Sync the upstream changes from ceph/ceph-csi:devel into the devel branch
#140
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
As we need to compare the error type instead of the error value we need to use errors.As to check the API is implemented or not. fixes: #3347 Signed-off-by: Madhu Rajanna <[email protected]>
If any operations fails after the volume creation we will cleanup the omap objects, but it is missing if setAllMetadata fails. This commits adds the code to cleanup the rbd image if metadata operation fails. Signed-off-by: Madhu Rajanna <[email protected]>
The error message return from the GRPC should be of GRPC error messages only not the normal go errors. This commits returns GRPC error if setAllMetadata fails. Signed-off-by: Madhu Rajanna <[email protected]>
fscrypt support requires keys longer than 20 bytes. As a preparation, make the new passphrase length configurable, but default to 20 bytes. Signed-off-by: Marcel Lauhoff <[email protected]>
Fetch encryption type from vol options. Make fallback type configurable to support RBD (default block) and Ceph FS (default file) Signed-off-by: Marcel Lauhoff <[email protected]>
Add GetSecret() to allow direct access to passphrases without KDF and wrapping by a DEKStore. This will be used by fscrypt, which has its own KDF and wrapping. It will allow users to take a k8s secret, for example, and use that directly as a password in fscrypt. Signed-off-by: Marcel Lauhoff <[email protected]>
Add registry similar to the providers one. This allows testers to add and use GetKMSTestDummy() to create stripped down provider instances suitable for use in unit tests. Signed-off-by: Marcel Lauhoff <[email protected]>
Add rudimentary test to ensure that we can get a valid passphrase from the GetSecret() feature Signed-off-by: Marcel Lauhoff <[email protected]>
In preparation of fscrypt support for RBD filesystems, rename block encryption related function to include the word 'block'. Add struct fields and IsFileEncrypted. Signed-off-by: Marcel Lauhoff <[email protected]>
Add encryptionType next to kmsID to support both block and file encryption. Signed-off-by: Marcel Lauhoff <[email protected]>
Integrate google/fscrypt into Ceph CSI KMS and encryption setup. Adds dependencies to google/fscrypt and pkg/xattr. Be as generic as possible to support integration with both RBD and Ceph FS. Add the following public functions: InitializeNode: per-node initialization steps. Must be called before Unlock at least once. Unlock: All steps necessary to unlock an encrypted directory including setting it up initially. IsDirectoryUnlocked: Test if directory is really encrypted Signed-off-by: Marcel Lauhoff <[email protected]>
Signed-off-by: Marcel Lauhoff <[email protected]>
Fetch keys from KMS before doing anything else. This will catch KMS errors before setting up any fscrypt metadata. Signed-off-by: Marcel Lauhoff <[email protected]>
Fetch password when keyFn is invoked, not when it is created. This allows creation of the keyFn before actually creating the passphrase. Signed-off-by: Marcel Lauhoff <[email protected]>
Currently fscrypt supports policies version 1 and 2. 2 is the best choice and was the only choice prior to this commit. This adds support for kernels < 5.4, by selecting policy version 1 there. Signed-off-by: Marcel Lauhoff <[email protected]>
NewContextFrom{Mountpoint,Path} functions use cached
`/proc/self/mountinfo` to find mounted file systems by device ID.
Since we run fscrypt as a library in a long-lived process the cached
information is likely to be stale. Stale entries may map device IDs to
mount points of already destroyed RBDs and fail context creation.
Updating the cache beforehand prevents this.
Signed-off-by: Marcel Lauhoff <[email protected]>
Use constant protector name 'ceph-csi' instead of constant prefix concatenated with the volume ID. When cloning volumes the ID changes and fscrypt protected directories become inunlockable due to the protector name change Signed-off-by: Marcel Lauhoff <[email protected]>
Revert once our google/fscrypt dependency is upgraded to a version that includes google/fscrypt#359 gets accepted Signed-off-by: Marcel Lauhoff <[email protected]>
Call Mount.Setup with SingleUserWritable constant instead of 0o755,
which is silently ignored and causes the /.fscrypt/{policy,protector}/
directories to have mode 000.
Signed-off-by: Marcel Lauhoff <[email protected]>
Integrate basic fscrypt functionality into RBD initialization. To activate file encryption instead of block introduce the new 'encryptionType' storage class key. Signed-off-by: Marcel Lauhoff <[email protected]>
Different places have different meaningful fallback. When parsing from user we should default to block, when parsing stored config we should default to invalid and handle that as an error. Signed-off-by: Marcel Lauhoff <[email protected]>
Signed-off-by: Marcel Lauhoff <[email protected]>
Add fscrypt support to the journal to support operations like snapshotting. Signed-off-by: Marcel Lauhoff <[email protected]>
Support fscrypt on RBD snapshots Signed-off-by: Marcel Lauhoff <[email protected]>
Signed-off-by: Marcel Lauhoff <[email protected]>
Add validation functions for fscrypt on RBD volumes Signed-off-by: Marcel Lauhoff <[email protected]>
Add a `By` wrapper to parameterize encryption related test functions and run them on both block and file encryption Signed-off-by: Marcel Lauhoff <[email protected]>
Signed-off-by: Marcel Lauhoff <[email protected]>
Replace `By` with `ByFileAndBlockEncryption` in all encryption related tests to parameterize them to file and block encryption. Signed-off-by: Marcel Lauhoff <[email protected]>
Add test that enables encryption with default type. Check that we set up block encryption. Signed-off-by: Marcel Lauhoff <[email protected]>
Apply formatting for previous changes separately to make the commit diffs easier to read. Signed-off-by: Marcel Lauhoff <[email protected]>
Signed-off-by: Marcel Lauhoff <[email protected]>
Signed-off-by: Marcel Lauhoff <[email protected]>
Make iso url configurable to use pre-release minikube images or local-built (file://) Signed-off-by: Marcel Lauhoff <[email protected]>
Add type none to distinguish disabled encryption (positive result) from invalid configuration (negative result). Signed-off-by: Marcel Lauhoff <[email protected]>
Signed-off-by: Marcel Lauhoff <[email protected]>
Signed-off-by: Marcel Lauhoff <[email protected]>
Add test-rbd-fscrypt feature flag to e2e suite. Default disabled as the current CI system's kernel doesn't have the required features enabled. Signed-off-by: Marcel Lauhoff <[email protected]>
This commit makes the following changes: `Please replace \":code_blocks => false\" \` `by \":ignore_code_blocks => true\" in your configuration.` Some rules are ignore for the time being, these will be fixed later on. Signed-off-by: Rakshith R <[email protected]>
A vulnerability was found in golang.org/x/text/language package which could cause a denial of service. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. Version v0.3.8 of golang.org/x/text fixes a vulnerability. See-also: https://go.dev/issue/56152 See-also: https://bugzilla.redhat.com/CVE-2022-32149 Signed-off-by: Niels de Vos <[email protected]>
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Madhu-1, nixpanic The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Sync the upstream changes from
ceph/ceph-csi:develinto thedevelbranch.The most important recent changes that we want included are: