e2e: use secret with "encryptionPassphrase" for RBD tests

The e2e tests create a Secret for using with the RBD StorageClass.
However this Secret was not used, instead the Rook generated Secret was
linked in the StorageClass.

By using our own Secret from the examples, Rook should not touch it when
we make modifications. In addition, no modifications are needed for
encryption anymore, as these are included in the example.

Updates: #1795
Signed-off-by: Niels de Vos <ndevos@redhat.com>
(cherry picked from commit 5bcd5cb928)
This commit is contained in:
Niels de Vos 2021-02-09 17:09:44 +01:00 committed by mergify[bot]
parent 4005585806
commit 4d4ead26dd
2 changed files with 8 additions and 37 deletions

View File

@ -37,13 +37,13 @@ func createRBDStorageClass(c kubernetes.Interface, f *framework.Framework, scOpt
return nil
}
sc.Parameters["pool"] = defaultRBDPool
sc.Parameters["csi.storage.k8s.io/provisioner-secret-namespace"] = rookNamespace
sc.Parameters["csi.storage.k8s.io/provisioner-secret-namespace"] = cephCSINamespace
sc.Parameters["csi.storage.k8s.io/provisioner-secret-name"] = rbdProvisionerSecretName
sc.Parameters["csi.storage.k8s.io/controller-expand-secret-namespace"] = rookNamespace
sc.Parameters["csi.storage.k8s.io/controller-expand-secret-namespace"] = cephCSINamespace
sc.Parameters["csi.storage.k8s.io/controller-expand-secret-name"] = rbdProvisionerSecretName
sc.Parameters["csi.storage.k8s.io/node-stage-secret-namespace"] = rookNamespace
sc.Parameters["csi.storage.k8s.io/node-stage-secret-namespace"] = cephCSINamespace
sc.Parameters["csi.storage.k8s.io/node-stage-secret-name"] = rbdNodePluginSecretName
fsID, stdErr, err := execCommandInToolBoxPod(f, "ceph fsid", rookNamespace)
@ -139,7 +139,6 @@ func createRBDSecret(c kubernetes.Interface, f *framework.Framework) error {
return err
}
err = updateSecretForEncryption(c)
return err
}

View File

@ -32,9 +32,11 @@ const (
cephfsNodePluginSecretName = "rook-csi-cephfs-node"
cephfsProvisionerSecretName = "rook-csi-cephfs-provisioner"
// rook created rbd user
rbdNodePluginSecretName = "rook-csi-rbd-node"
rbdProvisionerSecretName = "rook-csi-rbd-provisioner"
// Secret created inside the cephCSINamespace, can be modified. The
// Rook secrets get reconciled and changes are undone (needed for
// encryption).
rbdNodePluginSecretName = "csi-rbd-secret"
rbdProvisionerSecretName = "csi-rbd-secret"
rookTolBoxPodLabel = "app=rook-ceph-tools"
rbdmountOptions = "mountOptions"
@ -102,36 +104,6 @@ func getSecret(path string) (v1.Secret, error) {
return sc, nil
}
// updateSecretForEncryption is an hack to update the secrets created by rook to
// include the encryption key
// TODO in cephcsi we need to create own users in ceph cluster and use it for E2E.
func updateSecretForEncryption(c kubernetes.Interface) error {
secrets, err := c.CoreV1().Secrets(rookNamespace).Get(context.TODO(), rbdProvisionerSecretName, metav1.GetOptions{})
if err != nil {
return err
}
secrets.Data["encryptionPassphrase"] = []byte("test_passphrase")
_, err = c.CoreV1().Secrets(rookNamespace).Update(context.TODO(), secrets, metav1.UpdateOptions{})
if err != nil {
return err
}
secrets, err = c.CoreV1().Secrets(rookNamespace).Get(context.TODO(), rbdNodePluginSecretName, metav1.GetOptions{})
if err != nil {
return err
}
secrets.Data["encryptionPassphrase"] = []byte("test_passphrase")
_, err = c.CoreV1().Secrets(rookNamespace).Update(context.TODO(), secrets, metav1.UpdateOptions{})
if err != nil {
return err
}
return nil
}
func deleteResource(scPath string) error {
data, err := replaceNamespaceInTemplate(scPath)
if err != nil {