e2e: add cephfs fscrypt snapshot volume test

Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2024-11-09 16:00:22 +00:00 · 2022-09-07 18:30:55 +02:00 · 2022-09-07 18:30:55 +02:00 · e5ebd23709
commit e5ebd23709
parent a53a64129d
1 changed files with 158 additions and 0 deletions
--- a/e2e/cephfs.go
+++ b/e2e/cephfs.go
@ -1541,6 +1541,164 @@ var _ = Describe(cephfsType, func() {
 				}
 			})

+			if testCephFSFscrypt {
+				for _, kmsID := range []string{"secrets-metadata-test", "vault-test"} {
+					kmsID := kmsID
+					By("checking encrypted snapshot-backed volume with KMS "+kmsID, func() {
+						err := deleteResource(cephFSExamplePath + "storageclass.yaml")
+						if err != nil {
+							e2elog.Failf("failed to delete storageclass: %v", err)
+						}
+
+						scOpts := map[string]string{
+							"encrypted":       "true",
+							"encryptionKMSID": kmsID,
+						}
+
+						err = createCephfsStorageClass(f.ClientSet, f, true, scOpts)
+						if err != nil {
+							e2elog.Failf("failed to create CephFS storageclass: %v", err)
+						}
+
+						err = createCephFSSnapshotClass(f)
+						if err != nil {
+							e2elog.Failf("failed to delete CephFS storageclass: %v", err)
+						}
+
+						pvc, err := loadPVC(pvcPath)
+						if err != nil {
+							e2elog.Failf("failed to load PVC: %v", err)
+						}
+						pvc.Namespace = f.UniqueName
+						err = createPVCAndvalidatePV(f.ClientSet, pvc, deployTimeout)
+						if err != nil {
+							e2elog.Failf("failed to create PVC: %v", err)
+						}
+
+						app, err := loadApp(appPath)
+						if err != nil {
+							e2elog.Failf("failed to load application: %v", err)
+						}
+						app.Namespace = f.UniqueName
+						app.Spec.Volumes[0].PersistentVolumeClaim.ClaimName = pvc.Name
+						appLabels := map[string]string{
+							appKey: appLabel,
+						}
+						app.Labels = appLabels
+						optApp := metav1.ListOptions{
+							LabelSelector: fmt.Sprintf("%s=%s", appKey, appLabels[appKey]),
+						}
+						err = writeDataInPod(app, &optApp, f)
+						if err != nil {
+							e2elog.Failf("failed to write data: %v", err)
+						}
+
+						appTestFilePath := app.Spec.Containers[0].VolumeMounts[0].MountPath + "/test"
+
+						snap := getSnapshot(snapshotPath)
+						snap.Namespace = f.UniqueName
+						snap.Spec.Source.PersistentVolumeClaimName = &pvc.Name
+						err = createSnapshot(&snap, deployTimeout)
+						if err != nil {
+							e2elog.Failf("failed to create snapshot: %v", err)
+						}
+
+						err = appendToFileInContainer(f, app, appTestFilePath, "hello", &optApp)
+						if err != nil {
+							e2elog.Failf("failed to append data: %v", err)
+						}
+
+						parentFileSum, err := calculateSHA512sum(f, app, appTestFilePath, &optApp)
+						if err != nil {
+							e2elog.Failf("failed to get SHA512 sum for file: %v", err)
+						}
+
+						err = deleteResource(cephFSExamplePath + "storageclass.yaml")
+						if err != nil {
+							e2elog.Failf("failed to delete CephFS storageclass: %v", err)
+						}
+						err = createCephfsStorageClass(f.ClientSet, f, false, map[string]string{
+							"backingSnapshot": "true",
+							"encrypted":       "true",
+							"encryptionKMSID": kmsID,
+						})
+						if err != nil {
+							e2elog.Failf("failed to create CephFS storageclass: %v", err)
+						}
+
+						pvcClone, err := loadPVC(pvcClonePath)
+						if err != nil {
+							e2elog.Failf("failed to load PVC: %v", err)
+						}
+						// Snapshot-backed volumes support read-only access modes only.
+						pvcClone.Spec.AccessModes = []v1.PersistentVolumeAccessMode{v1.ReadOnlyMany}
+						appClone, err := loadApp(appClonePath)
+						if err != nil {
+							e2elog.Failf("failed to load application: %v", err)
+						}
+						appCloneLabels := map[string]string{
+							appKey: appCloneLabel,
+						}
+						appClone.Labels = appCloneLabels
+						optAppClone := metav1.ListOptions{
+							LabelSelector: fmt.Sprintf("%s=%s", appKey, appCloneLabels[appKey]),
+						}
+						pvcClone.Namespace = f.UniqueName
+						appClone.Namespace = f.UniqueName
+						err = createPVCAndApp("", f, pvcClone, appClone, deployTimeout)
+						if err != nil {
+							e2elog.Failf("failed to create PVC and app: %v", err)
+						}
+
+						// Snapshot-backed volume shouldn't contribute to total subvolume count.
+						validateSubvolumeCount(f, 1, fileSystemName, subvolumegroup)
+
+						// Deleting snapshot before deleting pvcClone should succeed. It will be
+						// deleted once all volumes that are backed by this snapshot are gone.
+						err = deleteSnapshot(&snap, deployTimeout)
+						if err != nil {
+							e2elog.Failf("failed to delete snapshot: %v", err)
+						}
+
+						appCloneTestFilePath := appClone.Spec.Containers[0].VolumeMounts[0].MountPath + "/test"
+
+						snapFileSum, err := calculateSHA512sum(f, appClone, appCloneTestFilePath, &optAppClone)
+						if err != nil {
+							e2elog.Failf("failed to get SHA512 sum for file: %v", err)
+						}
+
+						if parentFileSum == snapFileSum {
+							e2elog.Failf("SHA512 sums of files in parent subvol and snapshot should differ")
+						}
+
+						err = deletePVCAndApp("", f, pvcClone, appClone)
+						if err != nil {
+							e2elog.Failf("failed to delete PVC or application: %v", err)
+						}
+
+						err = deletePVCAndApp("", f, pvc, app)
+						if err != nil {
+							e2elog.Failf("failed to delete PVC or application: %v", err)
+						}
+
+						err = deleteResource(cephFSExamplePath + "storageclass.yaml")
+						if err != nil {
+							e2elog.Failf("failed to delete CephFS storageclass: %v", err)
+						}
+
+						err = deleteResource(cephFSExamplePath + "snapshotclass.yaml")
+						if err != nil {
+							e2elog.Failf("failed to delete CephFS snapshotclass: %v", err)
+						}
+
+						err = createCephfsStorageClass(f.ClientSet, f, false, nil)
+						if err != nil {
+							e2elog.Failf("failed to create CephFS storageclass: %v", err)
+						}
+					})
+				}
+			}
+
 			By("checking snapshot-backed volume", func() {
 				err := createCephFSSnapshotClass(f)
 				if err != nil {