e2e: add test for VaultTokensKMS support

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2025-06-13 10:33:35 +00:00 · 2020-12-09 17:10:43 +01:00
parent cc5684dbd8
commit 6e2d16ed1e
3 changed files with 80 additions and 2 deletions
--- a/examples/kms/vault/kms-config.yaml
+++ b/examples/kms/vault/kms-config.yaml
@ -12,7 +12,25 @@ data:
        "vaultPassphraseRoot": "/v1/secret",
        "vaultPassphrasePath": "ceph-csi/",
        "vaultCAVerify": "false"
-      }
+      },
+      "vault-tokens-test": {
+          "encryptionKMSType": "vaulttokens",
+          "vaultAddress": "http://vault.default.svc.cluster.local:8200",
+          "vaultBackendPath": "secret/",
+          "vaultTLSServerName": "vault.default.svc.cluster.local",
+          "vaultCAVerify": "false",
+          "tenantConfigName": "ceph-csi-kms-config",
+          "tenantTokenName": "ceph-csi-kms-token",
+          "tenants": {
+              "my-app": {
+                  "vaultAddress": "https://vault.example.com",
+                  "vaultCAVerify": "true"
+              },
+              "an-other-app": {
+                  "tenantTokenName": "storage-encryption-token"
+              }
+          }
+       }
    }
 metadata:
  name: ceph-csi-encryption-kms-config
--- a/examples/kms/vault/tenant-token.yaml
+++ b/examples/kms/vault/tenant-token.yaml
@ -0,0 +1,9 @@
+---
+# This is the Vault Token that can be created in a Kubernetes Namespace
+# (Tenant) for encrypting PVCs with the "vaulttokens" encryptionKMSType.
+apiVersion: v1
+kind: Secret
+metadata:
+  name: ceph-csi-kms-token
+stringData:
+  token: "sample_root_token_id"