diff --git a/src/engine/strat_engine/backstore/crypt/mod.rs b/src/engine/strat_engine/backstore/crypt/mod.rs index 9f2d009b6c..69443f91f6 100644 --- a/src/engine/strat_engine/backstore/crypt/mod.rs +++ b/src/engine/strat_engine/backstore/crypt/mod.rs @@ -380,9 +380,17 @@ mod tests { .token_handle() .json_get(CLEVIS_LUKS_TOKEN_ID) .unwrap(); + handle.deactivate().unwrap(); + } + + fn unlock_clevis(paths: &[&Path]) { + let path = paths.get(0).copied().expect("Expected exactly one path"); + CryptHandle::setup(path, Some(UnlockMethod::Clevis)) + .unwrap() + .unwrap(); } - crypt::insert_and_cleanup_key(paths, both_initialize); + crypt::insert_and_remove_key(paths, both_initialize, unlock_clevis); } #[test] diff --git a/src/engine/strat_engine/tests/crypt.rs b/src/engine/strat_engine/tests/crypt.rs index dc8866abe7..2ab40179e1 100644 --- a/src/engine/strat_engine/tests/crypt.rs +++ b/src/engine/strat_engine/tests/crypt.rs @@ -59,6 +59,29 @@ where } } +/// Takes physical device paths from loopback or real tests and passes +/// them through to a compatible test definition. This harness runs two test +/// methods, one with a key description set and one after the key description +/// used in the previous test has been unset. This can be helpful for testing cases +/// where a key description is missing but Clevis is enabled. +pub fn insert_and_remove_key(physical_paths: &[&Path], test_pre: F1, test_post: F2) +where + F1: FnOnce(&[&Path], &KeyDescription) + UnwindSafe, + F2: FnOnce(&[&Path]), +{ + let key_description = set_up_key("test-description-for-stratisd"); + + let result = catch_unwind(|| test_pre(physical_paths, &key_description)); + + StratKeyActions.unset(&key_description).unwrap(); + + if let Err(e) = result { + resume_unwind(e) + } + + test_post(physical_paths) +} + /// Takes physical device paths from loopback or real tests and passes /// them through to a compatible test definition. This method /// will also enrich the context passed to the test with two different key