mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-18 11:00:25 +00:00
e2e: Run encryption related tests on file and block type
Replace `By` with `ByFileAndBlockEncryption` in all encryption related tests to parameterize them to file and block encryption. Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
This commit is contained in:
parent
7db0c3bfbf
commit
f5ba45b78f
112
e2e/rbd.go
112
e2e/rbd.go
@ -998,7 +998,8 @@ var _ = Describe("RBD", func() {
|
|||||||
noKMS, noKMS,
|
noKMS, noKMS,
|
||||||
defaultSCName,
|
defaultSCName,
|
||||||
erasureCodedPool,
|
erasureCodedPool,
|
||||||
f)
|
f,
|
||||||
|
noPVCValidation)
|
||||||
})
|
})
|
||||||
|
|
||||||
By("create an erasure coded PVC and validate PVC-PVC clone", func() {
|
By("create an erasure coded PVC and validate PVC-PVC clone", func() {
|
||||||
@ -1880,13 +1881,13 @@ var _ = Describe("RBD", func() {
|
|||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
By("create a PVC and bind it to an app using rbd-nbd mounter with encryption", func() {
|
ByFileAndBlockEncryption("create a PVC and bind it to an app using rbd-nbd mounter with encryption", func(
|
||||||
|
validator encryptionValidateFunc, _ validateFunc, encType string) {
|
||||||
if !testNBD {
|
if !testNBD {
|
||||||
e2elog.Logf("skipping NBD test")
|
e2elog.Logf("skipping NBD test")
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
err := deleteResource(rbdExamplePath + "storageclass.yaml")
|
err := deleteResource(rbdExamplePath + "storageclass.yaml")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
e2elog.Failf("failed to delete storageclass: %v", err)
|
e2elog.Failf("failed to delete storageclass: %v", err)
|
||||||
@ -1902,12 +1903,13 @@ var _ = Describe("RBD", func() {
|
|||||||
"mapOptions": nbdMapOptions,
|
"mapOptions": nbdMapOptions,
|
||||||
"cephLogStrategy": e2eDefaultCephLogStrategy,
|
"cephLogStrategy": e2eDefaultCephLogStrategy,
|
||||||
"encrypted": "true",
|
"encrypted": "true",
|
||||||
|
"encryptionType": encType,
|
||||||
},
|
},
|
||||||
deletePolicy)
|
deletePolicy)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
e2elog.Failf("failed to create storageclass: %v", err)
|
e2elog.Failf("failed to create storageclass: %v", err)
|
||||||
}
|
}
|
||||||
err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, noKMS, f)
|
err = validator(pvcPath, appPath, noKMS, f)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
e2elog.Failf("failed to validate encrypted pvc: %v", err)
|
e2elog.Failf("failed to validate encrypted pvc: %v", err)
|
||||||
}
|
}
|
||||||
@ -1924,7 +1926,9 @@ var _ = Describe("RBD", func() {
|
|||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
By("create a PVC and bind it to an app with encrypted RBD volume", func() {
|
ByFileAndBlockEncryption("create a PVC and bind it to an app with encrypted RBD volume", func(
|
||||||
|
validator encryptionValidateFunc, _ validateFunc, encType string,
|
||||||
|
) {
|
||||||
err := deleteResource(rbdExamplePath + "storageclass.yaml")
|
err := deleteResource(rbdExamplePath + "storageclass.yaml")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
e2elog.Failf("failed to delete storageclass: %v", err)
|
e2elog.Failf("failed to delete storageclass: %v", err)
|
||||||
@ -1934,12 +1938,12 @@ var _ = Describe("RBD", func() {
|
|||||||
f,
|
f,
|
||||||
defaultSCName,
|
defaultSCName,
|
||||||
nil,
|
nil,
|
||||||
map[string]string{"encrypted": "true"},
|
map[string]string{"encrypted": "true", "encryptionType": encType},
|
||||||
deletePolicy)
|
deletePolicy)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
e2elog.Failf("failed to create storageclass: %v", err)
|
e2elog.Failf("failed to create storageclass: %v", err)
|
||||||
}
|
}
|
||||||
err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, noKMS, f)
|
err = validator(pvcPath, appPath, noKMS, f)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
e2elog.Failf("failed to validate encrypted pvc: %v", err)
|
e2elog.Failf("failed to validate encrypted pvc: %v", err)
|
||||||
}
|
}
|
||||||
@ -1956,7 +1960,8 @@ var _ = Describe("RBD", func() {
|
|||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
By("Resize Encrypted Block PVC and check Device size", func() {
|
ByFileAndBlockEncryption("Resize Encrypted Block PVC and check Device size", func(
|
||||||
|
validator encryptionValidateFunc, _ validateFunc, encType string) {
|
||||||
err := deleteResource(rbdExamplePath + "storageclass.yaml")
|
err := deleteResource(rbdExamplePath + "storageclass.yaml")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
e2elog.Failf("failed to delete storageclass: %v", err)
|
e2elog.Failf("failed to delete storageclass: %v", err)
|
||||||
@ -1966,7 +1971,7 @@ var _ = Describe("RBD", func() {
|
|||||||
f,
|
f,
|
||||||
defaultSCName,
|
defaultSCName,
|
||||||
nil,
|
nil,
|
||||||
map[string]string{"encrypted": "true"},
|
map[string]string{"encrypted": "true", "encryptionType": encType},
|
||||||
deletePolicy)
|
deletePolicy)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
e2elog.Failf("failed to create storageclass: %v", err)
|
e2elog.Failf("failed to create storageclass: %v", err)
|
||||||
@ -1981,6 +1986,7 @@ var _ = Describe("RBD", func() {
|
|||||||
validateRBDImageCount(f, 0, defaultRBDPool)
|
validateRBDImageCount(f, 0, defaultRBDPool)
|
||||||
validateOmapCount(f, 0, rbdType, defaultRBDPool, volumesType)
|
validateOmapCount(f, 0, rbdType, defaultRBDPool, volumesType)
|
||||||
|
|
||||||
|
if encType != "file" {
|
||||||
// Block PVC resize
|
// Block PVC resize
|
||||||
err = resizePVCAndValidateSize(rawPvcPath, rawAppPath, f)
|
err = resizePVCAndValidateSize(rawPvcPath, rawAppPath, f)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -1989,7 +1995,7 @@ var _ = Describe("RBD", func() {
|
|||||||
// validate created backend rbd images
|
// validate created backend rbd images
|
||||||
validateRBDImageCount(f, 0, defaultRBDPool)
|
validateRBDImageCount(f, 0, defaultRBDPool)
|
||||||
validateOmapCount(f, 0, rbdType, defaultRBDPool, volumesType)
|
validateOmapCount(f, 0, rbdType, defaultRBDPool, volumesType)
|
||||||
|
}
|
||||||
err = deleteResource(rbdExamplePath + "storageclass.yaml")
|
err = deleteResource(rbdExamplePath + "storageclass.yaml")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
e2elog.Failf("failed to delete storageclass: %v", err)
|
e2elog.Failf("failed to delete storageclass: %v", err)
|
||||||
@ -2000,7 +2006,8 @@ var _ = Describe("RBD", func() {
|
|||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
By("create a PVC and bind it to an app with encrypted RBD volume with VaultKMS", func() {
|
ByFileAndBlockEncryption("create a PVC and bind it to an app with encrypted RBD volume with VaultKMS", func(
|
||||||
|
validator encryptionValidateFunc, _ validateFunc, encType string) {
|
||||||
err := deleteResource(rbdExamplePath + "storageclass.yaml")
|
err := deleteResource(rbdExamplePath + "storageclass.yaml")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
e2elog.Failf("failed to delete storageclass: %v", err)
|
e2elog.Failf("failed to delete storageclass: %v", err)
|
||||||
@ -2008,12 +2015,13 @@ var _ = Describe("RBD", func() {
|
|||||||
scOpts := map[string]string{
|
scOpts := map[string]string{
|
||||||
"encrypted": "true",
|
"encrypted": "true",
|
||||||
"encryptionKMSID": "vault-test",
|
"encryptionKMSID": "vault-test",
|
||||||
|
"encryptionType": encType,
|
||||||
}
|
}
|
||||||
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
|
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
e2elog.Failf("failed to create storageclass: %v", err)
|
e2elog.Failf("failed to create storageclass: %v", err)
|
||||||
}
|
}
|
||||||
err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, vaultKMS, f)
|
err = validator(pvcPath, appPath, vaultKMS, f)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
e2elog.Failf("failed to validate encrypted pvc: %v", err)
|
e2elog.Failf("failed to validate encrypted pvc: %v", err)
|
||||||
}
|
}
|
||||||
@ -2030,7 +2038,8 @@ var _ = Describe("RBD", func() {
|
|||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
By("create a PVC and bind it to an app with encrypted RBD volume with VaultTokensKMS", func() {
|
ByFileAndBlockEncryption("create a PVC and bind it to an app with encrypted RBD volume with VaultTokensKMS", func(
|
||||||
|
validator encryptionValidateFunc, _ validateFunc, encType string) {
|
||||||
err := deleteResource(rbdExamplePath + "storageclass.yaml")
|
err := deleteResource(rbdExamplePath + "storageclass.yaml")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
e2elog.Failf("failed to delete storageclass: %v", err)
|
e2elog.Failf("failed to delete storageclass: %v", err)
|
||||||
@ -2038,6 +2047,7 @@ var _ = Describe("RBD", func() {
|
|||||||
scOpts := map[string]string{
|
scOpts := map[string]string{
|
||||||
"encrypted": "true",
|
"encrypted": "true",
|
||||||
"encryptionKMSID": "vault-tokens-test",
|
"encryptionKMSID": "vault-tokens-test",
|
||||||
|
"encryptionType": encType,
|
||||||
}
|
}
|
||||||
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
|
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -2057,7 +2067,7 @@ var _ = Describe("RBD", func() {
|
|||||||
e2elog.Failf("failed to create Secret with tenant token: %v", err)
|
e2elog.Failf("failed to create Secret with tenant token: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, vaultTokensKMS, f)
|
err = validator(pvcPath, appPath, vaultTokensKMS, f)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
e2elog.Failf("failed to validate encrypted pvc: %v", err)
|
e2elog.Failf("failed to validate encrypted pvc: %v", err)
|
||||||
}
|
}
|
||||||
@ -2081,7 +2091,8 @@ var _ = Describe("RBD", func() {
|
|||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
By("create a PVC and bind it to an app with encrypted RBD volume with VaultTenantSA KMS", func() {
|
ByFileAndBlockEncryption("create a PVC and bind it to an app with encrypted RBD volume with VaultTenantSA KMS", func(
|
||||||
|
validator encryptionValidateFunc, _ validateFunc, encType string) {
|
||||||
err := deleteResource(rbdExamplePath + "storageclass.yaml")
|
err := deleteResource(rbdExamplePath + "storageclass.yaml")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
e2elog.Failf("failed to delete storageclass: %v", err)
|
e2elog.Failf("failed to delete storageclass: %v", err)
|
||||||
@ -2089,6 +2100,7 @@ var _ = Describe("RBD", func() {
|
|||||||
scOpts := map[string]string{
|
scOpts := map[string]string{
|
||||||
"encrypted": "true",
|
"encrypted": "true",
|
||||||
"encryptionKMSID": "vault-tenant-sa-test",
|
"encryptionKMSID": "vault-tenant-sa-test",
|
||||||
|
"encryptionType": encType,
|
||||||
}
|
}
|
||||||
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
|
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -2101,7 +2113,7 @@ var _ = Describe("RBD", func() {
|
|||||||
}
|
}
|
||||||
defer deleteTenantServiceAccount(f.UniqueName)
|
defer deleteTenantServiceAccount(f.UniqueName)
|
||||||
|
|
||||||
err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, vaultTenantSAKMS, f)
|
err = validator(pvcPath, appPath, vaultTenantSAKMS, f)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
e2elog.Failf("failed to validate encrypted pvc: %v", err)
|
e2elog.Failf("failed to validate encrypted pvc: %v", err)
|
||||||
}
|
}
|
||||||
@ -2118,7 +2130,8 @@ var _ = Describe("RBD", func() {
|
|||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
By("create a PVC and bind it to an app with encrypted RBD volume with SecretsMetadataKMS", func() {
|
ByFileAndBlockEncryption("create a PVC and bind it to an app with encrypted RBD volume with SecretsMetadataKMS", func(
|
||||||
|
validator encryptionValidateFunc, _ validateFunc, encType string) {
|
||||||
err := deleteResource(rbdExamplePath + "storageclass.yaml")
|
err := deleteResource(rbdExamplePath + "storageclass.yaml")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
e2elog.Failf("failed to delete storageclass: %v", err)
|
e2elog.Failf("failed to delete storageclass: %v", err)
|
||||||
@ -2126,12 +2139,13 @@ var _ = Describe("RBD", func() {
|
|||||||
scOpts := map[string]string{
|
scOpts := map[string]string{
|
||||||
"encrypted": "true",
|
"encrypted": "true",
|
||||||
"encryptionKMSID": "secrets-metadata-test",
|
"encryptionKMSID": "secrets-metadata-test",
|
||||||
|
"encryptionType": encType,
|
||||||
}
|
}
|
||||||
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
|
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
e2elog.Failf("failed to create storageclass: %v", err)
|
e2elog.Failf("failed to create storageclass: %v", err)
|
||||||
}
|
}
|
||||||
err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, noKMS, f)
|
err = validator(pvcPath, appPath, noKMS, f)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
e2elog.Failf("failed to validate encrypted pvc: %v", err)
|
e2elog.Failf("failed to validate encrypted pvc: %v", err)
|
||||||
}
|
}
|
||||||
@ -2148,7 +2162,8 @@ var _ = Describe("RBD", func() {
|
|||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
By("test RBD volume encryption with user secrets based SecretsMetadataKMS", func() {
|
ByFileAndBlockEncryption("test RBD volume encryption with user secrets based SecretsMetadataKMS", func(
|
||||||
|
validator encryptionValidateFunc, _ validateFunc, encType string) {
|
||||||
err := deleteResource(rbdExamplePath + "storageclass.yaml")
|
err := deleteResource(rbdExamplePath + "storageclass.yaml")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
e2elog.Failf("failed to delete storageclass: %v", err)
|
e2elog.Failf("failed to delete storageclass: %v", err)
|
||||||
@ -2156,6 +2171,7 @@ var _ = Describe("RBD", func() {
|
|||||||
scOpts := map[string]string{
|
scOpts := map[string]string{
|
||||||
"encrypted": "true",
|
"encrypted": "true",
|
||||||
"encryptionKMSID": "user-ns-secrets-metadata-test",
|
"encryptionKMSID": "user-ns-secrets-metadata-test",
|
||||||
|
"encryptionType": encType,
|
||||||
}
|
}
|
||||||
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
|
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -2171,7 +2187,7 @@ var _ = Describe("RBD", func() {
|
|||||||
e2elog.Failf("failed to create user Secret: %v", err)
|
e2elog.Failf("failed to create user Secret: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, noKMS, f)
|
err = validator(pvcPath, appPath, noKMS, f)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
e2elog.Failf("failed to validate encrypted pvc: %v", err)
|
e2elog.Failf("failed to validate encrypted pvc: %v", err)
|
||||||
}
|
}
|
||||||
@ -2199,9 +2215,9 @@ var _ = Describe("RBD", func() {
|
|||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
By(
|
ByFileAndBlockEncryption(
|
||||||
"test RBD volume encryption with user secrets based SecretsMetadataKMS with tenant namespace",
|
"test RBD volume encryption with user secrets based SecretsMetadataKMS with tenant namespace",
|
||||||
func() {
|
func(validator encryptionValidateFunc, isEncryptedPVC validateFunc, encType string) {
|
||||||
err := deleteResource(rbdExamplePath + "storageclass.yaml")
|
err := deleteResource(rbdExamplePath + "storageclass.yaml")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
e2elog.Failf("failed to delete storageclass: %v", err)
|
e2elog.Failf("failed to delete storageclass: %v", err)
|
||||||
@ -2209,6 +2225,7 @@ var _ = Describe("RBD", func() {
|
|||||||
scOpts := map[string]string{
|
scOpts := map[string]string{
|
||||||
"encrypted": "true",
|
"encrypted": "true",
|
||||||
"encryptionKMSID": "user-secrets-metadata-test",
|
"encryptionKMSID": "user-secrets-metadata-test",
|
||||||
|
"encryptionType": encType,
|
||||||
}
|
}
|
||||||
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
|
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -2224,7 +2241,7 @@ var _ = Describe("RBD", func() {
|
|||||||
e2elog.Failf("failed to create user Secret: %v", err)
|
e2elog.Failf("failed to create user Secret: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, noKMS, f)
|
err = validator(pvcPath, appPath, noKMS, f)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
e2elog.Failf("failed to validate encrypted pvc: %v", err)
|
e2elog.Failf("failed to validate encrypted pvc: %v", err)
|
||||||
}
|
}
|
||||||
@ -2307,7 +2324,8 @@ var _ = Describe("RBD", func() {
|
|||||||
noKMS, noKMS,
|
noKMS, noKMS,
|
||||||
defaultSCName,
|
defaultSCName,
|
||||||
noDataPool,
|
noDataPool,
|
||||||
f)
|
f,
|
||||||
|
noPVCValidation)
|
||||||
})
|
})
|
||||||
|
|
||||||
By("create a PVC-PVC clone and bind it to an app", func() {
|
By("create a PVC-PVC clone and bind it to an app", func() {
|
||||||
@ -2324,7 +2342,8 @@ var _ = Describe("RBD", func() {
|
|||||||
f)
|
f)
|
||||||
})
|
})
|
||||||
|
|
||||||
By("create an encrypted PVC snapshot and restore it for an app with VaultKMS", func() {
|
ByFileAndBlockEncryption("create an encrypted PVC snapshot and restore it for an app with VaultKMS", func(
|
||||||
|
validator encryptionValidateFunc, isEncryptedPVC validateFunc, encType string) {
|
||||||
err := deleteResource(rbdExamplePath + "storageclass.yaml")
|
err := deleteResource(rbdExamplePath + "storageclass.yaml")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
e2elog.Failf("failed to delete storageclass: %v", err)
|
e2elog.Failf("failed to delete storageclass: %v", err)
|
||||||
@ -2332,6 +2351,7 @@ var _ = Describe("RBD", func() {
|
|||||||
scOpts := map[string]string{
|
scOpts := map[string]string{
|
||||||
"encrypted": "true",
|
"encrypted": "true",
|
||||||
"encryptionKMSID": "vault-test",
|
"encryptionKMSID": "vault-test",
|
||||||
|
"encryptionType": encType,
|
||||||
}
|
}
|
||||||
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
|
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -2342,7 +2362,7 @@ var _ = Describe("RBD", func() {
|
|||||||
pvcPath, appPath, snapshotPath, pvcClonePath, appClonePath,
|
pvcPath, appPath, snapshotPath, pvcClonePath, appClonePath,
|
||||||
vaultKMS, vaultKMS,
|
vaultKMS, vaultKMS,
|
||||||
defaultSCName, noDataPool,
|
defaultSCName, noDataPool,
|
||||||
f)
|
f, isEncryptedPVC)
|
||||||
|
|
||||||
err = deleteResource(rbdExamplePath + "storageclass.yaml")
|
err = deleteResource(rbdExamplePath + "storageclass.yaml")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -2354,7 +2374,8 @@ var _ = Describe("RBD", func() {
|
|||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
By("Validate PVC restore from vaultKMS to vaultTenantSAKMS", func() {
|
ByFileAndBlockEncryption("Validate PVC restore from vaultKMS to vaultTenantSAKMS", func(
|
||||||
|
validator encryptionValidateFunc, isEncryptedPVC validateFunc, encType string) {
|
||||||
restoreSCName := "restore-sc"
|
restoreSCName := "restore-sc"
|
||||||
err := deleteResource(rbdExamplePath + "storageclass.yaml")
|
err := deleteResource(rbdExamplePath + "storageclass.yaml")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -2363,6 +2384,7 @@ var _ = Describe("RBD", func() {
|
|||||||
scOpts := map[string]string{
|
scOpts := map[string]string{
|
||||||
"encrypted": "true",
|
"encrypted": "true",
|
||||||
"encryptionKMSID": "vault-test",
|
"encryptionKMSID": "vault-test",
|
||||||
|
"encryptionType": encType,
|
||||||
}
|
}
|
||||||
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
|
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -2372,6 +2394,7 @@ var _ = Describe("RBD", func() {
|
|||||||
scOpts = map[string]string{
|
scOpts = map[string]string{
|
||||||
"encrypted": "true",
|
"encrypted": "true",
|
||||||
"encryptionKMSID": "vault-tenant-sa-test",
|
"encryptionKMSID": "vault-tenant-sa-test",
|
||||||
|
"encryptionType": encType,
|
||||||
}
|
}
|
||||||
err = createRBDStorageClass(f.ClientSet, f, restoreSCName, nil, scOpts, deletePolicy)
|
err = createRBDStorageClass(f.ClientSet, f, restoreSCName, nil, scOpts, deletePolicy)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -2387,7 +2410,8 @@ var _ = Describe("RBD", func() {
|
|||||||
validatePVCSnapshot(1,
|
validatePVCSnapshot(1,
|
||||||
pvcPath, appPath, snapshotPath, pvcClonePath, appClonePath,
|
pvcPath, appPath, snapshotPath, pvcClonePath, appClonePath,
|
||||||
vaultKMS, vaultTenantSAKMS,
|
vaultKMS, vaultTenantSAKMS,
|
||||||
restoreSCName, noDataPool, f)
|
restoreSCName, noDataPool, f,
|
||||||
|
isEncryptedPVC)
|
||||||
|
|
||||||
err = retryKubectlArgs(cephCSINamespace, kubectlDelete, deployTimeout, "storageclass", restoreSCName)
|
err = retryKubectlArgs(cephCSINamespace, kubectlDelete, deployTimeout, "storageclass", restoreSCName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -2409,7 +2433,8 @@ var _ = Describe("RBD", func() {
|
|||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
By("Validate PVC-PVC clone with different SC from vaultKMS to vaultTenantSAKMS", func() {
|
ByFileAndBlockEncryption("Validate PVC-PVC clone with different SC from vaultKMS to vaultTenantSAKMS", func(
|
||||||
|
validator encryptionValidateFunc, isValidPVC validateFunc, encType string) {
|
||||||
restoreSCName := "restore-sc"
|
restoreSCName := "restore-sc"
|
||||||
err := deleteResource(rbdExamplePath + "storageclass.yaml")
|
err := deleteResource(rbdExamplePath + "storageclass.yaml")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -2418,6 +2443,7 @@ var _ = Describe("RBD", func() {
|
|||||||
scOpts := map[string]string{
|
scOpts := map[string]string{
|
||||||
"encrypted": "true",
|
"encrypted": "true",
|
||||||
"encryptionKMSID": "vault-test",
|
"encryptionKMSID": "vault-test",
|
||||||
|
"encryptionType": encType,
|
||||||
}
|
}
|
||||||
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
|
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -2427,6 +2453,7 @@ var _ = Describe("RBD", func() {
|
|||||||
scOpts = map[string]string{
|
scOpts = map[string]string{
|
||||||
"encrypted": "true",
|
"encrypted": "true",
|
||||||
"encryptionKMSID": "vault-tenant-sa-test",
|
"encryptionKMSID": "vault-tenant-sa-test",
|
||||||
|
"encryptionType": encType,
|
||||||
}
|
}
|
||||||
err = createRBDStorageClass(f.ClientSet, f, restoreSCName, nil, scOpts, deletePolicy)
|
err = createRBDStorageClass(f.ClientSet, f, restoreSCName, nil, scOpts, deletePolicy)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -2447,7 +2474,7 @@ var _ = Describe("RBD", func() {
|
|||||||
restoreSCName,
|
restoreSCName,
|
||||||
noDataPool,
|
noDataPool,
|
||||||
secretsMetadataKMS,
|
secretsMetadataKMS,
|
||||||
isEncryptedPVC,
|
isValidPVC,
|
||||||
f)
|
f)
|
||||||
|
|
||||||
err = retryKubectlArgs(cephCSINamespace, kubectlDelete, deployTimeout, "storageclass", restoreSCName)
|
err = retryKubectlArgs(cephCSINamespace, kubectlDelete, deployTimeout, "storageclass", restoreSCName)
|
||||||
@ -2469,7 +2496,8 @@ var _ = Describe("RBD", func() {
|
|||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
By("create an encrypted PVC-PVC clone and bind it to an app", func() {
|
ByFileAndBlockEncryption("create an encrypted PVC-PVC clone and bind it to an app", func(
|
||||||
|
validator encryptionValidateFunc, isValidPVC validateFunc, encType string) {
|
||||||
err := deleteResource(rbdExamplePath + "storageclass.yaml")
|
err := deleteResource(rbdExamplePath + "storageclass.yaml")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
e2elog.Failf("failed to delete storageclass: %v", err)
|
e2elog.Failf("failed to delete storageclass: %v", err)
|
||||||
@ -2477,6 +2505,7 @@ var _ = Describe("RBD", func() {
|
|||||||
scOpts := map[string]string{
|
scOpts := map[string]string{
|
||||||
"encrypted": "true",
|
"encrypted": "true",
|
||||||
"encryptionKMSID": "secrets-metadata-test",
|
"encryptionKMSID": "secrets-metadata-test",
|
||||||
|
"encryptionType": encType,
|
||||||
}
|
}
|
||||||
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
|
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -2491,7 +2520,7 @@ var _ = Describe("RBD", func() {
|
|||||||
defaultSCName,
|
defaultSCName,
|
||||||
noDataPool,
|
noDataPool,
|
||||||
secretsMetadataKMS,
|
secretsMetadataKMS,
|
||||||
isEncryptedPVC,
|
isValidPVC,
|
||||||
f)
|
f)
|
||||||
|
|
||||||
err = deleteResource(rbdExamplePath + "storageclass.yaml")
|
err = deleteResource(rbdExamplePath + "storageclass.yaml")
|
||||||
@ -2504,7 +2533,8 @@ var _ = Describe("RBD", func() {
|
|||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
By("create an encrypted PVC-PVC clone and bind it to an app with VaultKMS", func() {
|
ByFileAndBlockEncryption("create an encrypted PVC-PVC clone and bind it to an app with VaultKMS", func(
|
||||||
|
validator encryptionValidateFunc, isValidPVC validateFunc, encType string) {
|
||||||
err := deleteResource(rbdExamplePath + "storageclass.yaml")
|
err := deleteResource(rbdExamplePath + "storageclass.yaml")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
e2elog.Failf("failed to delete storageclass: %v", err)
|
e2elog.Failf("failed to delete storageclass: %v", err)
|
||||||
@ -2512,6 +2542,7 @@ var _ = Describe("RBD", func() {
|
|||||||
scOpts := map[string]string{
|
scOpts := map[string]string{
|
||||||
"encrypted": "true",
|
"encrypted": "true",
|
||||||
"encryptionKMSID": "vault-test",
|
"encryptionKMSID": "vault-test",
|
||||||
|
"encryptionType": encType,
|
||||||
}
|
}
|
||||||
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
|
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -2526,7 +2557,7 @@ var _ = Describe("RBD", func() {
|
|||||||
defaultSCName,
|
defaultSCName,
|
||||||
noDataPool,
|
noDataPool,
|
||||||
vaultKMS,
|
vaultKMS,
|
||||||
isEncryptedPVC,
|
isValidPVC,
|
||||||
f)
|
f)
|
||||||
|
|
||||||
err = deleteResource(rbdExamplePath + "storageclass.yaml")
|
err = deleteResource(rbdExamplePath + "storageclass.yaml")
|
||||||
@ -4001,10 +4032,13 @@ var _ = Describe("RBD", func() {
|
|||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
By("restore snapshot to bigger size encrypted PVC with VaultKMS", func() {
|
ByFileAndBlockEncryption("restore snapshot to bigger size encrypted PVC with VaultKMS", func(
|
||||||
|
_ encryptionValidateFunc, _ validateFunc, encType string,
|
||||||
|
) {
|
||||||
scOpts := map[string]string{
|
scOpts := map[string]string{
|
||||||
"encrypted": "true",
|
"encrypted": "true",
|
||||||
"encryptionKMSID": "vault-test",
|
"encryptionKMSID": "vault-test",
|
||||||
|
"encryptionType": encType,
|
||||||
}
|
}
|
||||||
err := createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
|
err := createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -4036,6 +4070,7 @@ var _ = Describe("RBD", func() {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
e2elog.Failf("failed to validate restore bigger size clone: %v", err)
|
e2elog.Failf("failed to validate restore bigger size clone: %v", err)
|
||||||
}
|
}
|
||||||
|
if encType != "file" {
|
||||||
// validate block mode PVC
|
// validate block mode PVC
|
||||||
err = validateBiggerPVCFromSnapshot(f,
|
err = validateBiggerPVCFromSnapshot(f,
|
||||||
rawPvcPath,
|
rawPvcPath,
|
||||||
@ -4046,6 +4081,7 @@ var _ = Describe("RBD", func() {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
e2elog.Failf("failed to validate restore bigger size clone: %v", err)
|
e2elog.Failf("failed to validate restore bigger size clone: %v", err)
|
||||||
}
|
}
|
||||||
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
By("validate image deletion", func() {
|
By("validate image deletion", func() {
|
||||||
@ -4059,9 +4095,11 @@ var _ = Describe("RBD", func() {
|
|||||||
})
|
})
|
||||||
|
|
||||||
By("clone PVC to a bigger size PVC", func() {
|
By("clone PVC to a bigger size PVC", func() {
|
||||||
By("clone PVC to bigger size encrypted PVC with VaultKMS", func() {
|
ByFileAndBlockEncryption("clone PVC to bigger size encrypted PVC with VaultKMS", func(
|
||||||
|
validator encryptionValidateFunc, _ validateFunc, encType string) {
|
||||||
scOpts := map[string]string{
|
scOpts := map[string]string{
|
||||||
"encrypted": "true",
|
"encrypted": "true",
|
||||||
|
"encryptionType": encType,
|
||||||
"encryptionKMSID": "vault-test",
|
"encryptionKMSID": "vault-test",
|
||||||
}
|
}
|
||||||
err := createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
|
err := createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
|
||||||
@ -4084,6 +4122,7 @@ var _ = Describe("RBD", func() {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
e2elog.Failf("failed to validate bigger size clone: %v", err)
|
e2elog.Failf("failed to validate bigger size clone: %v", err)
|
||||||
}
|
}
|
||||||
|
if encType != "file" {
|
||||||
// validate block mode PVC
|
// validate block mode PVC
|
||||||
err = validateBiggerCloneFromPVC(f,
|
err = validateBiggerCloneFromPVC(f,
|
||||||
rawPvcPath,
|
rawPvcPath,
|
||||||
@ -4093,6 +4132,7 @@ var _ = Describe("RBD", func() {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
e2elog.Failf("failed to validate bigger size clone: %v", err)
|
e2elog.Failf("failed to validate bigger size clone: %v", err)
|
||||||
}
|
}
|
||||||
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
By("clone PVC to bigger size pvc", func() {
|
By("clone PVC to bigger size pvc", func() {
|
||||||
|
Loading…
Reference in New Issue
Block a user