Merge pull request #3486 from jbaublitz/regression-test

Regression test for CryptHandle unlocking with both keyring and Clevis enabled
stratis-storage · Oct 31, 2023 · e8c9365 · e8c9365
2 parents b449506 + fa2807a
commit e8c9365
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 2 deletions.
diff --git a/src/engine/strat_engine/backstore/crypt/mod.rs b/src/engine/strat_engine/backstore/crypt/mod.rs
@@ -380,9 +380,17 @@ mod tests {
                 .token_handle()
                 .json_get(CLEVIS_LUKS_TOKEN_ID)
                 .unwrap();
+            handle.deactivate().unwrap();
+        }
+
+        fn unlock_clevis(paths: &[&Path]) {
+            let path = paths.get(0).copied().expect("Expected exactly one path");
+            CryptHandle::setup(path, Some(UnlockMethod::Clevis))
+                .unwrap()
+                .unwrap();
         }
 
-        crypt::insert_and_cleanup_key(paths, both_initialize);
+        crypt::insert_and_remove_key(paths, both_initialize, unlock_clevis);
     }
 
     #[test]

diff --git a/src/engine/strat_engine/backstore/crypt/shared.rs b/src/engine/strat_engine/backstore/crypt/shared.rs
@@ -756,7 +756,7 @@ pub fn activate(
     unlock_method: UnlockMethod,
     name: &DmName,
 ) -> StratisResult<()> {
-    if let Some(kd) = key_desc {
+    if let (Some(kd), UnlockMethod::Keyring) = (key_desc, unlock_method) {
         let key_description_missing = keys::search_key_persistent(kd)
             .map_err(|_| {
                 StratisError::Msg(format!(

diff --git a/src/engine/strat_engine/tests/crypt.rs b/src/engine/strat_engine/tests/crypt.rs
@@ -59,6 +59,29 @@ where
     }
 }
 
+/// Takes physical device paths from loopback or real tests and passes
+/// them through to a compatible test definition. This harness runs two test
+/// methods, one with a key description set and one after the key description
+/// used in the previous test has been unset. This can be helpful for testing cases
+/// where a key description is missing but Clevis is enabled.
+pub fn insert_and_remove_key<F1, F2>(physical_paths: &[&Path], test_pre: F1, test_post: F2)
+where
+    F1: FnOnce(&[&Path], &KeyDescription) + UnwindSafe,
+    F2: FnOnce(&[&Path]),
+{
+    let key_description = set_up_key("test-description-for-stratisd");
+
+    let result = catch_unwind(|| test_pre(physical_paths, &key_description));
+
+    StratKeyActions.unset(&key_description).unwrap();
+
+    if let Err(e) = result {
+        resume_unwind(e)
+    }
+
+    test_post(physical_paths)
+}
+
 /// Takes physical device paths from loopback or real tests and passes
 /// them through to a compatible test definition. This method
 /// will also enrich the context passed to the test with two different key