From 624905d60db74281e4a1c98120422145da68752b Mon Sep 17 00:00:00 2001 From: Marcel Lauhoff Date: Fri, 29 Apr 2022 20:23:24 +0200 Subject: [PATCH] kms: Add basic GetSecret() test Add rudimentary test to ensure that we can get a valid passphrase from the GetSecret() feature Signed-off-by: Marcel Lauhoff --- internal/util/getsecret_test.go | 52 +++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 internal/util/getsecret_test.go diff --git a/internal/util/getsecret_test.go b/internal/util/getsecret_test.go new file mode 100644 index 000000000..59e61e992 --- /dev/null +++ b/internal/util/getsecret_test.go @@ -0,0 +1,52 @@ +/* +Copyright 2022 The Ceph-CSI Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package util + +import ( + "errors" + "testing" + + kmsapi "github.com/ceph/ceph-csi/internal/kms" + + "github.com/stretchr/testify/assert" +) + +func TestGetPassphraseFromKMS(t *testing.T) { + t.Parallel() + + for _, provider := range kmsapi.GetKMSTestProvider() { + if provider.CreateTestDummy == nil { + continue + } + kms := kmsapi.GetKMSTestDummy(provider.UniqueID) + assert.NotNil(t, kms) + + volEnc, err := NewVolumeEncryption(provider.UniqueID, kms) + if errors.Is(err, ErrDEKStoreNeeded) { + _, err = volEnc.KMS.GetSecret("") + if errors.Is(err, kmsapi.ErrGetSecretUnsupported) { + continue // currently unsupported by fscrypt integration + } + } + assert.NotNil(t, volEnc) + + if kms.RequiresDEKStore() == kmsapi.DEKStoreIntegrated { + continue + } + + secret, err := kms.GetSecret("") + assert.NoError(t, err, provider.UniqueID) + assert.NotEmpty(t, secret, provider.UniqueID) + } +}