mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2024-12-18 11:00:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

e2e: Run encryption related tests on file and block type

Browse Source 
Replace `By` with `ByFileAndBlockEncryption` in all encryption related
tests to parameterize them to file and block encryption.

Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
This commit is contained in:
Marcel Lauhoff 2022-07-13 18:25:15 +02:00 committed by mergify[bot]
parent 7db0c3bfbf
commit f5ba45b78f
1 changed files with 100 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
e2e/rbd.go
View File

@ -998,7 +998,8 @@ var _ = Describe("RBD", func() {
noKMS, noKMS, noKMS, noKMS,
defaultSCName, defaultSCName,
erasureCodedPool, erasureCodedPool,
f) f,
noPVCValidation)
}) })
By("create an erasure coded PVC and validate PVC-PVC clone", func() { By("create an erasure coded PVC and validate PVC-PVC clone", func() {
@ -1880,13 +1881,13 @@ var _ = Describe("RBD", func() {
} }
}) })
By("create a PVC and bind it to an app using rbd-nbd mounter with encryption", func() { ByFileAndBlockEncryption("create a PVC and bind it to an app using rbd-nbd mounter with encryption", func(
validator encryptionValidateFunc, _ validateFunc, encType string) {
if !testNBD { if !testNBD {
e2elog.Logf("skipping NBD test") e2elog.Logf("skipping NBD test")
return return
} }
err := deleteResource(rbdExamplePath + "storageclass.yaml") err := deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil { if err != nil {
e2elog.Failf("failed to delete storageclass: %v", err) e2elog.Failf("failed to delete storageclass: %v", err)
@ -1902,12 +1903,13 @@ var _ = Describe("RBD", func() {
"mapOptions": nbdMapOptions, "mapOptions": nbdMapOptions,
"cephLogStrategy": e2eDefaultCephLogStrategy, "cephLogStrategy": e2eDefaultCephLogStrategy,
"encrypted": "true", "encrypted": "true",
"encryptionType": encType,
}, },
deletePolicy) deletePolicy)
if err != nil { if err != nil {
e2elog.Failf("failed to create storageclass: %v", err) e2elog.Failf("failed to create storageclass: %v", err)
} }
err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, noKMS, f) err = validator(pvcPath, appPath, noKMS, f)
if err != nil { if err != nil {
e2elog.Failf("failed to validate encrypted pvc: %v", err) e2elog.Failf("failed to validate encrypted pvc: %v", err)
} }
@ -1924,7 +1926,9 @@ var _ = Describe("RBD", func() {
} }
}) })
By("create a PVC and bind it to an app with encrypted RBD volume", func() { ByFileAndBlockEncryption("create a PVC and bind it to an app with encrypted RBD volume", func(
validator encryptionValidateFunc, _ validateFunc, encType string,
) {
err := deleteResource(rbdExamplePath + "storageclass.yaml") err := deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil { if err != nil {
e2elog.Failf("failed to delete storageclass: %v", err) e2elog.Failf("failed to delete storageclass: %v", err)
@ -1934,12 +1938,12 @@ var _ = Describe("RBD", func() {
f, f,
defaultSCName, defaultSCName,
nil, nil,
map[string]string{"encrypted": "true"}, map[string]string{"encrypted": "true", "encryptionType": encType},
deletePolicy) deletePolicy)
if err != nil { if err != nil {
e2elog.Failf("failed to create storageclass: %v", err) e2elog.Failf("failed to create storageclass: %v", err)
} }
err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, noKMS, f) err = validator(pvcPath, appPath, noKMS, f)
if err != nil { if err != nil {
e2elog.Failf("failed to validate encrypted pvc: %v", err) e2elog.Failf("failed to validate encrypted pvc: %v", err)
} }
@ -1956,7 +1960,8 @@ var _ = Describe("RBD", func() {
} }
}) })
By("Resize Encrypted Block PVC and check Device size", func() { ByFileAndBlockEncryption("Resize Encrypted Block PVC and check Device size", func(
validator encryptionValidateFunc, _ validateFunc, encType string) {
err := deleteResource(rbdExamplePath + "storageclass.yaml") err := deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil { if err != nil {
e2elog.Failf("failed to delete storageclass: %v", err) e2elog.Failf("failed to delete storageclass: %v", err)
@ -1966,7 +1971,7 @@ var _ = Describe("RBD", func() {
f, f,
defaultSCName, defaultSCName,
nil, nil,
map[string]string{"encrypted": "true"}, map[string]string{"encrypted": "true", "encryptionType": encType},
deletePolicy) deletePolicy)
if err != nil { if err != nil {
e2elog.Failf("failed to create storageclass: %v", err) e2elog.Failf("failed to create storageclass: %v", err)
@ -1981,15 +1986,16 @@ var _ = Describe("RBD", func() {
validateRBDImageCount(f, 0, defaultRBDPool) validateRBDImageCount(f, 0, defaultRBDPool)
validateOmapCount(f, 0, rbdType, defaultRBDPool, volumesType) validateOmapCount(f, 0, rbdType, defaultRBDPool, volumesType)
// Block PVC resize if encType != "file" {
err = resizePVCAndValidateSize(rawPvcPath, rawAppPath, f) // Block PVC resize
if err != nil { err = resizePVCAndValidateSize(rawPvcPath, rawAppPath, f)
e2elog.Failf("failed to resize block PVC: %v", err) if err != nil {
e2elog.Failf("failed to resize block PVC: %v", err)
}
// validate created backend rbd images
validateRBDImageCount(f, 0, defaultRBDPool)
validateOmapCount(f, 0, rbdType, defaultRBDPool, volumesType)
} }
// validate created backend rbd images
validateRBDImageCount(f, 0, defaultRBDPool)
validateOmapCount(f, 0, rbdType, defaultRBDPool, volumesType)
err = deleteResource(rbdExamplePath + "storageclass.yaml") err = deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil { if err != nil {
e2elog.Failf("failed to delete storageclass: %v", err) e2elog.Failf("failed to delete storageclass: %v", err)
@ -2000,7 +2006,8 @@ var _ = Describe("RBD", func() {
} }
}) })
By("create a PVC and bind it to an app with encrypted RBD volume with VaultKMS", func() { ByFileAndBlockEncryption("create a PVC and bind it to an app with encrypted RBD volume with VaultKMS", func(
validator encryptionValidateFunc, _ validateFunc, encType string) {
err := deleteResource(rbdExamplePath + "storageclass.yaml") err := deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil { if err != nil {
e2elog.Failf("failed to delete storageclass: %v", err) e2elog.Failf("failed to delete storageclass: %v", err)
@ -2008,12 +2015,13 @@ var _ = Describe("RBD", func() {
scOpts := map[string]string{ scOpts := map[string]string{
"encrypted": "true", "encrypted": "true",
"encryptionKMSID": "vault-test", "encryptionKMSID": "vault-test",
"encryptionType": encType,
} }
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy) err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
if err != nil { if err != nil {
e2elog.Failf("failed to create storageclass: %v", err) e2elog.Failf("failed to create storageclass: %v", err)
} }
err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, vaultKMS, f) err = validator(pvcPath, appPath, vaultKMS, f)
if err != nil { if err != nil {
e2elog.Failf("failed to validate encrypted pvc: %v", err) e2elog.Failf("failed to validate encrypted pvc: %v", err)
} }
@ -2030,7 +2038,8 @@ var _ = Describe("RBD", func() {
} }
}) })
By("create a PVC and bind it to an app with encrypted RBD volume with VaultTokensKMS", func() { ByFileAndBlockEncryption("create a PVC and bind it to an app with encrypted RBD volume with VaultTokensKMS", func(
validator encryptionValidateFunc, _ validateFunc, encType string) {
err := deleteResource(rbdExamplePath + "storageclass.yaml") err := deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil { if err != nil {
e2elog.Failf("failed to delete storageclass: %v", err) e2elog.Failf("failed to delete storageclass: %v", err)
@ -2038,6 +2047,7 @@ var _ = Describe("RBD", func() {
scOpts := map[string]string{ scOpts := map[string]string{
"encrypted": "true", "encrypted": "true",
"encryptionKMSID": "vault-tokens-test", "encryptionKMSID": "vault-tokens-test",
"encryptionType": encType,
} }
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy) err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
if err != nil { if err != nil {
@ -2057,7 +2067,7 @@ var _ = Describe("RBD", func() {
e2elog.Failf("failed to create Secret with tenant token: %v", err) e2elog.Failf("failed to create Secret with tenant token: %v", err)
} }
err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, vaultTokensKMS, f) err = validator(pvcPath, appPath, vaultTokensKMS, f)
if err != nil { if err != nil {
e2elog.Failf("failed to validate encrypted pvc: %v", err) e2elog.Failf("failed to validate encrypted pvc: %v", err)
} }
@ -2081,7 +2091,8 @@ var _ = Describe("RBD", func() {
} }
}) })
By("create a PVC and bind it to an app with encrypted RBD volume with VaultTenantSA KMS", func() { ByFileAndBlockEncryption("create a PVC and bind it to an app with encrypted RBD volume with VaultTenantSA KMS", func(
validator encryptionValidateFunc, _ validateFunc, encType string) {
err := deleteResource(rbdExamplePath + "storageclass.yaml") err := deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil { if err != nil {
e2elog.Failf("failed to delete storageclass: %v", err) e2elog.Failf("failed to delete storageclass: %v", err)
@ -2089,6 +2100,7 @@ var _ = Describe("RBD", func() {
scOpts := map[string]string{ scOpts := map[string]string{
"encrypted": "true", "encrypted": "true",
"encryptionKMSID": "vault-tenant-sa-test", "encryptionKMSID": "vault-tenant-sa-test",
"encryptionType": encType,
} }
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy) err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
if err != nil { if err != nil {
@ -2101,7 +2113,7 @@ var _ = Describe("RBD", func() {
} }
defer deleteTenantServiceAccount(f.UniqueName) defer deleteTenantServiceAccount(f.UniqueName)
err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, vaultTenantSAKMS, f) err = validator(pvcPath, appPath, vaultTenantSAKMS, f)
if err != nil { if err != nil {
e2elog.Failf("failed to validate encrypted pvc: %v", err) e2elog.Failf("failed to validate encrypted pvc: %v", err)
} }
@ -2118,7 +2130,8 @@ var _ = Describe("RBD", func() {
} }
}) })
By("create a PVC and bind it to an app with encrypted RBD volume with SecretsMetadataKMS", func() { ByFileAndBlockEncryption("create a PVC and bind it to an app with encrypted RBD volume with SecretsMetadataKMS", func(
validator encryptionValidateFunc, _ validateFunc, encType string) {
err := deleteResource(rbdExamplePath + "storageclass.yaml") err := deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil { if err != nil {
e2elog.Failf("failed to delete storageclass: %v", err) e2elog.Failf("failed to delete storageclass: %v", err)
@ -2126,12 +2139,13 @@ var _ = Describe("RBD", func() {
scOpts := map[string]string{ scOpts := map[string]string{
"encrypted": "true", "encrypted": "true",
"encryptionKMSID": "secrets-metadata-test", "encryptionKMSID": "secrets-metadata-test",
"encryptionType": encType,
} }
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy) err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
if err != nil { if err != nil {
e2elog.Failf("failed to create storageclass: %v", err) e2elog.Failf("failed to create storageclass: %v", err)
} }
err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, noKMS, f) err = validator(pvcPath, appPath, noKMS, f)
if err != nil { if err != nil {
e2elog.Failf("failed to validate encrypted pvc: %v", err) e2elog.Failf("failed to validate encrypted pvc: %v", err)
} }
@ -2148,7 +2162,8 @@ var _ = Describe("RBD", func() {
} }
}) })
By("test RBD volume encryption with user secrets based SecretsMetadataKMS", func() { ByFileAndBlockEncryption("test RBD volume encryption with user secrets based SecretsMetadataKMS", func(
validator encryptionValidateFunc, _ validateFunc, encType string) {
err := deleteResource(rbdExamplePath + "storageclass.yaml") err := deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil { if err != nil {
e2elog.Failf("failed to delete storageclass: %v", err) e2elog.Failf("failed to delete storageclass: %v", err)
@ -2156,6 +2171,7 @@ var _ = Describe("RBD", func() {
scOpts := map[string]string{ scOpts := map[string]string{
"encrypted": "true", "encrypted": "true",
"encryptionKMSID": "user-ns-secrets-metadata-test", "encryptionKMSID": "user-ns-secrets-metadata-test",
"encryptionType": encType,
} }
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy) err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
if err != nil { if err != nil {
@ -2171,7 +2187,7 @@ var _ = Describe("RBD", func() {
e2elog.Failf("failed to create user Secret: %v", err) e2elog.Failf("failed to create user Secret: %v", err)
} }
err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, noKMS, f) err = validator(pvcPath, appPath, noKMS, f)
if err != nil { if err != nil {
e2elog.Failf("failed to validate encrypted pvc: %v", err) e2elog.Failf("failed to validate encrypted pvc: %v", err)
} }
@ -2199,9 +2215,9 @@ var _ = Describe("RBD", func() {
} }
}) })
By( ByFileAndBlockEncryption(
"test RBD volume encryption with user secrets based SecretsMetadataKMS with tenant namespace", "test RBD volume encryption with user secrets based SecretsMetadataKMS with tenant namespace",
func() { func(validator encryptionValidateFunc, isEncryptedPVC validateFunc, encType string) {
err := deleteResource(rbdExamplePath + "storageclass.yaml") err := deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil { if err != nil {
e2elog.Failf("failed to delete storageclass: %v", err) e2elog.Failf("failed to delete storageclass: %v", err)
@ -2209,6 +2225,7 @@ var _ = Describe("RBD", func() {
scOpts := map[string]string{ scOpts := map[string]string{
"encrypted": "true", "encrypted": "true",
"encryptionKMSID": "user-secrets-metadata-test", "encryptionKMSID": "user-secrets-metadata-test",
"encryptionType": encType,
} }
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy) err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
if err != nil { if err != nil {
@ -2224,7 +2241,7 @@ var _ = Describe("RBD", func() {
e2elog.Failf("failed to create user Secret: %v", err) e2elog.Failf("failed to create user Secret: %v", err)
} }
err = validateEncryptedPVCAndAppBinding(pvcPath, appPath, noKMS, f) err = validator(pvcPath, appPath, noKMS, f)
if err != nil { if err != nil {
e2elog.Failf("failed to validate encrypted pvc: %v", err) e2elog.Failf("failed to validate encrypted pvc: %v", err)
} }
@ -2307,7 +2324,8 @@ var _ = Describe("RBD", func() {
noKMS, noKMS, noKMS, noKMS,
defaultSCName, defaultSCName,
noDataPool, noDataPool,
f) f,
noPVCValidation)
}) })
By("create a PVC-PVC clone and bind it to an app", func() { By("create a PVC-PVC clone and bind it to an app", func() {
@ -2324,7 +2342,8 @@ var _ = Describe("RBD", func() {
f) f)
}) })
By("create an encrypted PVC snapshot and restore it for an app with VaultKMS", func() { ByFileAndBlockEncryption("create an encrypted PVC snapshot and restore it for an app with VaultKMS", func(
validator encryptionValidateFunc, isEncryptedPVC validateFunc, encType string) {
err := deleteResource(rbdExamplePath + "storageclass.yaml") err := deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil { if err != nil {
e2elog.Failf("failed to delete storageclass: %v", err) e2elog.Failf("failed to delete storageclass: %v", err)
@ -2332,6 +2351,7 @@ var _ = Describe("RBD", func() {
scOpts := map[string]string{ scOpts := map[string]string{
"encrypted": "true", "encrypted": "true",
"encryptionKMSID": "vault-test", "encryptionKMSID": "vault-test",
"encryptionType": encType,
} }
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy) err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
if err != nil { if err != nil {
@ -2342,7 +2362,7 @@ var _ = Describe("RBD", func() {
pvcPath, appPath, snapshotPath, pvcClonePath, appClonePath, pvcPath, appPath, snapshotPath, pvcClonePath, appClonePath,
vaultKMS, vaultKMS, vaultKMS, vaultKMS,
defaultSCName, noDataPool, defaultSCName, noDataPool,
f) f, isEncryptedPVC)
err = deleteResource(rbdExamplePath + "storageclass.yaml") err = deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil { if err != nil {
@ -2354,7 +2374,8 @@ var _ = Describe("RBD", func() {
} }
}) })
By("Validate PVC restore from vaultKMS to vaultTenantSAKMS", func() { ByFileAndBlockEncryption("Validate PVC restore from vaultKMS to vaultTenantSAKMS", func(
validator encryptionValidateFunc, isEncryptedPVC validateFunc, encType string) {
restoreSCName := "restore-sc" restoreSCName := "restore-sc"
err := deleteResource(rbdExamplePath + "storageclass.yaml") err := deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil { if err != nil {
@ -2363,6 +2384,7 @@ var _ = Describe("RBD", func() {
scOpts := map[string]string{ scOpts := map[string]string{
"encrypted": "true", "encrypted": "true",
"encryptionKMSID": "vault-test", "encryptionKMSID": "vault-test",
"encryptionType": encType,
} }
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy) err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
if err != nil { if err != nil {
@ -2372,6 +2394,7 @@ var _ = Describe("RBD", func() {
scOpts = map[string]string{ scOpts = map[string]string{
"encrypted": "true", "encrypted": "true",
"encryptionKMSID": "vault-tenant-sa-test", "encryptionKMSID": "vault-tenant-sa-test",
"encryptionType": encType,
} }
err = createRBDStorageClass(f.ClientSet, f, restoreSCName, nil, scOpts, deletePolicy) err = createRBDStorageClass(f.ClientSet, f, restoreSCName, nil, scOpts, deletePolicy)
if err != nil { if err != nil {
@ -2387,7 +2410,8 @@ var _ = Describe("RBD", func() {
validatePVCSnapshot(1, validatePVCSnapshot(1,
pvcPath, appPath, snapshotPath, pvcClonePath, appClonePath, pvcPath, appPath, snapshotPath, pvcClonePath, appClonePath,
vaultKMS, vaultTenantSAKMS, vaultKMS, vaultTenantSAKMS,
restoreSCName, noDataPool, f) restoreSCName, noDataPool, f,
isEncryptedPVC)
err = retryKubectlArgs(cephCSINamespace, kubectlDelete, deployTimeout, "storageclass", restoreSCName) err = retryKubectlArgs(cephCSINamespace, kubectlDelete, deployTimeout, "storageclass", restoreSCName)
if err != nil { if err != nil {
@ -2409,7 +2433,8 @@ var _ = Describe("RBD", func() {
} }
}) })
By("Validate PVC-PVC clone with different SC from vaultKMS to vaultTenantSAKMS", func() { ByFileAndBlockEncryption("Validate PVC-PVC clone with different SC from vaultKMS to vaultTenantSAKMS", func(
validator encryptionValidateFunc, isValidPVC validateFunc, encType string) {
restoreSCName := "restore-sc" restoreSCName := "restore-sc"
err := deleteResource(rbdExamplePath + "storageclass.yaml") err := deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil { if err != nil {
@ -2418,6 +2443,7 @@ var _ = Describe("RBD", func() {
scOpts := map[string]string{ scOpts := map[string]string{
"encrypted": "true", "encrypted": "true",
"encryptionKMSID": "vault-test", "encryptionKMSID": "vault-test",
"encryptionType": encType,
} }
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy) err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
if err != nil { if err != nil {
@ -2427,6 +2453,7 @@ var _ = Describe("RBD", func() {
scOpts = map[string]string{ scOpts = map[string]string{
"encrypted": "true", "encrypted": "true",
"encryptionKMSID": "vault-tenant-sa-test", "encryptionKMSID": "vault-tenant-sa-test",
"encryptionType": encType,
} }
err = createRBDStorageClass(f.ClientSet, f, restoreSCName, nil, scOpts, deletePolicy) err = createRBDStorageClass(f.ClientSet, f, restoreSCName, nil, scOpts, deletePolicy)
if err != nil { if err != nil {
@ -2447,7 +2474,7 @@ var _ = Describe("RBD", func() {
restoreSCName, restoreSCName,
noDataPool, noDataPool,
secretsMetadataKMS, secretsMetadataKMS,
isEncryptedPVC, isValidPVC,
f) f)
err = retryKubectlArgs(cephCSINamespace, kubectlDelete, deployTimeout, "storageclass", restoreSCName) err = retryKubectlArgs(cephCSINamespace, kubectlDelete, deployTimeout, "storageclass", restoreSCName)
@ -2469,7 +2496,8 @@ var _ = Describe("RBD", func() {
} }
}) })
By("create an encrypted PVC-PVC clone and bind it to an app", func() { ByFileAndBlockEncryption("create an encrypted PVC-PVC clone and bind it to an app", func(
validator encryptionValidateFunc, isValidPVC validateFunc, encType string) {
err := deleteResource(rbdExamplePath + "storageclass.yaml") err := deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil { if err != nil {
e2elog.Failf("failed to delete storageclass: %v", err) e2elog.Failf("failed to delete storageclass: %v", err)
@ -2477,6 +2505,7 @@ var _ = Describe("RBD", func() {
scOpts := map[string]string{ scOpts := map[string]string{
"encrypted": "true", "encrypted": "true",
"encryptionKMSID": "secrets-metadata-test", "encryptionKMSID": "secrets-metadata-test",
"encryptionType": encType,
} }
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy) err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
if err != nil { if err != nil {
@ -2491,7 +2520,7 @@ var _ = Describe("RBD", func() {
defaultSCName, defaultSCName,
noDataPool, noDataPool,
secretsMetadataKMS, secretsMetadataKMS,
isEncryptedPVC, isValidPVC,
f) f)
err = deleteResource(rbdExamplePath + "storageclass.yaml") err = deleteResource(rbdExamplePath + "storageclass.yaml")
@ -2504,7 +2533,8 @@ var _ = Describe("RBD", func() {
} }
}) })
By("create an encrypted PVC-PVC clone and bind it to an app with VaultKMS", func() { ByFileAndBlockEncryption("create an encrypted PVC-PVC clone and bind it to an app with VaultKMS", func(
validator encryptionValidateFunc, isValidPVC validateFunc, encType string) {
err := deleteResource(rbdExamplePath + "storageclass.yaml") err := deleteResource(rbdExamplePath + "storageclass.yaml")
if err != nil { if err != nil {
e2elog.Failf("failed to delete storageclass: %v", err) e2elog.Failf("failed to delete storageclass: %v", err)
@ -2512,6 +2542,7 @@ var _ = Describe("RBD", func() {
scOpts := map[string]string{ scOpts := map[string]string{
"encrypted": "true", "encrypted": "true",
"encryptionKMSID": "vault-test", "encryptionKMSID": "vault-test",
"encryptionType": encType,
} }
err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy) err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
if err != nil { if err != nil {
@ -2526,7 +2557,7 @@ var _ = Describe("RBD", func() {
defaultSCName, defaultSCName,
noDataPool, noDataPool,
vaultKMS, vaultKMS,
isEncryptedPVC, isValidPVC,
f) f)
err = deleteResource(rbdExamplePath + "storageclass.yaml") err = deleteResource(rbdExamplePath + "storageclass.yaml")
@ -4001,10 +4032,13 @@ var _ = Describe("RBD", func() {
} }
}) })
By("restore snapshot to bigger size encrypted PVC with VaultKMS", func() { ByFileAndBlockEncryption("restore snapshot to bigger size encrypted PVC with VaultKMS", func(
_ encryptionValidateFunc, _ validateFunc, encType string,
) {
scOpts := map[string]string{ scOpts := map[string]string{
"encrypted": "true", "encrypted": "true",
"encryptionKMSID": "vault-test", "encryptionKMSID": "vault-test",
"encryptionType": encType,
} }
err := createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy) err := createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
if err != nil { if err != nil {
@ -4036,15 +4070,17 @@ var _ = Describe("RBD", func() {
if err != nil { if err != nil {
e2elog.Failf("failed to validate restore bigger size clone: %v", err) e2elog.Failf("failed to validate restore bigger size clone: %v", err)
} }
// validate block mode PVC if encType != "file" {
err = validateBiggerPVCFromSnapshot(f, // validate block mode PVC
rawPvcPath, err = validateBiggerPVCFromSnapshot(f,
rawAppPath, rawPvcPath,
snapshotPath, rawAppPath,
pvcBlockRestorePath, snapshotPath,
appBlockRestorePath) pvcBlockRestorePath,
if err != nil { appBlockRestorePath)
e2elog.Failf("failed to validate restore bigger size clone: %v", err) if err != nil {
e2elog.Failf("failed to validate restore bigger size clone: %v", err)
}
} }
}) })
@ -4059,9 +4095,11 @@ var _ = Describe("RBD", func() {
}) })
By("clone PVC to a bigger size PVC", func() { By("clone PVC to a bigger size PVC", func() {
By("clone PVC to bigger size encrypted PVC with VaultKMS", func() { ByFileAndBlockEncryption("clone PVC to bigger size encrypted PVC with VaultKMS", func(
validator encryptionValidateFunc, _ validateFunc, encType string) {
scOpts := map[string]string{ scOpts := map[string]string{
"encrypted": "true", "encrypted": "true",
"encryptionType": encType,
"encryptionKMSID": "vault-test", "encryptionKMSID": "vault-test",
} }
err := createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy) err := createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy)
@ -4084,14 +4122,16 @@ var _ = Describe("RBD", func() {
if err != nil { if err != nil {
e2elog.Failf("failed to validate bigger size clone: %v", err) e2elog.Failf("failed to validate bigger size clone: %v", err)
} }
// validate block mode PVC if encType != "file" {
err = validateBiggerCloneFromPVC(f, // validate block mode PVC
rawPvcPath, err = validateBiggerCloneFromPVC(f,
rawAppPath, rawPvcPath,
pvcBlockSmartClonePath, rawAppPath,
appBlockSmartClonePath) pvcBlockSmartClonePath,
if err != nil { appBlockSmartClonePath)
e2elog.Failf("failed to validate bigger size clone: %v", err) if err != nil {
e2elog.Failf("failed to validate bigger size clone: %v", err)
}
} }
}) })