} }

34
internal/util/crypto.go
View File

@ -83,17 +83,29 @@ func FetchEncryptionKMSID(encrypted, kmsID string) (string, error) {
type EncryptionType int type EncryptionType int
const ( const (
// EncryptionTypeInvalid signals invalid or unsupported configuration.
EncryptionTypeInvalid EncryptionType = iota EncryptionTypeInvalid EncryptionType = iota
EncryptionTypeBlock = iota // EncryptionTypeNone disables encryption.
EncryptionTypeFile = iota EncryptionTypeNone
// EncryptionTypeBlock enables block encryption.
EncryptionTypeBlock
// EncryptionTypeBlock enables file encryption (fscrypt).
EncryptionTypeFile
)
const (
encryptionTypeBlockString = "block"
encryptionTypeFileString = "file"
) )
func ParseEncryptionType(typeStr string) EncryptionType { func ParseEncryptionType(typeStr string) EncryptionType {
switch typeStr { switch typeStr {
case "block": case encryptionTypeBlockString:
return EncryptionTypeBlock return EncryptionTypeBlock
case "file": case encryptionTypeFileString:
return EncryptionTypeFile return EncryptionTypeFile
case "":
return EncryptionTypeNone
default: default:
return EncryptionTypeInvalid return EncryptionTypeInvalid
} }
@ -102,13 +114,15 @@ func ParseEncryptionType(typeStr string) EncryptionType {
func EncryptionTypeString(encType EncryptionType) string { func EncryptionTypeString(encType EncryptionType) string {
switch encType { switch encType {
case EncryptionTypeBlock: case EncryptionTypeBlock:
return "block" return encryptionTypeBlockString
case EncryptionTypeFile: case EncryptionTypeFile:
return "file" return encryptionTypeFileString
case EncryptionTypeNone:
return ""
case EncryptionTypeInvalid: case EncryptionTypeInvalid:
return "" return "INVALID"
default: default:
return "" return "UNKNOWN"
} }
} }
@ -121,6 +135,10 @@ func FetchEncryptionType(volOptions map[string]string, fallback EncryptionType)
return fallback return fallback
} }
if encType == "" {
return EncryptionTypeInvalid
}
return ParseEncryptionType(encType) return ParseEncryptionType(encType)
} }

31
internal/util/crypto_test.go
View File

@ -63,3 +63,34 @@ func TestKMSWorkflow(t *testing.T) {
assert.NoError(t, err) assert.NoError(t, err)
assert.Equal(t, secrets["encryptionPassphrase"], passphrase) assert.Equal(t, secrets["encryptionPassphrase"], passphrase)
} }
func TestEncryptionType(t *testing.T) {
t.Parallel()
assert.EqualValues(t, EncryptionTypeInvalid, ParseEncryptionType("wat?"))
assert.EqualValues(t, EncryptionTypeInvalid, ParseEncryptionType("both"))
assert.EqualValues(t, EncryptionTypeInvalid, ParseEncryptionType("file,block"))
assert.EqualValues(t, EncryptionTypeInvalid, ParseEncryptionType("block,file"))
assert.EqualValues(t, EncryptionTypeBlock, ParseEncryptionType("block"))
assert.EqualValues(t, EncryptionTypeFile, ParseEncryptionType("file"))
assert.EqualValues(t, EncryptionTypeNone, ParseEncryptionType(""))
for _, s := range []string{"file", "block", ""} {
assert.EqualValues(t, s, EncryptionTypeString(ParseEncryptionType(s)))
}
}
func TestFetchEncryptionType(t *testing.T) {
t.Parallel()
volOpts := map[string]string{}
assert.EqualValues(t, EncryptionTypeBlock, FetchEncryptionType(volOpts, EncryptionTypeBlock))
assert.EqualValues(t, EncryptionTypeFile, FetchEncryptionType(volOpts, EncryptionTypeFile))
assert.EqualValues(t, EncryptionTypeNone, FetchEncryptionType(volOpts, EncryptionTypeNone))
volOpts["encryptionType"] = ""
assert.EqualValues(t, EncryptionTypeInvalid, FetchEncryptionType(volOpts, EncryptionTypeNone))
volOpts["encryptionType"] = "block"
assert.EqualValues(t, EncryptionTypeBlock, FetchEncryptionType(volOpts, EncryptionTypeNone))
volOpts["encryptionType"] = "file"
assert.EqualValues(t, EncryptionTypeFile, FetchEncryptionType(volOpts, EncryptionTypeNone))
volOpts["encryptionType"] = "INVALID"
assert.EqualValues(t, EncryptionTypeInvalid, FetchEncryptionType(volOpts, EncryptionTypeNone))
}