dependabot[bot]
7b663279bf
rebase: bump k8s.io/kubernetes from 1.25.0 to 1.25.3
...
Bumps [k8s.io/kubernetes](https://github.com/kubernetes/kubernetes ) from 1.25.0 to 1.25.3.
- [Release notes](https://github.com/kubernetes/kubernetes/releases )
- [Commits](https://github.com/kubernetes/kubernetes/compare/v1.25.0...v1.25.3 )
---
updated-dependencies:
- dependency-name: k8s.io/kubernetes
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-11-01 15:13:34 +00:00
dependabot[bot]
10550c87f6
rebase: bump github.com/hashicorp/vault/api from 1.8.1 to 1.8.2
...
Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault ) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/hashicorp/vault/releases )
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md )
- [Commits](https://github.com/hashicorp/vault/compare/v1.8.1...v1.8.2 )
---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault/api
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-11-01 12:48:09 +00:00
dependabot[bot]
d08e8ee0a6
rebase: bump github.com/aws/aws-sdk-go from 1.44.122 to 1.44.127
...
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go ) from 1.44.122 to 1.44.127.
- [Release notes](https://github.com/aws/aws-sdk-go/releases )
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.122...v1.44.127 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2022-11-01 09:37:53 +00:00
Madhu Rajanna
0530134c9a
e2e: add e2e test for rbd reattach metadata
...
Added E2E test case to verify metadata after
PV is attached to a new PVC in different namespace.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2022-10-28 15:50:01 +00:00
Madhu Rajanna
07aa9dea5c
rbd: update namespace name in rados object
...
If a PV is reattached to a new PVC in a different
namespace we need to update the namespace name
in the rados object.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2022-10-28 15:50:01 +00:00
Madhu Rajanna
019628c8c2
rbd: update namespace name in metadata
...
If a PV is reattached to a new PVC in a different
namespace we need to update the namespace name
in the rbd image metadata.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2022-10-28 15:50:01 +00:00
Madhu Rajanna
f19805a40b
ci: consider kubernetes 1.25 for tests
...
As we have successful runs with kubernetes
1.25 Marking is as default for CI jobs and
required for merging PR.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2022-10-28 15:57:05 +02:00
Madhu Rajanna
4039bf5063
ci: remove kubernetes 1.22 tests
...
As we need to test with last 3 Kubernetes
releases removing Kubernetes 1.22
as we have 1.23, 1.24 and 1.25
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2022-10-28 15:57:05 +02:00
dependabot[bot]
4fb026509b
rebase: bump github.com/aws/aws-sdk-go-v2/service/sts
...
Bumps [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2 ) from 1.16.17 to 1.17.1.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ram/v1.16.17...v1.17.1 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sts
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-26 15:28:57 +00:00
Madhu Rajanna
5aaa9bf2f0
ci: use rook v1.10.4 release
...
Rook v1.10.4 supports deployment
of Rook on Kubernetes 1.25 or else
Rook deployment will fail.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2022-10-26 14:32:51 +00:00
Madhu Rajanna
09df2c6091
e2e: fix panic when checking error
...
fix panic during error handling
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2022-10-26 14:32:51 +00:00
Madhu Rajanna
607c654263
e2e: set privileged as pod security enforcement level
...
setting privileged as pod security enforcement level
to run test on kubernetes 1.25
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2022-10-26 14:32:51 +00:00
Madhu Rajanna
0e294d66e2
ci: remove podsecurity feature-gate
...
remove the podsecurity feature-gate
from minikube.sh, because of it
kubernetes 1.25.0 deployment is failing
fixes : #3358
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2022-10-26 14:32:51 +00:00
Madhu Rajanna
0865296227
doc: ceph mount corruption detection and recovery
...
Added a new section for the ceph kernel client
mount corruption detection and recovery.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2022-10-26 09:40:22 +00:00
Madhu Rajanna
848e3ee557
rbd: return abnormal in NodeGetVolumeStats
...
When we do stat on the targetpath, if there is
any error we can check is it due to corruption.
If yes, cephcsi can return abnormal in the
NodeGetVolumeStats so that consumer (CO/admin)
and detect and take further action.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2022-10-26 09:40:22 +00:00
Madhu Rajanna
44d4546480
cephfs: return abnormal in NodeGetVolumeStats
...
When we do stat on the targetpath, if there is
any error we can check is it due to corruption.
If yes, cephcsi can return abnormal in the
NodeGetVolumeStats so that consumer (CO/admin)
and detect and take further action.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2022-10-26 09:40:22 +00:00
Madhu Rajanna
659567cfdc
ci: add github action to trigger E2E
...
based on the discussion on the slack
channel. we are adding a github action
to trigger the CI jobs when a ok-to-test
label is added on the PR.
This action is based on below github action
https://github.com/peter-evans/create-or-update-comment
Sample Demo avaiable at
https://github.com/Madhu-1/
\label-commentor-action-testing/pull/4
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2022-10-26 06:59:22 +00:00
dependabot[bot]
2cc1a276fc
rebase: bump github.com/aws/aws-sdk-go from 1.44.117 to 1.44.122
...
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go ) from 1.44.117 to 1.44.122.
- [Release notes](https://github.com/aws/aws-sdk-go/releases )
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.117...v1.44.122 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-25 14:22:29 +00:00
dependabot[bot]
14193646b3
rebase: bump github.com/stretchr/testify from 1.8.0 to 1.8.1
...
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify ) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/stretchr/testify/releases )
- [Commits](https://github.com/stretchr/testify/compare/v1.8.0...v1.8.1 )
---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-25 13:39:31 +00:00
dependabot[bot]
807f776132
rebase: bump github.com/onsi/ginkgo/v2 from 2.3.1 to 2.4.0
...
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.3.1 to 2.4.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.3.1...v2.4.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-25 12:57:58 +00:00
dependabot[bot]
49245788fc
rebase: bump github.com/onsi/gomega from 1.20.1 to 1.22.1
...
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.20.1 to 1.22.1.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.20.1...v1.22.1 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-24 12:15:07 +00:00
dependabot[bot]
02ed5ec189
rebase: bump github.com/hashicorp/vault/api from 1.7.2 to 1.8.1
...
Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault ) from 1.7.2 to 1.8.1.
- [Release notes](https://github.com/hashicorp/vault/releases )
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md )
- [Commits](https://github.com/hashicorp/vault/compare/v1.7.2...v1.8.1 )
---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault/api
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-20 11:33:15 +00:00
dependabot[bot]
3a490a4df0
rebase: bump github.com/onsi/ginkgo/v2 from 2.1.6 to 2.3.1
...
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.1.6 to 2.3.1.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.1.6...v2.3.1 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-20 08:45:39 +00:00
Madhu Rajanna
53bb28e0d9
doc: update documentation for v3.7.2 release
...
updated readme and upgrade doc for v3.7.2 release.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2022-10-19 11:27:05 +00:00
Humble Chirammal
0f2daca5c2
rebase: make use of v0.0.8 of kmip go client
...
The new release has some important fixes available with it
Ref: https://github.com/ThalesGroup/kmip-go/releases/tag/v0.0.8
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2022-10-19 09:27:37 +00:00
dependabot[bot]
d63185b061
rebase: bump github.com/aws/aws-sdk-go from 1.44.96 to 1.44.117
...
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go ) from 1.44.96 to 1.44.117.
- [Release notes](https://github.com/aws/aws-sdk-go/releases )
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.96...v1.44.117 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-19 08:54:25 +00:00
Madhu Rajanna
f12fa3ee56
rbd: return GRPC error from GRPC method
...
GRPC methods should only return GRPC errors
if any error occurs.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2022-10-19 08:00:42 +00:00
Madhu Rajanna
302fead713
cephfs: delete subvolume if SetAllMetadata fails
...
To avoid subvolume leaks if the SetAllMetadata
operations fails delete the subvolume.
If any operation fails after creating the subvolume
we will remove the omap as the omap gets
removed we will need to remove the subvolume to
avoid stale resources.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2022-10-18 15:10:18 +00:00
Niels de Vos
e08005f402
rebase: ParseAcceptLanguage takes a long time to parse complex tags
...
A vulnerability was found in golang.org/x/text/language package which
could cause a denial of service. An attacker can craft an
Accept-Language header which ParseAcceptLanguage will take significant
time to parse.
Version v0.3.8 of golang.org/x/text fixes a vulnerability.
See-also: https://go.dev/issue/56152
See-also: https://bugzilla.redhat.com/CVE-2022-32149
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2022-10-18 11:58:37 +00:00
Rakshith R
b3837d44ce
ci: fix mdl configuration
...
This commit makes the following changes:
`Please replace \":code_blocks => false\" \`
`by \":ignore_code_blocks => true\" in your configuration.`
Some rules are ignore for the time being,
these will be fixed later on.
Signed-off-by: Rakshith R <rar@redhat.com>
2022-10-18 07:47:33 +00:00
Marcel Lauhoff
69b8feec12
e2e: Feature flag RBD fscrypt tests (default disabled)
...
Add test-rbd-fscrypt feature flag to e2e suite. Default disabled as
the current CI system's kernel doesn't have the required features
enabled.
Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2022-10-17 17:33:52 +00:00
Marcel Lauhoff
5a55419025
cephfs: Add placeholder journal fscrypt support
...
Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2022-10-17 17:33:52 +00:00
Marcel Lauhoff
dc7ba684e3
rbd: Use EncryptionTypeNone
...
Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2022-10-17 17:33:52 +00:00
Marcel Lauhoff
2abfafdf3f
util: Add EncryptionTypeNone and unit tests
...
Add type none to distinguish disabled encryption (positive result)
from invalid configuration (negative result).
Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2022-10-17 17:33:52 +00:00
Marcel Lauhoff
f89076b1d7
scripts: Add env to set minikube iso url
...
Make iso url configurable to use pre-release minikube images or
local-built (file://)
Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2022-10-17 17:33:52 +00:00
Marcel Lauhoff
da76d8ddae
kms: Add GetSecret() to KMIP KMS
...
Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2022-10-17 17:33:52 +00:00
Marcel Lauhoff
c73cb1980b
e2e: Use utilEncryptionType instead of string in rbd suite
...
Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2022-10-17 17:33:52 +00:00
Marcel Lauhoff
eae5b80298
e2e: Apply formatting to rbd suite and helper
...
Apply formatting for previous changes separately to make the commit
diffs easier to read.
Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2022-10-17 17:33:52 +00:00
Marcel Lauhoff
9ad4bb1de5
e2e: Add encrypted PVC with default settings test
...
Add test that enables encryption with default type. Check that we set
up block encryption.
Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2022-10-17 17:33:52 +00:00
Marcel Lauhoff
f5ba45b78f
e2e: Run encryption related tests on file and block type
...
Replace `By` with `ByFileAndBlockEncryption` in all encryption related
tests to parameterize them to file and block encryption.
Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2022-10-17 17:33:52 +00:00
Marcel Lauhoff
7db0c3bfbf
e2e: Add PVC validator to ByFileAndBlockEncryption
...
Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2022-10-17 17:33:52 +00:00
Marcel Lauhoff
0f626b705a
e2e: Add helper to run encryption tests on block and file
...
Add a `By` wrapper to parameterize encryption related test functions
and run them on both block and file encryption
Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2022-10-17 17:33:52 +00:00
Marcel Lauhoff
cec88a7bff
e2e: Add fscrypt on rbd helper
...
Add validation functions for fscrypt on RBD volumes
Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2022-10-17 17:33:52 +00:00
Marcel Lauhoff
1f1504479c
rbd: Add context to fscrypt errors
...
Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2022-10-17 17:33:52 +00:00
Marcel Lauhoff
3e3af4da18
rbd: support file encrypted snapshots
...
Support fscrypt on RBD snapshots
Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2022-10-17 17:33:52 +00:00
Marcel Lauhoff
82d92aab4a
rbd: Add volume journal encryption support
...
Add fscrypt support to the journal to support operations like
snapshotting.
Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2022-10-17 17:33:52 +00:00
Marcel Lauhoff
9cd8a15c5d
rbd: Document new encryptionType storage class example
...
Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2022-10-17 17:33:52 +00:00
Marcel Lauhoff
a7ea12eb8e
rbd: Handle encryption type default at a more meaningful place
...
Different places have different meaningful fallback. When parsing
from user we should default to block, when parsing stored config we
should default to invalid and handle that as an error.
Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2022-10-17 17:33:52 +00:00
Marcel Lauhoff
1fa842277a
rbd: fscrypt file encryption support
...
Integrate basic fscrypt functionality into RBD initialization. To
activate file encryption instead of block introduce the new
'encryptionType' storage class key.
Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2022-10-17 17:33:52 +00:00
Marcel Lauhoff
f1f50e0218
fscrypt: fix metadata directory permissions
...
Call Mount.Setup with SingleUserWritable constant instead of 0o755,
which is silently ignored and causes the /.fscrypt/{policy,protector}/
directories to have mode 000.
Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
2022-10-17 17:33:52 +00:00