Test storage class, pvc and app bind of an fscrypt encrypted Ceph FS
with secrets metadata, vault, vault tokens and vault tenant KMS.
Tests are based on the RBD block/file encryption tests.
Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
Always deploy Vault as part of the the Ceph FS test suite.
Required by:
- fscrypt tests using any vault KMS type.
- Configuration in deploy/cephfs/*.yaml via the
ceph-csi-encryption-kms-config config map created during deployVault()
Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
Add Ceph FS fscrypt support, similar to the RBD/ext4 fscrypt
integration. Supports encrypted PVCs, snapshots and clones.
Requires kernel and Ceph MDS support that is currently not in any
stable release.
Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
This commit remove the v1beta1 snapshot references as its
no longer valid or to be concerned about.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
This commit update dependencies which is required to fix below CVEs.
CVE-2022-27664
CVE-2022-27191
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
With the updated Fedora 37 container-image, a new version of ShellCheck
gets installed. This version is a little more strict and complains about
the array expansion in `scripts/test-go.sh`.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
GitHub Workflows fail installing Helm if the `openssl` package is not
available. Fedora 36 installs `openssl` by default, Fedora 37 does not.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
this commit update the packages and then do installation of the
packages in docker build process.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
this commit update the packages in API directory and also
update the mention of go version in the same.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
as per the documentation `""` has to be mentioned for the schedule
interval value field. This commit ensures it and make it consistent.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
this commit remove the protobuf dependency locking in the module
description.
Also, ptypes.TimestampProto is deprecated and this commit
make use of the timestamppb.New() for the construction.
ParseTime() function has been removed and callers adjusted to the
same.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
the pre-commit version in the developement guide was too outdated
which has been updated and this commit also addressed a typo.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
We need to unset the metadata on the clone
and restore PVC if the parent PVC was created
when setmetadata was set to true and it was
set to false when restore and clone pvc was
created.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
`ceph osd blocklist range add/rm <ip>` cmd is outputting
"blocklisting cidr:10.1.114.75:0/32 until 202..." messages
incorrectly into stdErr. This commit ignores stdErr when err
is nil.
Signed-off-by: Rakshith R <rar@redhat.com>
this fsgrouppolicy setting was missing in api/deploy/* which
caused the yamlgen to not pickup this. this commit address the
same.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
deploy: remove beta storage group mention from csidriver yaml
the kubernetes version based enablement of storage api group
enablement is no longer requried and its already on v1 for
supported kubernetes versions.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
It seems that Mergify removes the `ok-to-test` label as soon as someone
adds it. We don't want that, as it can trigger more CI runs than needed.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
this issue has been already fixed long back and available with
ceph backports. We no longer require this mention in the docs.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
at present the supported ceph cluster version has been listed with
v14.x.x version of Ceph. However upstream Ceph has dropped its
support for 14.x version and minimum supported release is v15.x
Ref # https://docs.ceph.com/en/quincy/releases/index.html
this commit update the ceph cluster version mention to v15.0.0
Additional Note:
The code should work even for last archived release but we dont
need that mention anymore in the readme.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
The `ok-to-test` label currently needs to be removed and re-added when a
PR is rebased for re-queuing.
It should be possible to automate this, by removing the `ok-to-test`
label when a PR gets queued. It can automatically be added again when
the PR has embarked the merge train.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
considering we have moved out of travis and replaced github
action, this commit remove the functional test and helmtest
scripts.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
This commit adds code to setup encryption on a rbdVol
being repaired in a followup CreateVolume request.
This is fixes a bug wherein encryption metadata may not
have been set in previous request due to container restart.
Fixes: #3402
Signed-off-by: Rakshith R <rar@redhat.com>