The clients parameter in the storage class is used to limit access to
the export to the set of hostnames, networks or ip addresses specified.
Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
Update the getConfigFile() function to allow any file to be looked
at on the preferred location first and fall back to the alternate
location if it does not exist there.
Signed-off-by: karthik-us <ksubrahm@redhat.com>
Few common files related to deployments were kept
in the examples folder initially. Moving them to
deploy folder and updating the relevant files.
Signed-off-by: karthik-us <ksubrahm@redhat.com>
There are many locations where a new context is created. These can be
reduced when subsequent calls re-use a previously created context
object.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
Kubernetes 1.27 deprecates `PollImmediate()`, and golangci-lint
complains about the usage of the deprecated function.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
Many Kubernetes test framework functions now require a context to be
passed. Use `context.TODO()` for this, just like is done for some of the
functions already.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
CephNFS can enable different security flavours for exported volumes.
This can be configured in the optional `secTypes` parameter in the
StorageClass.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Deploy vault, analogue to the RBD upgrade suite to have the
ceph-csi-encryption-kms-config map ready when dependent
deployments/daemonsets are created.
Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
Test storage class, pvc and app bind of an fscrypt encrypted Ceph FS
with secrets metadata, vault, vault tokens and vault tenant KMS.
Tests are based on the RBD block/file encryption tests.
Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
Always deploy Vault as part of the the Ceph FS test suite.
Required by:
- fscrypt tests using any vault KMS type.
- Configuration in deploy/cephfs/*.yaml via the
ceph-csi-encryption-kms-config config map created during deployVault()
Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
We need to unset the metadata on the clone
and restore PVC if the parent PVC was created
when setmetadata was set to true and it was
set to false when restore and clone pvc was
created.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
Add test-rbd-fscrypt feature flag to e2e suite. Default disabled as
the current CI system's kernel doesn't have the required features
enabled.
Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
Replace `By` with `ByFileAndBlockEncryption` in all encryption related
tests to parameterize them to file and block encryption.
Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
Add a `By` wrapper to parameterize encryption related test functions
and run them on both block and file encryption
Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
Because the rbd-nbd tests fail with minikube and the Podman driver,
disable the tests for the time being.
Updates: #3431
Signed-off-by: Niels de Vos <ndevos@redhat.com>
There are occasions where deleting a PVC (or PV) never succeeds. The
reported status of the deleted object is sometimes empty, which suggests
that the PVC or PV was, in fact, deleted.
To diagnose the incorrect error checking, include the errors for
retrying in the logs.
Signed-off-by: Niels de Vos <ndevos@redhat.com>