Skip to content

Commit

Permalink
e2e: add cephfs fscrypt snapshot volume test
Browse files Browse the repository at this point in the history
Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
  • Loading branch information
Marcel Lauhoff committed Oct 20, 2022
1 parent 60182d8 commit e4897bc
Showing 1 changed file with 157 additions and 0 deletions.
157 changes: 157 additions & 0 deletions e2e/cephfs.go
Original file line number Diff line number Diff line change
Expand Up @@ -1504,6 +1504,163 @@ var _ = Describe(cephfsType, func() {
}
})

if testCephFSFscrypt {
for _, kmsId := range []string{"secrets-metadata-test", "vault-test"} {
By("checking encrypted snapshot-backed volume with KMS "+kmsId, func() {
err := deleteResource(cephFSExamplePath + "storageclass.yaml")
if err != nil {
e2elog.Failf("failed to delete storageclass: %v", err)
}

scOpts := map[string]string{
"encrypted": "true",
"encryptionKMSID": kmsId,
}

err = createCephfsStorageClass(f.ClientSet, f, true, scOpts)
if err != nil {
e2elog.Failf("failed to create CephFS storageclass: %v", err)
}

err = createCephFSSnapshotClass(f)
if err != nil {
e2elog.Failf("failed to delete CephFS storageclass: %v", err)
}

pvc, err := loadPVC(pvcPath)
if err != nil {
e2elog.Failf("failed to load PVC: %v", err)
}
pvc.Namespace = f.UniqueName
err = createPVCAndvalidatePV(f.ClientSet, pvc, deployTimeout)
if err != nil {
e2elog.Failf("failed to create PVC: %v", err)
}

app, err := loadApp(appPath)
if err != nil {
e2elog.Failf("failed to load application: %v", err)
}
app.Namespace = f.UniqueName
app.Spec.Volumes[0].PersistentVolumeClaim.ClaimName = pvc.Name
appLabels := map[string]string{
appKey: appLabel,
}
app.Labels = appLabels
optApp := metav1.ListOptions{
LabelSelector: fmt.Sprintf("%s=%s", appKey, appLabels[appKey]),
}
err = writeDataInPod(app, &optApp, f)
if err != nil {
e2elog.Failf("failed to write data: %v", err)
}

appTestFilePath := app.Spec.Containers[0].VolumeMounts[0].MountPath + "/test"

snap := getSnapshot(snapshotPath)
snap.Namespace = f.UniqueName
snap.Spec.Source.PersistentVolumeClaimName = &pvc.Name
err = createSnapshot(&snap, deployTimeout)
if err != nil {
e2elog.Failf("failed to create snapshot: %v", err)
}

err = appendToFileInContainer(f, app, appTestFilePath, "hello", &optApp)
if err != nil {
e2elog.Failf("failed to append data: %v", err)
}

parentFileSum, err := calculateSHA512sum(f, app, appTestFilePath, &optApp)
if err != nil {
e2elog.Failf("failed to get SHA512 sum for file: %v", err)
}

err = deleteResource(cephFSExamplePath + "storageclass.yaml")
if err != nil {
e2elog.Failf("failed to delete CephFS storageclass: %v", err)
}
err = createCephfsStorageClass(f.ClientSet, f, false, map[string]string{
"backingSnapshot": "true",
"encrypted": "true",
"encryptionKMSID": kmsId,
})
if err != nil {
e2elog.Failf("failed to create CephFS storageclass: %v", err)
}

pvcClone, err := loadPVC(pvcClonePath)
if err != nil {
e2elog.Failf("failed to load PVC: %v", err)
}
// Snapshot-backed volumes support read-only access modes only.
pvcClone.Spec.AccessModes = []v1.PersistentVolumeAccessMode{v1.ReadOnlyMany}
appClone, err := loadApp(appClonePath)
if err != nil {
e2elog.Failf("failed to load application: %v", err)
}
appCloneLabels := map[string]string{
appKey: appCloneLabel,
}
appClone.Labels = appCloneLabels
optAppClone := metav1.ListOptions{
LabelSelector: fmt.Sprintf("%s=%s", appKey, appCloneLabels[appKey]),
}
pvcClone.Namespace = f.UniqueName
appClone.Namespace = f.UniqueName
err = createPVCAndApp("", f, pvcClone, appClone, deployTimeout)
if err != nil {
e2elog.Failf("failed to create PVC and app: %v", err)
}

// Snapshot-backed volume shouldn't contribute to total subvolume count.
validateSubvolumeCount(f, 1, fileSystemName, subvolumegroup)

// Deleting snapshot before deleting pvcClone should succeed. It will be
// deleted once all volumes that are backed by this snapshot are gone.
err = deleteSnapshot(&snap, deployTimeout)
if err != nil {
e2elog.Failf("failed to delete snapshot: %v", err)
}

appCloneTestFilePath := appClone.Spec.Containers[0].VolumeMounts[0].MountPath + "/test"

snapFileSum, err := calculateSHA512sum(f, appClone, appCloneTestFilePath, &optAppClone)
if err != nil {
e2elog.Failf("failed to get SHA512 sum for file: %v", err)
}

if parentFileSum == snapFileSum {
e2elog.Failf("SHA512 sums of files in parent subvol and snapshot should differ")
}

err = deletePVCAndApp("", f, pvcClone, appClone)
if err != nil {
e2elog.Failf("failed to delete PVC or application: %v", err)
}

err = deletePVCAndApp("", f, pvc, app)
if err != nil {
e2elog.Failf("failed to delete PVC or application: %v", err)
}

err = deleteResource(cephFSExamplePath + "storageclass.yaml")
if err != nil {
e2elog.Failf("failed to delete CephFS storageclass: %v", err)
}

err = deleteResource(cephFSExamplePath + "snapshotclass.yaml")
if err != nil {
e2elog.Failf("failed to delete CephFS snapshotclass: %v", err)
}

err = createCephfsStorageClass(f.ClientSet, f, false, nil)
if err != nil {
e2elog.Failf("failed to create CephFS storageclass: %v", err)
}
})
}
}

By("checking snapshot-backed volume", func() {
err := createCephFSSnapshotClass(f)
if err != nil {
Expand Down

0 comments on commit e4897bc

Please sign in to comment.