diff --git a/e2e/rbd.go b/e2e/rbd.go index 057ccf9f4..769283419 100644 --- a/e2e/rbd.go +++ b/e2e/rbd.go @@ -2921,7 +2921,6 @@ var _ = Describe("RBD", func() { } }) - By("validate RBD static FileSystem PVC", func() { err := validateRBDStaticPV(f, appPath, false, false) if err != nil { diff --git a/internal/rbd/encryption.go b/internal/rbd/encryption.go index bd5ced998..3d68e80c8 100644 --- a/internal/rbd/encryption.go +++ b/internal/rbd/encryption.go @@ -20,8 +20,8 @@ import ( "context" "errors" "fmt" - "strings" "strconv" + "strings" kmsapi "github.com/ceph/ceph-csi/internal/kms" "github.com/ceph/ceph-csi/internal/util" @@ -341,8 +341,14 @@ func ParseEncryptionOpts( encrypted, kmsID string ) encrypted, ok = volOptions["encrypted"] - val, _ := strconv.ParseBool(encrypted) - if !ok || !val{ + if !ok { + return "", util.EncryptionTypeNone, nil + } + ok, err = strconv.ParseBool(encrypted) + if err != nil { + return "", util.EncryptionTypeInvalid, err + } + if !ok { return "", util.EncryptionTypeNone, nil } kmsID, err = util.FetchEncryptionKMSID(encrypted, volOptions["encryptionKMSID"]) diff --git a/internal/rbd/encryption_test.go b/internal/rbd/encryption_test.go new file mode 100644 index 000000000..fb043050a --- /dev/null +++ b/internal/rbd/encryption_test.go @@ -0,0 +1,99 @@ +/* +Copyright 2023 The Ceph-CSI Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package rbd + +import ( + "testing" + + "github.com/ceph/ceph-csi/internal/util" +) + +func TestParseEncryptionOpts(t *testing.T) { + t.Parallel() + tests := []struct { + testName string + volOptions map[string]string + fallbackType util.EncryptionType + expectedKMS string + expectedEnc util.EncryptionType + expectedErr bool + }{ + { + testName: "No Encryption Option", + volOptions: map[string]string{ + "foo": "bar", + }, + fallbackType: util.EncryptionTypeBlock, + expectedKMS: "", + expectedEnc: util.EncryptionTypeNone, + expectedErr: false, + }, + { + testName: "Encrypted as false", + volOptions: map[string]string{ + "encrypted": "false", + }, + fallbackType: util.EncryptionTypeBlock, + expectedKMS: "", + expectedEnc: util.EncryptionTypeNone, + expectedErr: false, + }, + { + testName: "Encrypted as invalid string", + volOptions: map[string]string{ + "encrypted": "notbool", + }, + fallbackType: util.EncryptionTypeBlock, + expectedKMS: "", + expectedEnc: util.EncryptionTypeInvalid, + expectedErr: true, + }, + { + testName: "Valid Encryption Option With KMS ID", + volOptions: map[string]string{ + "encrypted": "true", + "encryptionKMSID": "valid-kms-id", + }, + fallbackType: util.EncryptionTypeBlock, + expectedKMS: "valid-kms-id", + expectedEnc: util.EncryptionTypeBlock, + expectedErr: false, + }, + } + + for _, tt := range tests { + newtt := tt + t.Run(newtt.testName, func(t *testing.T) { + t.Parallel() + actualKMS, actualEnc, actualErr := ParseEncryptionOpts( + newtt.volOptions, + newtt.fallbackType, + ) + if actualKMS != newtt.expectedKMS { + t.Errorf("Expected KMS ID: %s, but got: %s", newtt.expectedKMS, actualKMS) + } + + if actualEnc != newtt.expectedEnc { + t.Errorf("Expected Encryption Type: %v, but got: %v", newtt.expectedEnc, actualEnc) + } + + if (actualErr != nil) != newtt.expectedErr { + t.Errorf("expected error %v but got %v", newtt.expectedErr, actualErr) + } + }) + } +}