From f5ba45b78f81f444a3057cf5c205e0bec7c2b666 Mon Sep 17 00:00:00 2001 From: Marcel Lauhoff Date: Wed, 13 Jul 2022 18:25:15 +0200 Subject: [PATCH] e2e: Run encryption related tests on file and block type Replace `By` with `ByFileAndBlockEncryption` in all encryption related tests to parameterize them to file and block encryption. Signed-off-by: Marcel Lauhoff --- e2e/rbd.go | 160 +++++++++++++++++++++++++++++++++-------------------- 1 file changed, 100 insertions(+), 60 deletions(-) diff --git a/e2e/rbd.go b/e2e/rbd.go index 032fb7e75..eb7fdf3aa 100644 --- a/e2e/rbd.go +++ b/e2e/rbd.go @@ -998,7 +998,8 @@ var _ = Describe("RBD", func() { noKMS, noKMS, defaultSCName, erasureCodedPool, - f) + f, + noPVCValidation) }) By("create an erasure coded PVC and validate PVC-PVC clone", func() { @@ -1880,13 +1881,13 @@ var _ = Describe("RBD", func() { } }) - By("create a PVC and bind it to an app using rbd-nbd mounter with encryption", func() { + ByFileAndBlockEncryption("create a PVC and bind it to an app using rbd-nbd mounter with encryption", func( + validator encryptionValidateFunc, _ validateFunc, encType string) { if !testNBD { e2elog.Logf("skipping NBD test") return } - err := deleteResource(rbdExamplePath + "storageclass.yaml") if err != nil { e2elog.Failf("failed to delete storageclass: %v", err) @@ -1902,12 +1903,13 @@ var _ = Describe("RBD", func() { "mapOptions": nbdMapOptions, "cephLogStrategy": e2eDefaultCephLogStrategy, "encrypted": "true", + "encryptionType": encType, }, deletePolicy) if err != nil { e2elog.Failf("failed to create storageclass: %v", err) } - err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, noKMS, f) + err = validator(pvcPath, appPath, noKMS, f) if err != nil { e2elog.Failf("failed to validate encrypted pvc: %v", err) } @@ -1924,7 +1926,9 @@ var _ = Describe("RBD", func() { } }) - By("create a PVC and bind it to an app with encrypted RBD volume", func() { + ByFileAndBlockEncryption("create a PVC and bind it to an app with encrypted RBD volume", func( + validator encryptionValidateFunc, _ validateFunc, encType string, + ) { err := deleteResource(rbdExamplePath + "storageclass.yaml") if err != nil { e2elog.Failf("failed to delete storageclass: %v", err) @@ -1934,12 +1938,12 @@ var _ = Describe("RBD", func() { f, defaultSCName, nil, - map[string]string{"encrypted": "true"}, + map[string]string{"encrypted": "true", "encryptionType": encType}, deletePolicy) if err != nil { e2elog.Failf("failed to create storageclass: %v", err) } - err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, noKMS, f) + err = validator(pvcPath, appPath, noKMS, f) if err != nil { e2elog.Failf("failed to validate encrypted pvc: %v", err) } @@ -1956,7 +1960,8 @@ var _ = Describe("RBD", func() { } }) - By("Resize Encrypted Block PVC and check Device size", func() { + ByFileAndBlockEncryption("Resize Encrypted Block PVC and check Device size", func( + validator encryptionValidateFunc, _ validateFunc, encType string) { err := deleteResource(rbdExamplePath + "storageclass.yaml") if err != nil { e2elog.Failf("failed to delete storageclass: %v", err) @@ -1966,7 +1971,7 @@ var _ = Describe("RBD", func() { f, defaultSCName, nil, - map[string]string{"encrypted": "true"}, + map[string]string{"encrypted": "true", "encryptionType": encType}, deletePolicy) if err != nil { e2elog.Failf("failed to create storageclass: %v", err) @@ -1981,15 +1986,16 @@ var _ = Describe("RBD", func() { validateRBDImageCount(f, 0, defaultRBDPool) validateOmapCount(f, 0, rbdType, defaultRBDPool, volumesType) - // Block PVC resize - err = resizePVCAndValidateSize(rawPvcPath, rawAppPath, f) - if err != nil { - e2elog.Failf("failed to resize block PVC: %v", err) + if encType != "file" { + // Block PVC resize + err = resizePVCAndValidateSize(rawPvcPath, rawAppPath, f) + if err != nil { + e2elog.Failf("failed to resize block PVC: %v", err) + } + // validate created backend rbd images + validateRBDImageCount(f, 0, defaultRBDPool) + validateOmapCount(f, 0, rbdType, defaultRBDPool, volumesType) } - // validate created backend rbd images - validateRBDImageCount(f, 0, defaultRBDPool) - validateOmapCount(f, 0, rbdType, defaultRBDPool, volumesType) - err = deleteResource(rbdExamplePath + "storageclass.yaml") if err != nil { e2elog.Failf("failed to delete storageclass: %v", err) @@ -2000,7 +2006,8 @@ var _ = Describe("RBD", func() { } }) - By("create a PVC and bind it to an app with encrypted RBD volume with VaultKMS", func() { + ByFileAndBlockEncryption("create a PVC and bind it to an app with encrypted RBD volume with VaultKMS", func( + validator encryptionValidateFunc, _ validateFunc, encType string) { err := deleteResource(rbdExamplePath + "storageclass.yaml") if err != nil { e2elog.Failf("failed to delete storageclass: %v", err) @@ -2008,12 +2015,13 @@ var _ = Describe("RBD", func() { scOpts := map[string]string{ "encrypted": "true", "encryptionKMSID": "vault-test", + "encryptionType": encType, } err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy) if err != nil { e2elog.Failf("failed to create storageclass: %v", err) } - err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, vaultKMS, f) + err = validator(pvcPath, appPath, vaultKMS, f) if err != nil { e2elog.Failf("failed to validate encrypted pvc: %v", err) } @@ -2030,7 +2038,8 @@ var _ = Describe("RBD", func() { } }) - By("create a PVC and bind it to an app with encrypted RBD volume with VaultTokensKMS", func() { + ByFileAndBlockEncryption("create a PVC and bind it to an app with encrypted RBD volume with VaultTokensKMS", func( + validator encryptionValidateFunc, _ validateFunc, encType string) { err := deleteResource(rbdExamplePath + "storageclass.yaml") if err != nil { e2elog.Failf("failed to delete storageclass: %v", err) @@ -2038,6 +2047,7 @@ var _ = Describe("RBD", func() { scOpts := map[string]string{ "encrypted": "true", "encryptionKMSID": "vault-tokens-test", + "encryptionType": encType, } err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy) if err != nil { @@ -2057,7 +2067,7 @@ var _ = Describe("RBD", func() { e2elog.Failf("failed to create Secret with tenant token: %v", err) } - err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, vaultTokensKMS, f) + err = validator(pvcPath, appPath, vaultTokensKMS, f) if err != nil { e2elog.Failf("failed to validate encrypted pvc: %v", err) } @@ -2081,7 +2091,8 @@ var _ = Describe("RBD", func() { } }) - By("create a PVC and bind it to an app with encrypted RBD volume with VaultTenantSA KMS", func() { + ByFileAndBlockEncryption("create a PVC and bind it to an app with encrypted RBD volume with VaultTenantSA KMS", func( + validator encryptionValidateFunc, _ validateFunc, encType string) { err := deleteResource(rbdExamplePath + "storageclass.yaml") if err != nil { e2elog.Failf("failed to delete storageclass: %v", err) @@ -2089,6 +2100,7 @@ var _ = Describe("RBD", func() { scOpts := map[string]string{ "encrypted": "true", "encryptionKMSID": "vault-tenant-sa-test", + "encryptionType": encType, } err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy) if err != nil { @@ -2101,7 +2113,7 @@ var _ = Describe("RBD", func() { } defer deleteTenantServiceAccount(f.UniqueName) - err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, vaultTenantSAKMS, f) + err = validator(pvcPath, appPath, vaultTenantSAKMS, f) if err != nil { e2elog.Failf("failed to validate encrypted pvc: %v", err) } @@ -2118,7 +2130,8 @@ var _ = Describe("RBD", func() { } }) - By("create a PVC and bind it to an app with encrypted RBD volume with SecretsMetadataKMS", func() { + ByFileAndBlockEncryption("create a PVC and bind it to an app with encrypted RBD volume with SecretsMetadataKMS", func( + validator encryptionValidateFunc, _ validateFunc, encType string) { err := deleteResource(rbdExamplePath + "storageclass.yaml") if err != nil { e2elog.Failf("failed to delete storageclass: %v", err) @@ -2126,12 +2139,13 @@ var _ = Describe("RBD", func() { scOpts := map[string]string{ "encrypted": "true", "encryptionKMSID": "secrets-metadata-test", + "encryptionType": encType, } err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy) if err != nil { e2elog.Failf("failed to create storageclass: %v", err) } - err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, noKMS, f) + err = validator(pvcPath, appPath, noKMS, f) if err != nil { e2elog.Failf("failed to validate encrypted pvc: %v", err) } @@ -2148,7 +2162,8 @@ var _ = Describe("RBD", func() { } }) - By("test RBD volume encryption with user secrets based SecretsMetadataKMS", func() { + ByFileAndBlockEncryption("test RBD volume encryption with user secrets based SecretsMetadataKMS", func( + validator encryptionValidateFunc, _ validateFunc, encType string) { err := deleteResource(rbdExamplePath + "storageclass.yaml") if err != nil { e2elog.Failf("failed to delete storageclass: %v", err) @@ -2156,6 +2171,7 @@ var _ = Describe("RBD", func() { scOpts := map[string]string{ "encrypted": "true", "encryptionKMSID": "user-ns-secrets-metadata-test", + "encryptionType": encType, } err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy) if err != nil { @@ -2171,7 +2187,7 @@ var _ = Describe("RBD", func() { e2elog.Failf("failed to create user Secret: %v", err) } - err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, noKMS, f) + err = validator(pvcPath, appPath, noKMS, f) if err != nil { e2elog.Failf("failed to validate encrypted pvc: %v", err) } @@ -2199,9 +2215,9 @@ var _ = Describe("RBD", func() { } }) - By( + ByFileAndBlockEncryption( "test RBD volume encryption with user secrets based SecretsMetadataKMS with tenant namespace", - func() { + func(validator encryptionValidateFunc, isEncryptedPVC validateFunc, encType string) { err := deleteResource(rbdExamplePath + "storageclass.yaml") if err != nil { e2elog.Failf("failed to delete storageclass: %v", err) @@ -2209,6 +2225,7 @@ var _ = Describe("RBD", func() { scOpts := map[string]string{ "encrypted": "true", "encryptionKMSID": "user-secrets-metadata-test", + "encryptionType": encType, } err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy) if err != nil { @@ -2224,7 +2241,7 @@ var _ = Describe("RBD", func() { e2elog.Failf("failed to create user Secret: %v", err) } - err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, noKMS, f) + err = validator(pvcPath, appPath, noKMS, f) if err != nil { e2elog.Failf("failed to validate encrypted pvc: %v", err) } @@ -2307,7 +2324,8 @@ var _ = Describe("RBD", func() { noKMS, noKMS, defaultSCName, noDataPool, - f) + f, + noPVCValidation) }) By("create a PVC-PVC clone and bind it to an app", func() { @@ -2324,7 +2342,8 @@ var _ = Describe("RBD", func() { f) }) - By("create an encrypted PVC snapshot and restore it for an app with VaultKMS", func() { + ByFileAndBlockEncryption("create an encrypted PVC snapshot and restore it for an app with VaultKMS", func( + validator encryptionValidateFunc, isEncryptedPVC validateFunc, encType string) { err := deleteResource(rbdExamplePath + "storageclass.yaml") if err != nil { e2elog.Failf("failed to delete storageclass: %v", err) @@ -2332,6 +2351,7 @@ var _ = Describe("RBD", func() { scOpts := map[string]string{ "encrypted": "true", "encryptionKMSID": "vault-test", + "encryptionType": encType, } err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy) if err != nil { @@ -2342,7 +2362,7 @@ var _ = Describe("RBD", func() { pvcPath, appPath, snapshotPath, pvcClonePath, appClonePath, vaultKMS, vaultKMS, defaultSCName, noDataPool, - f) + f, isEncryptedPVC) err = deleteResource(rbdExamplePath + "storageclass.yaml") if err != nil { @@ -2354,7 +2374,8 @@ var _ = Describe("RBD", func() { } }) - By("Validate PVC restore from vaultKMS to vaultTenantSAKMS", func() { + ByFileAndBlockEncryption("Validate PVC restore from vaultKMS to vaultTenantSAKMS", func( + validator encryptionValidateFunc, isEncryptedPVC validateFunc, encType string) { restoreSCName := "restore-sc" err := deleteResource(rbdExamplePath + "storageclass.yaml") if err != nil { @@ -2363,6 +2384,7 @@ var _ = Describe("RBD", func() { scOpts := map[string]string{ "encrypted": "true", "encryptionKMSID": "vault-test", + "encryptionType": encType, } err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy) if err != nil { @@ -2372,6 +2394,7 @@ var _ = Describe("RBD", func() { scOpts = map[string]string{ "encrypted": "true", "encryptionKMSID": "vault-tenant-sa-test", + "encryptionType": encType, } err = createRBDStorageClass(f.ClientSet, f, restoreSCName, nil, scOpts, deletePolicy) if err != nil { @@ -2387,7 +2410,8 @@ var _ = Describe("RBD", func() { validatePVCSnapshot(1, pvcPath, appPath, snapshotPath, pvcClonePath, appClonePath, vaultKMS, vaultTenantSAKMS, - restoreSCName, noDataPool, f) + restoreSCName, noDataPool, f, + isEncryptedPVC) err = retryKubectlArgs(cephCSINamespace, kubectlDelete, deployTimeout, "storageclass", restoreSCName) if err != nil { @@ -2409,7 +2433,8 @@ var _ = Describe("RBD", func() { } }) - By("Validate PVC-PVC clone with different SC from vaultKMS to vaultTenantSAKMS", func() { + ByFileAndBlockEncryption("Validate PVC-PVC clone with different SC from vaultKMS to vaultTenantSAKMS", func( + validator encryptionValidateFunc, isValidPVC validateFunc, encType string) { restoreSCName := "restore-sc" err := deleteResource(rbdExamplePath + "storageclass.yaml") if err != nil { @@ -2418,6 +2443,7 @@ var _ = Describe("RBD", func() { scOpts := map[string]string{ "encrypted": "true", "encryptionKMSID": "vault-test", + "encryptionType": encType, } err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy) if err != nil { @@ -2427,6 +2453,7 @@ var _ = Describe("RBD", func() { scOpts = map[string]string{ "encrypted": "true", "encryptionKMSID": "vault-tenant-sa-test", + "encryptionType": encType, } err = createRBDStorageClass(f.ClientSet, f, restoreSCName, nil, scOpts, deletePolicy) if err != nil { @@ -2447,7 +2474,7 @@ var _ = Describe("RBD", func() { restoreSCName, noDataPool, secretsMetadataKMS, - isEncryptedPVC, + isValidPVC, f) err = retryKubectlArgs(cephCSINamespace, kubectlDelete, deployTimeout, "storageclass", restoreSCName) @@ -2469,7 +2496,8 @@ var _ = Describe("RBD", func() { } }) - By("create an encrypted PVC-PVC clone and bind it to an app", func() { + ByFileAndBlockEncryption("create an encrypted PVC-PVC clone and bind it to an app", func( + validator encryptionValidateFunc, isValidPVC validateFunc, encType string) { err := deleteResource(rbdExamplePath + "storageclass.yaml") if err != nil { e2elog.Failf("failed to delete storageclass: %v", err) @@ -2477,6 +2505,7 @@ var _ = Describe("RBD", func() { scOpts := map[string]string{ "encrypted": "true", "encryptionKMSID": "secrets-metadata-test", + "encryptionType": encType, } err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy) if err != nil { @@ -2491,7 +2520,7 @@ var _ = Describe("RBD", func() { defaultSCName, noDataPool, secretsMetadataKMS, - isEncryptedPVC, + isValidPVC, f) err = deleteResource(rbdExamplePath + "storageclass.yaml") @@ -2504,7 +2533,8 @@ var _ = Describe("RBD", func() { } }) - By("create an encrypted PVC-PVC clone and bind it to an app with VaultKMS", func() { + ByFileAndBlockEncryption("create an encrypted PVC-PVC clone and bind it to an app with VaultKMS", func( + validator encryptionValidateFunc, isValidPVC validateFunc, encType string) { err := deleteResource(rbdExamplePath + "storageclass.yaml") if err != nil { e2elog.Failf("failed to delete storageclass: %v", err) @@ -2512,6 +2542,7 @@ var _ = Describe("RBD", func() { scOpts := map[string]string{ "encrypted": "true", "encryptionKMSID": "vault-test", + "encryptionType": encType, } err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy) if err != nil { @@ -2526,7 +2557,7 @@ var _ = Describe("RBD", func() { defaultSCName, noDataPool, vaultKMS, - isEncryptedPVC, + isValidPVC, f) err = deleteResource(rbdExamplePath + "storageclass.yaml") @@ -4001,10 +4032,13 @@ var _ = Describe("RBD", func() { } }) - By("restore snapshot to bigger size encrypted PVC with VaultKMS", func() { + ByFileAndBlockEncryption("restore snapshot to bigger size encrypted PVC with VaultKMS", func( + _ encryptionValidateFunc, _ validateFunc, encType string, + ) { scOpts := map[string]string{ "encrypted": "true", "encryptionKMSID": "vault-test", + "encryptionType": encType, } err := createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy) if err != nil { @@ -4036,15 +4070,17 @@ var _ = Describe("RBD", func() { if err != nil { e2elog.Failf("failed to validate restore bigger size clone: %v", err) } - // validate block mode PVC - err = validateBiggerPVCFromSnapshot(f, - rawPvcPath, - rawAppPath, - snapshotPath, - pvcBlockRestorePath, - appBlockRestorePath) - if err != nil { - e2elog.Failf("failed to validate restore bigger size clone: %v", err) + if encType != "file" { + // validate block mode PVC + err = validateBiggerPVCFromSnapshot(f, + rawPvcPath, + rawAppPath, + snapshotPath, + pvcBlockRestorePath, + appBlockRestorePath) + if err != nil { + e2elog.Failf("failed to validate restore bigger size clone: %v", err) + } } }) @@ -4059,9 +4095,11 @@ var _ = Describe("RBD", func() { }) By("clone PVC to a bigger size PVC", func() { - By("clone PVC to bigger size encrypted PVC with VaultKMS", func() { + ByFileAndBlockEncryption("clone PVC to bigger size encrypted PVC with VaultKMS", func( + validator encryptionValidateFunc, _ validateFunc, encType string) { scOpts := map[string]string{ "encrypted": "true", + "encryptionType": encType, "encryptionKMSID": "vault-test", } err := createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy) @@ -4084,14 +4122,16 @@ var _ = Describe("RBD", func() { if err != nil { e2elog.Failf("failed to validate bigger size clone: %v", err) } - // validate block mode PVC - err = validateBiggerCloneFromPVC(f, - rawPvcPath, - rawAppPath, - pvcBlockSmartClonePath, - appBlockSmartClonePath) - if err != nil { - e2elog.Failf("failed to validate bigger size clone: %v", err) + if encType != "file" { + // validate block mode PVC + err = validateBiggerCloneFromPVC(f, + rawPvcPath, + rawAppPath, + pvcBlockSmartClonePath, + appBlockSmartClonePath) + if err != nil { + e2elog.Failf("failed to validate bigger size clone: %v", err) + } } })