diff --git a/index.html b/index.html index 7c4962d598..bfdcea594a 100644 --- a/index.html +++ b/index.html @@ -1,7 +1,7 @@
- +tests.common
tests.common
tests.common
+def cleanup_crypto_secret()
+
def cleanup_crypto_secret():
+ secret_deletes = ["longhorn-crypto"]
+ api = get_core_api_client()
+ ret = api.list_namespaced_secret(namespace=LONGHORN_NAMESPACE)
+ for sc in ret.items:
+ if sc.metadata.name in secret_deletes:
+ delete_crypto_secret(sc.metadata.name)
+
+ ok = False
+ for _ in range(RETRY_COUNTS):
+ ok = True
+ ret = api.list_namespaced_secret(namespace=LONGHORN_NAMESPACE)
+ for s in ret.items:
+ if s.metadata.name in secret_deletes:
+ ok = False
+ break
+ if ok:
+ break
+ time.sleep(RETRY_INTERVAL)
+ assert ok
+
def cleanup_host_disk(vol_name)
+def create_crypto_secret(secret_manifest)
+
def create_crypto_secret(secret_manifest):
+ api = get_core_api_client()
+ api.create_namespaced_secret(namespace=LONGHORN_NAMESPACE,
+ body=secret_manifest)
+
def create_host_disk(client, vol_name, size, node_id)
+def crypto_secret(request)
+
@pytest.fixture
+def crypto_secret(request):
+ manifest = {
+ 'apiVersion': 'v1',
+ 'kind': 'Secret',
+ 'metadata': {
+ 'name': 'longhorn-crypto',
+ 'namespace': 'longhorn-system',
+ },
+ 'stringData': {
+ 'CRYPTO_KEY_VALUE': 'simple',
+ 'CRYPTO_KEY_PROVIDER': 'secret'
+ }
+ }
+
+ def finalizer():
+ api = get_core_api_client()
+ try:
+ api.delete_namespaced_secret(
+ name=manifest['metadata']['name'],
+ namespace=manifest['metadata']['namespace'])
+ except ApiException as e:
+ assert e.status == 404
+
+ request.addfinalizer(finalizer)
+
+ return manifest
+
def csi_pv(request)
+def delete_crypto_secret(secret_manifest)
+
def delete_crypto_secret(secret_manifest):
+ api = get_core_api_client()
+ try:
+ api.delete_namespaced_secret(secret_manifest,
+ body=k8sclient.V1DeleteOptions())
+ except ApiException as e:
+ assert e.status == 404
+
def delete_replica_on_test_node(client, volume_name)
cleanup_all_support_bundles
cleanup_all_volumes
cleanup_client
cleanup_crypto_secret
cleanup_host_disk
cleanup_host_disks
cleanup_node_disks
create_backing_image_with_matching_url
create_backup
create_backup_from_volume_attached_to_pod
create_crypto_secret
create_host_disk
create_pv_for_volume
create_pvc
create_volume
create_volume_and_backup
create_volume_and_write_data
crypto_secret
csi_pv
csi_pv_backingimage
csi_pvc_name
delete_and_wait_volume_attachment
delete_backup
delete_backup_volume
delete_crypto_secret
delete_replica_on_test_node
delete_replica_processes
delete_statefulset
tests.test_csi
tests.test_csi
tests.test_csi
tests.test_csi
+def create_and_verify_block_volume(client, core_api, storage_class, pvc, pod_manifest)
+
def create_and_verify_block_volume(client, core_api, storage_class, pvc, pod_manifest): # NOQA
+ pod_name = 'csi-block-volume-test'
+ pvc_name = pod_name + "-pvc"
+ device_path = "/dev/longhorn/longhorn-test-blk"
+
+ pvc['metadata']['name'] = pvc_name
+ pvc['spec']['volumeMode'] = 'Block'
+ pvc['spec']['storageClassName'] = storage_class['metadata']['name']
+ pvc['spec']['resources'] = {
+ 'requests': {
+ 'storage': size_to_string(1 * Gi)
+ }
+ }
+ pod_manifest['metadata']['name'] = pod_name
+ pod_manifest['spec']['volumes'] = [{
+ 'name': 'longhorn-blk',
+ 'persistentVolumeClaim': {
+ 'claimName': pvc_name,
+ },
+ }]
+ pod_manifest['spec']['containers'][0]['volumeMounts'] = []
+ pod_manifest['spec']['containers'][0]['volumeDevices'] = [
+ {'name': 'longhorn-blk', 'devicePath': device_path}
+ ]
+
+ create_pvc(pvc)
+ pv_name = wait_and_get_pv_for_pvc(core_api, pvc_name).metadata.name
+ create_and_wait_pod(core_api, pod_manifest)
+
+ test_data = generate_random_data(VOLUME_RWTEST_SIZE)
+ test_offset = random.randint(0, VOLUME_RWTEST_SIZE)
+ write_pod_block_volume_data(
+ core_api, pod_name, test_data, test_offset, device_path)
+ returned_data = read_pod_block_volume_data(
+ core_api, pod_name, len(test_data), test_offset, device_path
+ )
+ assert test_data == returned_data
+ md5_sum = get_pod_data_md5sum(
+ core_api, pod_name, device_path)
+
+ delete_and_wait_pod(core_api, pod_name)
+ common.wait_for_volume_detached(client, pv_name)
+
+ pod_name_2 = 'csi-block-volume-test-reuse'
+ pod_manifest['metadata']['name'] = pod_name_2
+ create_and_wait_pod(core_api, pod_manifest)
+
+ returned_data = read_pod_block_volume_data(
+ core_api, pod_name_2, len(test_data), test_offset, device_path
+ )
+ assert test_data == returned_data
+ md5_sum_2 = get_pod_data_md5sum(
+ core_api, pod_name_2, device_path)
+ assert md5_sum == md5_sum_2
+
+ delete_and_wait_pod(core_api, pod_name_2)
+ delete_and_wait_pvc(core_api, pvc_name)
+ delete_and_wait_pv(core_api, pv_name)
+
def create_and_wait_csi_pod(pod_name, client, core_api, csi_pv, pvc, pod_make, backing_image, from_backup)
@@ -1538,6 +1593,53 @@ Functions
assert pod_dev_md5 == volume_dev_md5
+
+def test_csi_encrypted_block_volume(client, core_api, storage_class, crypto_secret, pvc, pod_manifest)
+
Test CSI feature: encrypted block volume
+volumeMode = Block
test_data
and write to the block volume directly in the podpod2
to use the same volumepod2
is consistent with test_data
@pytest.mark.csi # NOQA
+def test_csi_encrypted_block_volume(client, core_api, storage_class, crypto_secret, pvc, pod_manifest): # NOQA
+ """
+ Test CSI feature: encrypted block volume
+
+ 1. Create a PVC with encrypted `volumeMode = Block`
+ 2. Create a pod using the PVC to dynamic provision a volume
+ 3. Verify the pod creation
+ 4. Generate `test_data` and write to the block volume directly in the pod
+ 5. Read the data back for validation
+ 6. Delete the pod and create `pod2` to use the same volume
+ 7. Validate the data in `pod2` is consistent with `test_data`
+ """
+
+ create_crypto_secret(crypto_secret)
+
+ storage_class['reclaimPolicy'] = 'Retain'
+ storage_class['parameters']['csi.storage.k8s.io/provisioner-secret-name'] = 'longhorn-crypto' # NOQA
+ storage_class['parameters']['csi.storage.k8s.io/provisioner-secret-namespace'] = LONGHORN_NAMESPACE # NOQA
+ storage_class['parameters']['csi.storage.k8s.io/node-publish-secret-name'] = 'longhorn-crypto' # NOQA
+ storage_class['parameters']['csi.storage.k8s.io/node-publish-secret-namespace'] = LONGHORN_NAMESPACE # NOQA
+ storage_class['parameters']['csi.storage.k8s.io/node-stage-secret-name'] = 'longhorn-crypto' # NOQA
+ storage_class['parameters']['csi.storage.k8s.io/node-stage-secret-namespace'] = LONGHORN_NAMESPACE # NOQA
+ create_storage_class(storage_class)
+
+ create_and_verify_block_volume(client, core_api, storage_class, pvc,
+ pod_manifest)
+
def test_csi_expansion_with_replica_failure(client, core_api, storage_class, pvc, pod_manifest)
backupstore_test
create_and_verify_block_volume
create_and_wait_csi_pod
create_and_wait_csi_pod_named_pv
create_pv_storage
test_csi_backup
test_csi_block_volume
test_csi_block_volume_online_expansion
test_csi_encrypted_block_volume
test_csi_expansion_with_replica_failure
test_csi_io
test_csi_minimal_volume_size