e2e: add test for VaultTokensKMS support

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2025-06-13 10:33:35 +00:00 · 2020-12-09 17:10:43 +01:00
parent cc5684dbd8
commit 6e2d16ed1e
3 changed files with 80 additions and 2 deletions
--- a/e2e/rbd.go
+++ b/e2e/rbd.go
@ -1,6 +1,7 @@
 package e2e

 import (
+	"context"
 	"fmt"
 	"strings"
 	"sync"
@ -337,7 +338,7 @@ var _ = Describe("RBD", func() {
 				}
 			})

-			By("create a PVC and bind it to an app with encrypted RBD volume with Vault KMS", func() {
+			By("create a PVC and bind it to an app with encrypted RBD volume with VaultKMS", func() {
 				err := deleteResource(rbdExamplePath + "storageclass.yaml")
 				if err != nil {
 					e2elog.Failf("failed to delete storageclass with error %v", err)
@ -366,6 +367,56 @@ var _ = Describe("RBD", func() {
 				}
 			})

+			By("create a PVC and bind it to an app with encrypted RBD volume with VaultTokensKMS", func() {
+				err := deleteResource(rbdExamplePath + "storageclass.yaml")
+				if err != nil {
+					e2elog.Failf("failed to delete storageclass with error %v", err)
+				}
+				scOpts := map[string]string{
+					"encrypted":       "true",
+					"encryptionKMSID": "vault-tokens-test",
+				}
+				err = createRBDStorageClass(f.ClientSet, f, nil, scOpts, deletePolicy)
+				if err != nil {
+					e2elog.Failf("failed to create storageclass with error %v", err)
+				}
+
+				// name(space) of the Tenant
+				tenant := f.UniqueName
+
+				// create the Secret with Vault Token in the Tenants namespace
+				token, err := getSecret(vaultExamplePath + "tenant-token.yaml")
+				if err != nil {
+					e2elog.Failf("failed to load tenant token from secret: %v", err)
+				}
+				_, err = c.CoreV1().Secrets(tenant).Create(context.TODO(), &token, metav1.CreateOptions{})
+				if err != nil {
+					e2elog.Failf("failed to create Secret with tenant token: %v", err)
+				}
+
+				err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, "vaulttokens", f)
+				if err != nil {
+					e2elog.Failf("failed to validate encrypted pvc with error %v", err)
+				}
+				// validate created backend rbd images
+				validateRBDImageCount(f, 0)
+
+				// delete the Secret of the Tenant
+				err = c.CoreV1().Secrets(tenant).Delete(context.TODO(), token.Name, metav1.DeleteOptions{})
+				if err != nil {
+					e2elog.Failf("failed to delete Secret with tenant token: %v", err)
+				}
+
+				err = deleteResource(rbdExamplePath + "storageclass.yaml")
+				if err != nil {
+					e2elog.Failf("failed to delete storageclass with error %v", err)
+				}
+				err = createRBDStorageClass(f.ClientSet, f, nil, nil, deletePolicy)
+				if err != nil {
+					e2elog.Failf("failed to create storageclass with error %v", err)
+				}
+			})
+
 			By("create a PVC clone and bind it to an app", func() {
 				// snapshot beta is only supported from v1.17+
 				if k8sVersionGreaterEquals(f.ClientSet, 1, 17) {