mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2024-09-19 15:09:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

e2e: Run encryption related tests on file and block type

Browse Source 
Replace `By` with `ByFileAndBlockEncryption` in all encryption related
tests to parameterize them to file and block encryption.

Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
This commit is contained in:
Marcel Lauhoff 2022-07-13 18:25:15 +02:00 committed by mergify[bot]
parent 7db0c3bfbf
commit f5ba45b78f
1 changed files with 100 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
e2e/rbd.go
View File

@ -998,7 +998,8 @@ var _ = Describe("RBD", func() {
noKMS, noKMS,
defaultSCName,
erasureCodedPool,
f)
f,
noPVCValidation)
})
By("create an erasure coded PVC and validate PVC-PVC clone", func() {
@ -1880,13 +1881,13 @@ var _ = Describe("RBD", func() {
}
})
By("create a PVC and bind it to an app using rbd-nbd mounter with encryption", func() {
ByFileAndBlockEncryption("create a PVC and bind it to an app using rbd-nbd mounter with encryption", func(
validator encryptionValidateFunc, _ validateFunc, encType string) {
if !testNBD {
e2elog.Logf("skipping NBD test")
return
}
err := deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil {
e2elog.Failf("failed to delete storageclass: %v", err)
@ -1902,12 +1903,13 @@ var _ = Describe("RBD", func() {
"mapOptions": nbdMapOptions,
"cephLogStrategy": e2eDefaultCephLogStrategy,
"encrypted": "true",
"encryptionType": encType,
},
deletePolicy)
if err != nil {
e2elog.Failf("failed to create storageclass: %v", err)
}
err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, noKMS, f)
err = validator(pvcPath, appPath, noKMS, f)
if err != nil {
e2elog.Failf("failed to validate encrypted pvc: %v", err)
}
@ -1924,7 +1926,9 @@ var _ = Describe("RBD", func() {
}
})
By("create a PVC and bind it to an app with encrypted RBD volume", func() {
ByFileAndBlockEncryption("create a PVC and bind it to an app with encrypted RBD volume", func(
validator encryptionValidateFunc, _ validateFunc, encType string,
) {
err := deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil {
e2elog.Failf("failed to delete storageclass: %v", err)
@ -1934,12 +1938,12 @@ var _ = Describe("RBD", func() {
f,
defaultSCName,
nil,
map[string]string{"encrypted": "true"},
map[string]string{"encrypted": "true", "encryptionType": encType},
deletePolicy)
if err != nil {
e2elog.Failf("failed to create storageclass: %v", err)
}
err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, noKMS, f)
err = validator(pvcPath, appPath, noKMS, f)
if err != nil {
e2elog.Failf("failed to validate encrypted pvc: %v", err)
}
@ -1956,7 +1960,8 @@ var _ = Describe("RBD", func() {
}
})
By("Resize Encrypted Block PVC and check Device size", func() {
ByFileAndBlockEncryption("Resize Encrypted Block PVC and check Device size", func(
validator encryptionValidateFunc, _ validateFunc, encType string) {
err := deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil {
e2elog.Failf("failed to delete storageclass: %v", err)
@ -1966,7 +1971,7 @@ var _ = Describe("RBD", func() {
f,
defaultSCName,
nil,
map[string]string{"encrypted": "true"},
map[string]string{"encrypted": "true", "encryptionType": encType},
deletePolicy)
if err != nil {
e2elog.Failf("failed to create storageclass: %v", err)
@ -1981,15 +1986,16 @@ var _ = Describe("RBD", func() {
validateRBDImageCount(f, 0, defaultRBDPool)
validateOmapCount(f, 0, rbdType, defaultRBDPool, volumesType)
// Block PVC resize
err = resizePVCAndValidateSize(rawPvcPath, rawAppPath, f)
if err != nil {
e2elog.Failf("failed to resize block PVC: %v", err)
if encType != "file" {
// Block PVC resize
err = resizePVCAndValidateSize(rawPvcPath, rawAppPath, f)
if err != nil {
e2elog.Failf("failed to resize block PVC: %v", err)
}
// validate created backend rbd images
validateRBDImageCount(f, 0, defaultRBDPool)
validateOmapCount(f, 0, rbdType, defaultRBDPool, volumesType)
}
// validate created backend rbd images
validateRBDImageCount(f, 0, defaultRBDPool)
validateOmapCount(f, 0, rbdType, defaultRBDPool, volumesType)
err = deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil {
e2elog.Failf("failed to delete storageclass: %v", err)
@ -2000,7 +2006,8 @@ var _ = Describe("RBD", func() {
}
})
By("create a PVC and bind it to an app with encrypted RBD volume with VaultKMS", func() {
ByFileAndBlockEncryption("create a PVC and bind it to an app with encrypted RBD volume with VaultKMS", func(
validator encryptionValidateFunc, _ validateFunc, encType string) {
err := deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil {
e2elog.Failf("failed to delete storageclass: %v", err)
@ -2008,12 +2015,13 @@ var _ = Describe("RBD", func() {
scOpts := map[string]string{
"encrypted": "true",
"encryptionKMSID": "vault-test",
"encryptionType": encType,
}
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
if err != nil {
e2elog.Failf("failed to create storageclass: %v", err)
}
err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, vaultKMS, f)
err = validator(pvcPath, appPath, vaultKMS, f)
if err != nil {
e2elog.Failf("failed to validate encrypted pvc: %v", err)
}
@ -2030,7 +2038,8 @@ var _ = Describe("RBD", func() {
}
})
By("create a PVC and bind it to an app with encrypted RBD volume with VaultTokensKMS", func() {
ByFileAndBlockEncryption("create a PVC and bind it to an app with encrypted RBD volume with VaultTokensKMS", func(
validator encryptionValidateFunc, _ validateFunc, encType string) {
err := deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil {
e2elog.Failf("failed to delete storageclass: %v", err)
@ -2038,6 +2047,7 @@ var _ = Describe("RBD", func() {
scOpts := map[string]string{
"encrypted": "true",
"encryptionKMSID": "vault-tokens-test",
"encryptionType": encType,
}
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
if err != nil {
@ -2057,7 +2067,7 @@ var _ = Describe("RBD", func() {
e2elog.Failf("failed to create Secret with tenant token: %v", err)
}
err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, vaultTokensKMS, f)
err = validator(pvcPath, appPath, vaultTokensKMS, f)
if err != nil {
e2elog.Failf("failed to validate encrypted pvc: %v", err)
}
@ -2081,7 +2091,8 @@ var _ = Describe("RBD", func() {
}
})
By("create a PVC and bind it to an app with encrypted RBD volume with VaultTenantSA KMS", func() {
ByFileAndBlockEncryption("create a PVC and bind it to an app with encrypted RBD volume with VaultTenantSA KMS", func(
validator encryptionValidateFunc, _ validateFunc, encType string) {
err := deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil {
e2elog.Failf("failed to delete storageclass: %v", err)
@ -2089,6 +2100,7 @@ var _ = Describe("RBD", func() {
scOpts := map[string]string{
"encrypted": "true",
"encryptionKMSID": "vault-tenant-sa-test",
"encryptionType": encType,
}
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
if err != nil {
@ -2101,7 +2113,7 @@ var _ = Describe("RBD", func() {
}
defer deleteTenantServiceAccount(f.UniqueName)
err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, vaultTenantSAKMS, f)
err = validator(pvcPath, appPath, vaultTenantSAKMS, f)
if err != nil {
e2elog.Failf("failed to validate encrypted pvc: %v", err)
}
@ -2118,7 +2130,8 @@ var _ = Describe("RBD", func() {
}
})
By("create a PVC and bind it to an app with encrypted RBD volume with SecretsMetadataKMS", func() {
ByFileAndBlockEncryption("create a PVC and bind it to an app with encrypted RBD volume with SecretsMetadataKMS", func(
validator encryptionValidateFunc, _ validateFunc, encType string) {
err := deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil {
e2elog.Failf("failed to delete storageclass: %v", err)
@ -2126,12 +2139,13 @@ var _ = Describe("RBD", func() {
scOpts := map[string]string{
"encrypted": "true",
"encryptionKMSID": "secrets-metadata-test",
"encryptionType": encType,
}
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
if err != nil {
e2elog.Failf("failed to create storageclass: %v", err)
}
err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, noKMS, f)
err = validator(pvcPath, appPath, noKMS, f)
if err != nil {
e2elog.Failf("failed to validate encrypted pvc: %v", err)
}
@ -2148,7 +2162,8 @@ var _ = Describe("RBD", func() {
}
})
By("test RBD volume encryption with user secrets based SecretsMetadataKMS", func() {
ByFileAndBlockEncryption("test RBD volume encryption with user secrets based SecretsMetadataKMS", func(
validator encryptionValidateFunc, _ validateFunc, encType string) {
err := deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil {
e2elog.Failf("failed to delete storageclass: %v", err)
@ -2156,6 +2171,7 @@ var _ = Describe("RBD", func() {
scOpts := map[string]string{
"encrypted": "true",
"encryptionKMSID": "user-ns-secrets-metadata-test",
"encryptionType": encType,
}
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
if err != nil {
@ -2171,7 +2187,7 @@ var _ = Describe("RBD", func() {
e2elog.Failf("failed to create user Secret: %v", err)
}
err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, noKMS, f)
err = validator(pvcPath, appPath, noKMS, f)
if err != nil {
e2elog.Failf("failed to validate encrypted pvc: %v", err)
}
@ -2199,9 +2215,9 @@ var _ = Describe("RBD", func() {
}
})
By(
ByFileAndBlockEncryption(
"test RBD volume encryption with user secrets based SecretsMetadataKMS with tenant namespace",
func() {
func(validator encryptionValidateFunc, isEncryptedPVC validateFunc, encType string) {
err := deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil {
e2elog.Failf("failed to delete storageclass: %v", err)
@ -2209,6 +2225,7 @@ var _ = Describe("RBD", func() {
scOpts := map[string]string{
"encrypted": "true",
"encryptionKMSID": "user-secrets-metadata-test",
"encryptionType": encType,
}
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
if err != nil {
@ -2224,7 +2241,7 @@ var _ = Describe("RBD", func() {
e2elog.Failf("failed to create user Secret: %v", err)
}
err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, noKMS, f)
err = validator(pvcPath, appPath, noKMS, f)
if err != nil {
e2elog.Failf("failed to validate encrypted pvc: %v", err)
}
@ -2307,7 +2324,8 @@ var _ = Describe("RBD", func() {
noKMS, noKMS,
defaultSCName,
noDataPool,
f)
f,
noPVCValidation)
})
By("create a PVC-PVC clone and bind it to an app", func() {
@ -2324,7 +2342,8 @@ var _ = Describe("RBD", func() {
f)
})
By("create an encrypted PVC snapshot and restore it for an app with VaultKMS", func() {
ByFileAndBlockEncryption("create an encrypted PVC snapshot and restore it for an app with VaultKMS", func(
validator encryptionValidateFunc, isEncryptedPVC validateFunc, encType string) {
err := deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil {
e2elog.Failf("failed to delete storageclass: %v", err)
@ -2332,6 +2351,7 @@ var _ = Describe("RBD", func() {
scOpts := map[string]string{
"encrypted": "true",
"encryptionKMSID": "vault-test",
"encryptionType": encType,
}
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
if err != nil {
@ -2342,7 +2362,7 @@ var _ = Describe("RBD", func() {
pvcPath, appPath, snapshotPath, pvcClonePath, appClonePath,
vaultKMS, vaultKMS,
defaultSCName, noDataPool,
f)
f, isEncryptedPVC)
err = deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil {
@ -2354,7 +2374,8 @@ var _ = Describe("RBD", func() {
}
})
By("Validate PVC restore from vaultKMS to vaultTenantSAKMS", func() {
ByFileAndBlockEncryption("Validate PVC restore from vaultKMS to vaultTenantSAKMS", func(
validator encryptionValidateFunc, isEncryptedPVC validateFunc, encType string) {
restoreSCName := "restore-sc"
err := deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil {
@ -2363,6 +2384,7 @@ var _ = Describe("RBD", func() {
scOpts := map[string]string{
"encrypted": "true",
"encryptionKMSID": "vault-test",
"encryptionType": encType,
}
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
if err != nil {
@ -2372,6 +2394,7 @@ var _ = Describe("RBD", func() {
scOpts = map[string]string{
"encrypted": "true",
"encryptionKMSID": "vault-tenant-sa-test",
"encryptionType": encType,
}
err = createRBDStorageClass(f.ClientSet, f, restoreSCName, nil, scOpts, deletePolicy)
if err != nil {
@ -2387,7 +2410,8 @@ var _ = Describe("RBD", func() {
validatePVCSnapshot(1,
pvcPath, appPath, snapshotPath, pvcClonePath, appClonePath,
vaultKMS, vaultTenantSAKMS,
restoreSCName, noDataPool, f)
restoreSCName, noDataPool, f,
isEncryptedPVC)
err = retryKubectlArgs(cephCSINamespace, kubectlDelete, deployTimeout, "storageclass", restoreSCName)
if err != nil {
@ -2409,7 +2433,8 @@ var _ = Describe("RBD", func() {
}
})
By("Validate PVC-PVC clone with different SC from vaultKMS to vaultTenantSAKMS", func() {
ByFileAndBlockEncryption("Validate PVC-PVC clone with different SC from vaultKMS to vaultTenantSAKMS", func(
validator encryptionValidateFunc, isValidPVC validateFunc, encType string) {
restoreSCName := "restore-sc"
err := deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil {
@ -2418,6 +2443,7 @@ var _ = Describe("RBD", func() {
scOpts := map[string]string{
"encrypted": "true",
"encryptionKMSID": "vault-test",
"encryptionType": encType,
}
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
if err != nil {
@ -2427,6 +2453,7 @@ var _ = Describe("RBD", func() {
scOpts = map[string]string{
"encrypted": "true",
"encryptionKMSID": "vault-tenant-sa-test",
"encryptionType": encType,
}
err = createRBDStorageClass(f.ClientSet, f, restoreSCName, nil, scOpts, deletePolicy)
if err != nil {
@ -2447,7 +2474,7 @@ var _ = Describe("RBD", func() {
restoreSCName,
noDataPool,
secretsMetadataKMS,
isEncryptedPVC,
isValidPVC,
f)
err = retryKubectlArgs(cephCSINamespace, kubectlDelete, deployTimeout, "storageclass", restoreSCName)
@ -2469,7 +2496,8 @@ var _ = Describe("RBD", func() {
}
})
By("create an encrypted PVC-PVC clone and bind it to an app", func() {
ByFileAndBlockEncryption("create an encrypted PVC-PVC clone and bind it to an app", func(
validator encryptionValidateFunc, isValidPVC validateFunc, encType string) {
err := deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil {
e2elog.Failf("failed to delete storageclass: %v", err)
@ -2477,6 +2505,7 @@ var _ = Describe("RBD", func() {
scOpts := map[string]string{
"encrypted": "true",
"encryptionKMSID": "secrets-metadata-test",
"encryptionType": encType,
}
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
if err != nil {
@ -2491,7 +2520,7 @@ var _ = Describe("RBD", func() {
defaultSCName,
noDataPool,
secretsMetadataKMS,
isEncryptedPVC,
isValidPVC,
f)
err = deleteResource(rbdExamplePath + "storageclass.yaml")
@ -2504,7 +2533,8 @@ var _ = Describe("RBD", func() {
}
})
By("create an encrypted PVC-PVC clone and bind it to an app with VaultKMS", func() {
ByFileAndBlockEncryption("create an encrypted PVC-PVC clone and bind it to an app with VaultKMS", func(
validator encryptionValidateFunc, isValidPVC validateFunc, encType string) {
err := deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil {
e2elog.Failf("failed to delete storageclass: %v", err)
@ -2512,6 +2542,7 @@ var _ = Describe("RBD", func() {
scOpts := map[string]string{
"encrypted": "true",
"encryptionKMSID": "vault-test",
"encryptionType": encType,
}
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
if err != nil {
@ -2526,7 +2557,7 @@ var _ = Describe("RBD", func() {
defaultSCName,
noDataPool,
vaultKMS,
isEncryptedPVC,
isValidPVC,
f)
err = deleteResource(rbdExamplePath + "storageclass.yaml")
@ -4001,10 +4032,13 @@ var _ = Describe("RBD", func() {
}
})
By("restore snapshot to bigger size encrypted PVC with VaultKMS", func() {
ByFileAndBlockEncryption("restore snapshot to bigger size encrypted PVC with VaultKMS", func(
_ encryptionValidateFunc, _ validateFunc, encType string,
) {
scOpts := map[string]string{
"encrypted": "true",
"encryptionKMSID": "vault-test",
"encryptionType": encType,
}
err := createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
if err != nil {
@ -4036,15 +4070,17 @@ var _ = Describe("RBD", func() {
if err != nil {
e2elog.Failf("failed to validate restore bigger size clone: %v", err)
}
// validate block mode PVC
err = validateBiggerPVCFromSnapshot(f,
rawPvcPath,
rawAppPath,
snapshotPath,
pvcBlockRestorePath,
appBlockRestorePath)
if err != nil {
e2elog.Failf("failed to validate restore bigger size clone: %v", err)
if encType != "file" {
// validate block mode PVC
err = validateBiggerPVCFromSnapshot(f,
rawPvcPath,
rawAppPath,
snapshotPath,
pvcBlockRestorePath,
appBlockRestorePath)
if err != nil {
e2elog.Failf("failed to validate restore bigger size clone: %v", err)
}
}
})
@ -4059,9 +4095,11 @@ var _ = Describe("RBD", func() {
})
By("clone PVC to a bigger size PVC", func() {
By("clone PVC to bigger size encrypted PVC with VaultKMS", func() {
ByFileAndBlockEncryption("clone PVC to bigger size encrypted PVC with VaultKMS", func(
validator encryptionValidateFunc, _ validateFunc, encType string) {
scOpts := map[string]string{
"encrypted": "true",
"encryptionType": encType,
"encryptionKMSID": "vault-test",
}
err := createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
@ -4084,14 +4122,16 @@ var _ = Describe("RBD", func() {
if err != nil {
e2elog.Failf("failed to validate bigger size clone: %v", err)
}
// validate block mode PVC
err = validateBiggerCloneFromPVC(f,
rawPvcPath,
rawAppPath,
pvcBlockSmartClonePath,
appBlockSmartClonePath)
if err != nil {
e2elog.Failf("failed to validate bigger size clone: %v", err)
if encType != "file" {
// validate block mode PVC
err = validateBiggerCloneFromPVC(f,
rawPvcPath,
rawAppPath,
pvcBlockSmartClonePath,
appBlockSmartClonePath)
if err != nil {
e2elog.Failf("failed to validate bigger size clone: %v", err)
}
}
})