Regression test for CryptHandle unlocking with both keyring and Clevi…

…s enabled
stratis-storage · Oct 31, 2023 · 5c1122c · 5c1122c
1 parent 254add9
commit 5c1122c
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 4 deletions.
diff --git a/src/engine/strat_engine/backstore/crypt/mod.rs b/src/engine/strat_engine/backstore/crypt/mod.rs
@@ -376,13 +376,17 @@ mod tests {
 
             let mut device = acquire_crypt_device(handle.luks2_device_path()).unwrap();
             device.token_handle().json_get(LUKS2_TOKEN_ID).unwrap();
-            device
-                .token_handle()
-                .json_get(CLEVIS_LUKS_TOKEN_ID)
+            handle.deactivate().unwrap();
+        }
+
+        fn unlock_clevis(paths: &[&Path]) {
+            let path = paths.get(0).copied().expect("Expected exactly one path");
+            CryptHandle::setup(path, Some(UnlockMethod::Clevis))
+                .unwrap()
                 .unwrap();
         }
 
-        crypt::insert_and_cleanup_key(paths, both_initialize);
+        crypt::insert_and_remove_key(paths, both_initialize, unlock_clevis);
     }
 
     #[test]

diff --git a/src/engine/strat_engine/tests/crypt.rs b/src/engine/strat_engine/tests/crypt.rs
@@ -59,6 +59,29 @@ where
     }
 }
 
+/// Takes physical device paths from loopback or real tests and passes
+/// them through to a compatible test definition. This harness runs two test
+/// methods, one with a key description set and one after the key description
+/// used in the previous test has been unset. This can be helpful for testing cases
+/// where a key description is missing but Clevis is enabled.
+pub fn insert_and_remove_key<F1, F2>(physical_paths: &[&Path], test_pre: F1, test_post: F2)
+where
+    F1: FnOnce(&[&Path], &KeyDescription) + UnwindSafe,
+    F2: FnOnce(&[&Path]),
+{
+    let key_description = set_up_key("test-description-for-stratisd");
+
+    let result = catch_unwind(|| test_pre(physical_paths, &key_description));
+
+    StratKeyActions.unset(&key_description).unwrap();
+
+    if let Err(e) = result {
+        resume_unwind(e)
+    }
+
+    test_post(physical_paths)
+}
+
 /// Takes physical device paths from loopback or real tests and passes
 /// them through to a compatible test definition. This method
 /// will also enrich the context passed to the test with two different key