From c9508e5f29d6085ec8d4884ed57e1fc6933a7c7e Mon Sep 17 00:00:00 2001
From: John Baublitz <jbaublitz@redhat.com>
Date: Mon, 30 Oct 2023 11:13:07 -0400
Subject: [PATCH] Regression test for CryptHandle unlocking with both keyring
 and Clevis enabled

---
 .../strat_engine/backstore/crypt/mod.rs       | 23 +++++++++++++++----
 src/engine/strat_engine/tests/crypt.rs        | 23 +++++++++++++++++++
 2 files changed, 41 insertions(+), 5 deletions(-)

diff --git a/src/engine/strat_engine/backstore/crypt/mod.rs b/src/engine/strat_engine/backstore/crypt/mod.rs
index 9f2d009b6c4..36397a3d198 100644
--- a/src/engine/strat_engine/backstore/crypt/mod.rs
+++ b/src/engine/strat_engine/backstore/crypt/mod.rs
@@ -376,13 +376,26 @@ mod tests {
 
             let mut device = acquire_crypt_device(handle.luks2_device_path()).unwrap();
             device.token_handle().json_get(LUKS2_TOKEN_ID).unwrap();
-            device
-                .token_handle()
-                .json_get(CLEVIS_LUKS_TOKEN_ID)
-                .unwrap();
+            handle.deactivate().unwrap();
+        }
+
+        fn unlock_clevis(paths: &[&Path]) {
+            let path = paths.get(0).copied().expect("Expected exactly one path");
+            {
+                let handle = CryptHandle::setup(path, Some(UnlockMethod::Keyring))
+                    .unwrap()
+                    .unwrap();
+                handle.deactivate().unwrap();
+            }
+            {
+                let handle = CryptHandle::setup(path, Some(UnlockMethod::Clevis))
+                    .unwrap()
+                    .unwrap();
+                handle.deactivate().unwrap();
+            }
         }
 
-        crypt::insert_and_cleanup_key(paths, both_initialize);
+        crypt::insert_and_remove_key(paths, both_initialize, unlock_clevis);
     }
 
     #[test]
diff --git a/src/engine/strat_engine/tests/crypt.rs b/src/engine/strat_engine/tests/crypt.rs
index dc8866abe72..2ab40179e15 100644
--- a/src/engine/strat_engine/tests/crypt.rs
+++ b/src/engine/strat_engine/tests/crypt.rs
@@ -59,6 +59,29 @@ where
     }
 }
 
+/// Takes physical device paths from loopback or real tests and passes
+/// them through to a compatible test definition. This harness runs two test
+/// methods, one with a key description set and one after the key description
+/// used in the previous test has been unset. This can be helpful for testing cases
+/// where a key description is missing but Clevis is enabled.
+pub fn insert_and_remove_key<F1, F2>(physical_paths: &[&Path], test_pre: F1, test_post: F2)
+where
+    F1: FnOnce(&[&Path], &KeyDescription) + UnwindSafe,
+    F2: FnOnce(&[&Path]),
+{
+    let key_description = set_up_key("test-description-for-stratisd");
+
+    let result = catch_unwind(|| test_pre(physical_paths, &key_description));
+
+    StratKeyActions.unset(&key_description).unwrap();
+
+    if let Err(e) = result {
+        resume_unwind(e)
+    }
+
+    test_post(physical_paths)
+}
+
 /// Takes physical device paths from loopback or real tests and passes
 /// them through to a compatible test definition. This method
 /// will also enrich the context passed to the test with two different key