mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-09 16:00:22 +00:00
e2e: add basic PVC Ceph FS fscrypt tests
Test storage class, pvc and app bind of an fscrypt encrypted Ceph FS with secrets metadata, vault, vault tokens and vault tenant KMS. Tests are based on the RBD block/file encryption tests. Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
This commit is contained in:
Marcel Lauhoff
mergify[bot]
parent
638f77a95c
commit
8d38107fd6
@ -417,6 +417,67 @@ var _ = Describe(cephfsType, func() {
|
|||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
|
if testCephFSFscrypt {
|
||||||
|
kmsToTest := map[string]kmsConfig{
|
||||||
|
"secrets-metadata-test": secretsMetadataKMS,
|
||||||
|
"vault-test": vaultKMS,
|
||||||
|
"vault-tokens-test": vaultTokensKMS,
|
||||||
|
"vault-tenant-sa-test": vaultTenantSAKMS,
|
||||||
|
}
|
||||||
|
|
||||||
|
for kmsID, kmsConf := range kmsToTest {
|
||||||
|
kmsID := kmsID
|
||||||
|
kmsConf := kmsConf
|
||||||
|
By("create a storageclass with pool and an encrypted PVC then bind it to an app with "+kmsID, func() {
|
||||||
|
scOpts := map[string]string{
|
||||||
|
"encrypted": "true",
|
||||||
|
"encryptionKMSID": kmsID,
|
||||||
|
}
|
||||||
|
err := createCephfsStorageClass(f.ClientSet, f, true, scOpts)
|
||||||
|
if err != nil {
|
||||||
|
e2elog.Failf("failed to create CephFS storageclass: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if kmsID == "vault-tokens-test" {
|
||||||
|
var token v1.Secret
|
||||||
|
tenant := f.UniqueName
|
||||||
|
token, err = getSecret(vaultExamplePath + "tenant-token.yaml")
|
||||||
|
if err != nil {
|
||||||
|
e2elog.Failf("failed to load tenant token from secret: %v", err)
|
||||||
|
}
|
||||||
|
_, err = c.CoreV1().Secrets(tenant).Create(context.TODO(), &token, metav1.CreateOptions{})
|
||||||
|
if err != nil {
|
||||||
|
e2elog.Failf("failed to create Secret with tenant token: %v", err)
|
||||||
|
}
|
||||||
|
defer func() {
|
||||||
|
err = c.CoreV1().Secrets(tenant).Delete(context.TODO(), token.Name, metav1.DeleteOptions{})
|
||||||
|
if err != nil {
|
||||||
|
e2elog.Failf("failed to delete Secret with tenant token: %v", err)
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
|
||||||
|
}
|
||||||
|
if kmsID == "vault-tenant-sa-test" {
|
||||||
|
err = createTenantServiceAccount(f.ClientSet, f.UniqueName)
|
||||||
|
if err != nil {
|
||||||
|
e2elog.Failf("failed to create ServiceAccount: %v", err)
|
||||||
|
}
|
||||||
|
defer deleteTenantServiceAccount(f.UniqueName)
|
||||||
|
}
|
||||||
|
|
||||||
|
err = validateFscryptAndAppBinding(pvcPath, appPath, kmsConf, f)
|
||||||
|
if err != nil {
|
||||||
|
e2elog.Failf("failed to validate CephFS pvc and application binding: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
err = deleteResource(cephFSExamplePath + "storageclass.yaml")
|
||||||
|
if err != nil {
|
||||||
|
e2elog.Failf("failed to delete CephFS storageclass: %v", err)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
By("create a PVC and check PVC/PV metadata on CephFS subvolume", func() {
|
By("create a PVC and check PVC/PV metadata on CephFS subvolume", func() {
|
||||||
err := createCephfsStorageClass(f.ClientSet, f, true, nil)
|
err := createCephfsStorageClass(f.ClientSet, f, true, nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user