From 4d4ead26dd85c8830d35b787ffef182772d7d596 Mon Sep 17 00:00:00 2001 From: Niels de Vos Date: Tue, 9 Feb 2021 17:09:44 +0100 Subject: [PATCH] e2e: use secret with "encryptionPassphrase" for RBD tests The e2e tests create a Secret for using with the RBD StorageClass. However this Secret was not used, instead the Rook generated Secret was linked in the StorageClass. By using our own Secret from the examples, Rook should not touch it when we make modifications. In addition, no modifications are needed for encryption anymore, as these are included in the example. Updates: #1795 Signed-off-by: Niels de Vos (cherry picked from commit 5bcd5cb928e6d5b0692d8a8be8236e5e9e0eabb5) --- e2e/rbd_helper.go | 7 +++---- e2e/utils.go | 38 +++++--------------------------------- 2 files changed, 8 insertions(+), 37 deletions(-) diff --git a/e2e/rbd_helper.go b/e2e/rbd_helper.go index 5cdd149e1..f46c460b0 100644 --- a/e2e/rbd_helper.go +++ b/e2e/rbd_helper.go @@ -37,13 +37,13 @@ func createRBDStorageClass(c kubernetes.Interface, f *framework.Framework, scOpt return nil } sc.Parameters["pool"] = defaultRBDPool - sc.Parameters["csi.storage.k8s.io/provisioner-secret-namespace"] = rookNamespace + sc.Parameters["csi.storage.k8s.io/provisioner-secret-namespace"] = cephCSINamespace sc.Parameters["csi.storage.k8s.io/provisioner-secret-name"] = rbdProvisionerSecretName - sc.Parameters["csi.storage.k8s.io/controller-expand-secret-namespace"] = rookNamespace + sc.Parameters["csi.storage.k8s.io/controller-expand-secret-namespace"] = cephCSINamespace sc.Parameters["csi.storage.k8s.io/controller-expand-secret-name"] = rbdProvisionerSecretName - sc.Parameters["csi.storage.k8s.io/node-stage-secret-namespace"] = rookNamespace + sc.Parameters["csi.storage.k8s.io/node-stage-secret-namespace"] = cephCSINamespace sc.Parameters["csi.storage.k8s.io/node-stage-secret-name"] = rbdNodePluginSecretName fsID, stdErr, err := execCommandInToolBoxPod(f, "ceph fsid", rookNamespace) @@ -139,7 +139,6 @@ func createRBDSecret(c kubernetes.Interface, f *framework.Framework) error { return err } - err = updateSecretForEncryption(c) return err } diff --git a/e2e/utils.go b/e2e/utils.go index c45d07467..1250f3e3c 100644 --- a/e2e/utils.go +++ b/e2e/utils.go @@ -32,9 +32,11 @@ const ( cephfsNodePluginSecretName = "rook-csi-cephfs-node" cephfsProvisionerSecretName = "rook-csi-cephfs-provisioner" - // rook created rbd user - rbdNodePluginSecretName = "rook-csi-rbd-node" - rbdProvisionerSecretName = "rook-csi-rbd-provisioner" + // Secret created inside the cephCSINamespace, can be modified. The + // Rook secrets get reconciled and changes are undone (needed for + // encryption). + rbdNodePluginSecretName = "csi-rbd-secret" + rbdProvisionerSecretName = "csi-rbd-secret" rookTolBoxPodLabel = "app=rook-ceph-tools" rbdmountOptions = "mountOptions" @@ -102,36 +104,6 @@ func getSecret(path string) (v1.Secret, error) { return sc, nil } -// updateSecretForEncryption is an hack to update the secrets created by rook to -// include the encryption key -// TODO in cephcsi we need to create own users in ceph cluster and use it for E2E. -func updateSecretForEncryption(c kubernetes.Interface) error { - secrets, err := c.CoreV1().Secrets(rookNamespace).Get(context.TODO(), rbdProvisionerSecretName, metav1.GetOptions{}) - if err != nil { - return err - } - - secrets.Data["encryptionPassphrase"] = []byte("test_passphrase") - - _, err = c.CoreV1().Secrets(rookNamespace).Update(context.TODO(), secrets, metav1.UpdateOptions{}) - if err != nil { - return err - } - - secrets, err = c.CoreV1().Secrets(rookNamespace).Get(context.TODO(), rbdNodePluginSecretName, metav1.GetOptions{}) - if err != nil { - return err - } - - secrets.Data["encryptionPassphrase"] = []byte("test_passphrase") - - _, err = c.CoreV1().Secrets(rookNamespace).Update(context.TODO(), secrets, metav1.UpdateOptions{}) - if err != nil { - return err - } - return nil -} - func deleteResource(scPath string) error { data, err := replaceNamespaceInTemplate(scPath) if err != nil {