From fe22a4454075c934487f90def5ae94b2c324e48c Mon Sep 17 00:00:00 2001 From: Rakshith R Date: Tue, 26 Apr 2022 12:08:49 +0530 Subject: [PATCH] e2e: testcase for pvc-pvc clone with different SC & encryption Signed-off-by: Rakshith R (cherry picked from commit badcac38d356bbccbbe7b4174d4593fe3533a440) --- e2e/rbd.go | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++++ e2e/utils.go | 5 ++++ 2 files changed, 70 insertions(+) diff --git a/e2e/rbd.go b/e2e/rbd.go index ebd15b1fc..9ca638db2 100644 --- a/e2e/rbd.go +++ b/e2e/rbd.go @@ -632,6 +632,7 @@ var _ = Describe("RBD", func() { appPath, pvcSmartClonePath, appSmartClonePath, + defaultSCName, erasureCodedPool, noKMS, noPVCValidation, @@ -1857,6 +1858,7 @@ var _ = Describe("RBD", func() { appPath, pvcSmartClonePath, appSmartClonePath, + defaultSCName, noDataPool, noKMS, noPVCValidation, @@ -1947,6 +1949,66 @@ var _ = Describe("RBD", func() { } }) + By("Validate PVC-PVC clone with different SC from vaultKMS to vaultTenantSAKMS", func() { + restoreSCName := "restore-sc" + err := deleteResource(rbdExamplePath + "storageclass.yaml") + if err != nil { + e2elog.Failf("failed to delete storageclass: %v", err) + } + scOpts := map[string]string{ + "encrypted": "true", + "encryptionKMSID": "vault-test", + } + err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, scOpts, deletePolicy) + if err != nil { + e2elog.Failf("failed to create storageclass: %v", err) + } + + scOpts = map[string]string{ + "encrypted": "true", + "encryptionKMSID": "vault-tenant-sa-test", + } + err = createRBDStorageClass(f.ClientSet, f, restoreSCName, nil, scOpts, deletePolicy) + if err != nil { + e2elog.Failf("failed to create storageclass: %v", err) + } + + err = createTenantServiceAccount(f.ClientSet, f.UniqueName) + if err != nil { + e2elog.Failf("failed to create ServiceAccount: %v", err) + } + defer deleteTenantServiceAccount(f.UniqueName) + + validatePVCClone(1, + pvcPath, + appPath, + pvcSmartClonePath, + appSmartClonePath, + restoreSCName, + noDataPool, + secretsMetadataKMS, + isEncryptedPVC, + f) + + err = retryKubectlArgs(cephCSINamespace, kubectlDelete, deployTimeout, "storageclass", restoreSCName) + if err != nil { + e2elog.Failf("failed to delete storageclass %q: %v", restoreSCName, err) + } + + err = deleteResource(rbdExamplePath + "storageclass.yaml") + if err != nil { + e2elog.Failf("failed to delete storageclass: %v", err) + } + + // validate created backend rbd images + validateRBDImageCount(f, 0, defaultRBDPool) + + err = createRBDStorageClass(f.ClientSet, f, defaultSCName, nil, nil, deletePolicy) + if err != nil { + e2elog.Failf("failed to create storageclass: %v", err) + } + }) + By("create an encrypted PVC-PVC clone and bind it to an app", func() { err := deleteResource(rbdExamplePath + "storageclass.yaml") if err != nil { @@ -1966,6 +2028,7 @@ var _ = Describe("RBD", func() { appPath, pvcSmartClonePath, appSmartClonePath, + defaultSCName, noDataPool, secretsMetadataKMS, isEncryptedPVC, @@ -2000,6 +2063,7 @@ var _ = Describe("RBD", func() { appPath, pvcSmartClonePath, appSmartClonePath, + defaultSCName, noDataPool, vaultKMS, isEncryptedPVC, @@ -2032,6 +2096,7 @@ var _ = Describe("RBD", func() { rawAppPath, pvcBlockSmartClonePath, appBlockSmartClonePath, + defaultSCName, noDataPool, noKMS, noPVCValidation, diff --git a/e2e/utils.go b/e2e/utils.go index 8bc873d5f..3a7e887ea 100644 --- a/e2e/utils.go +++ b/e2e/utils.go @@ -633,6 +633,7 @@ func writeDataAndCalChecksum(app *v1.Pod, opt *metav1.ListOptions, f *framework. func validatePVCClone( totalCount int, sourcePvcPath, sourceAppPath, clonePvcPath, clonePvcAppPath, + restoreSCName, dataPool string, kms kmsConfig, validatePVC validateFunc, @@ -684,6 +685,10 @@ func validatePVCClone( } pvcClone.Spec.DataSource.Name = pvc.Name pvcClone.Namespace = f.UniqueName + if restoreSCName != "" { + pvcClone.Spec.StorageClassName = &restoreSCName + } + appClone, err := loadApp(clonePvcAppPath) if err != nil { e2elog.Failf("failed to load application: %v", err)