mirror of
https://github.com/ceph/ceph-csi.git
synced 2025-06-13 10:33:35 +00:00
util: move EncryptionType(s) to pkg/util/crypto
Signed-off-by: Niels de Vos <ndevos@ibm.com>
This commit is contained in:
Niels de Vos
committed by
mergify[bot]
mergify[bot]
parent
ac38963cbf
commit
542ed3de63
@ -26,6 +26,8 @@ import (
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
"github.com/ceph/ceph-csi/pkg/util/crypto"
|
||||
|
||||
"github.com/ceph/ceph-csi/internal/kms"
|
||||
"github.com/ceph/ceph-csi/internal/util/cryptsetup"
|
||||
"github.com/ceph/ceph-csi/internal/util/log"
|
||||
@ -83,66 +85,20 @@ func FetchEncryptionKMSID(encrypted, kmsID string) (string, error) {
|
||||
return kmsID, nil
|
||||
}
|
||||
|
||||
type EncryptionType int
|
||||
|
||||
const (
|
||||
// EncryptionTypeInvalid signals invalid or unsupported configuration.
|
||||
EncryptionTypeInvalid EncryptionType = iota
|
||||
// EncryptionTypeNone disables encryption.
|
||||
EncryptionTypeNone
|
||||
// EncryptionTypeBlock enables block encryption.
|
||||
EncryptionTypeBlock
|
||||
// EncryptionTypeBlock enables file encryption (fscrypt).
|
||||
EncryptionTypeFile
|
||||
)
|
||||
|
||||
const (
|
||||
encryptionTypeBlockString = "block"
|
||||
encryptionTypeFileString = "file"
|
||||
)
|
||||
|
||||
func ParseEncryptionType(typeStr string) EncryptionType {
|
||||
switch typeStr {
|
||||
case encryptionTypeBlockString:
|
||||
return EncryptionTypeBlock
|
||||
case encryptionTypeFileString:
|
||||
return EncryptionTypeFile
|
||||
case "":
|
||||
return EncryptionTypeNone
|
||||
default:
|
||||
return EncryptionTypeInvalid
|
||||
}
|
||||
}
|
||||
|
||||
func (encType EncryptionType) String() string {
|
||||
switch encType {
|
||||
case EncryptionTypeBlock:
|
||||
return encryptionTypeBlockString
|
||||
case EncryptionTypeFile:
|
||||
return encryptionTypeFileString
|
||||
case EncryptionTypeNone:
|
||||
return ""
|
||||
case EncryptionTypeInvalid:
|
||||
return "INVALID"
|
||||
default:
|
||||
return "UNKNOWN"
|
||||
}
|
||||
}
|
||||
|
||||
// FetchEncryptionType returns encryptionType specified in volOptions.
|
||||
// If not specified, use fallback. If specified but invalid, return
|
||||
// invalid.
|
||||
func FetchEncryptionType(volOptions map[string]string, fallback EncryptionType) EncryptionType {
|
||||
func FetchEncryptionType(volOptions map[string]string, fallback crypto.EncryptionType) crypto.EncryptionType {
|
||||
encType, ok := volOptions["encryptionType"]
|
||||
if !ok {
|
||||
return fallback
|
||||
}
|
||||
|
||||
if encType == "" {
|
||||
return EncryptionTypeInvalid
|
||||
return crypto.EncryptionTypeInvalid
|
||||
}
|
||||
|
||||
return ParseEncryptionType(encType)
|
||||
return crypto.ParseEncryptionType(encType)
|
||||
}
|
||||
|
||||
// NewVolumeEncryption creates a new instance of VolumeEncryption and
|
||||
|
||||
@ -22,6 +22,7 @@ import (
|
||||
"testing"
|
||||
|
||||
"github.com/ceph/ceph-csi/internal/kms"
|
||||
"github.com/ceph/ceph-csi/pkg/util/crypto"
|
||||
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
@ -65,33 +66,18 @@ func TestKMSWorkflow(t *testing.T) {
|
||||
require.Equal(t, secrets["encryptionPassphrase"], passphrase)
|
||||
}
|
||||
|
||||
func TestEncryptionType(t *testing.T) {
|
||||
t.Parallel()
|
||||
require.EqualValues(t, EncryptionTypeInvalid, ParseEncryptionType("wat?"))
|
||||
require.EqualValues(t, EncryptionTypeInvalid, ParseEncryptionType("both"))
|
||||
require.EqualValues(t, EncryptionTypeInvalid, ParseEncryptionType("file,block"))
|
||||
require.EqualValues(t, EncryptionTypeInvalid, ParseEncryptionType("block,file"))
|
||||
require.EqualValues(t, EncryptionTypeBlock, ParseEncryptionType("block"))
|
||||
require.EqualValues(t, EncryptionTypeFile, ParseEncryptionType("file"))
|
||||
require.EqualValues(t, EncryptionTypeNone, ParseEncryptionType(""))
|
||||
|
||||
for _, s := range []string{"file", "block", ""} {
|
||||
require.EqualValues(t, s, ParseEncryptionType(s).String())
|
||||
}
|
||||
}
|
||||
|
||||
func TestFetchEncryptionType(t *testing.T) {
|
||||
t.Parallel()
|
||||
volOpts := map[string]string{}
|
||||
require.EqualValues(t, EncryptionTypeBlock, FetchEncryptionType(volOpts, EncryptionTypeBlock))
|
||||
require.EqualValues(t, EncryptionTypeFile, FetchEncryptionType(volOpts, EncryptionTypeFile))
|
||||
require.EqualValues(t, EncryptionTypeNone, FetchEncryptionType(volOpts, EncryptionTypeNone))
|
||||
require.EqualValues(t, crypto.EncryptionTypeBlock, FetchEncryptionType(volOpts, crypto.EncryptionTypeBlock))
|
||||
require.EqualValues(t, crypto.EncryptionTypeFile, FetchEncryptionType(volOpts, crypto.EncryptionTypeFile))
|
||||
require.EqualValues(t, crypto.EncryptionTypeNone, FetchEncryptionType(volOpts, crypto.EncryptionTypeNone))
|
||||
volOpts["encryptionType"] = ""
|
||||
require.EqualValues(t, EncryptionTypeInvalid, FetchEncryptionType(volOpts, EncryptionTypeNone))
|
||||
require.EqualValues(t, crypto.EncryptionTypeInvalid, FetchEncryptionType(volOpts, crypto.EncryptionTypeNone))
|
||||
volOpts["encryptionType"] = "block"
|
||||
require.EqualValues(t, EncryptionTypeBlock, FetchEncryptionType(volOpts, EncryptionTypeNone))
|
||||
require.EqualValues(t, crypto.EncryptionTypeBlock, FetchEncryptionType(volOpts, crypto.EncryptionTypeNone))
|
||||
volOpts["encryptionType"] = "file"
|
||||
require.EqualValues(t, EncryptionTypeFile, FetchEncryptionType(volOpts, EncryptionTypeNone))
|
||||
require.EqualValues(t, crypto.EncryptionTypeFile, FetchEncryptionType(volOpts, crypto.EncryptionTypeNone))
|
||||
volOpts["encryptionType"] = "INVALID"
|
||||
require.EqualValues(t, EncryptionTypeInvalid, FetchEncryptionType(volOpts, EncryptionTypeNone))
|
||||
require.EqualValues(t, crypto.EncryptionTypeInvalid, FetchEncryptionType(volOpts, crypto.EncryptionTypeNone))
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user