From 2a8cc0902ebb79bd1a291cfd2d7b27c4a7c04f9b Mon Sep 17 00:00:00 2001
From: Xiubo Li <xiubli@redhat.com>
Date: Mon, 24 Oct 2022 20:56:16 +0800
Subject: [PATCH] qa: cephfs add filesystem encryption test support

This will allow us to create a encrypted test directory to do the
I/O test.

More coplex fscrypt tests we will use the xfstest-dev later.

Fixes: https://tracker.ceph.com/issues/58133
Signed-off-by: Xiubo Li <xiubli@redhat.com>
---
 qa/workunits/fs/fscrypt.sh | 119 +++++++++++++++++++++++++++++++++++++
 1 file changed, 119 insertions(+)
 create mode 100755 qa/workunits/fs/fscrypt.sh

diff --git a/qa/workunits/fs/fscrypt.sh b/qa/workunits/fs/fscrypt.sh
new file mode 100755
index 0000000000000..ca856a62e5191
--- /dev/null
+++ b/qa/workunits/fs/fscrypt.sh
@@ -0,0 +1,119 @@
+#!/usr/bin/env bash
+
+set -xe
+
+mydir=`dirname $0`
+
+if [ $# -ne 2 ]
+then
+	echo "2 parameters are required!\n"
+	echo "Usage:"
+	echo "  fscrypt.sh <type> <testdir>"
+	echo "  type: should be any of 'none', 'unlocked' or 'locked'"
+	echo "  testdir: the test direcotry name"
+	exit 1
+fi
+
+fscrypt=$1
+testcase=$2
+testdir=fscrypt_test_${fscrypt}_${testcase}
+mkdir $testdir
+
+XFSPROGS_DIR='xfprogs-dev-dir'
+XFSTESTS_DIR='xfstest-dev-dir'
+export XFS_IO_PROG="$(type -P xfs_io)"
+
+# Setup the xfstests env
+setup_xfstests_env()
+{
+	git clone https://git.ceph.com/xfstests-dev.git $XFSTESTS_DIR --depth 1
+	pushd $XFSTESTS_DIR
+	. common/encrypt
+	popd
+}
+
+install_deps()
+{
+	local system_value=$(sudo lsb_release -is | awk '{print tolower($0)}')
+	case $system_value in
+		"centos" | "centosstream" | "fedora")
+			sudo yum install -y inih-devel userspace-rcu-devel \
+				libblkid-devel gettext libedit-devel \
+				libattr-devel device-mapper-devel libicu-devel
+			;;
+		"ubuntu" | "debian")
+			sudo apt-get install -y libinih-dev liburcu-dev \
+				libblkid-dev gettext libedit-dev libattr1-dev \
+				libdevmapper-dev libicu-dev pkg-config
+			;;
+		*)
+			echo "Unsupported distro $system_value"
+			exit 1
+			;;
+	esac
+}
+
+# Install xfsprogs-dev from source to support "add_enckey" for xfs_io
+install_xfsprogs()
+{
+	local install_xfsprogs=0
+
+	xfs_io -c "help add_enckey" | grep -q 'not found' && install_xfsprogs=1
+
+	if [ $install_xfsprogs -eq 1 ]; then
+		install_deps
+
+		git clone https://git.ceph.com/xfsprogs-dev.git $XFSPROGS_DIR --depth 1
+		pushd $XFSPROGS_DIR
+		make
+		sudo make install
+		popd
+	fi
+}
+
+clean_up()
+{
+	rm -rf $XFSPROGS_DIR
+	rm -rf $XFSTESTS_DIR
+	rm -rf $testdir
+}
+
+# For now will test the V2 encryption policy only as the
+# V1 encryption policy is deprecated
+
+install_xfsprogs
+setup_xfstests_env
+
+# Generate a fixed keying identifier
+raw_key=$(_generate_raw_encryption_key)
+keyid=$(_add_enckey $testdir "$raw_key" | awk '{print $NF}')
+
+case ${fscrypt} in
+	"none")
+		# do nothing for the test directory and will test it
+		# as one non-encrypted directory.
+		pushd $testdir
+		${mydir}/../suites/${testcase}.sh
+		popd
+		clean_up
+		;;
+	"unlocked")
+		# set encrypt policy with the key provided and then
+		# the test directory will be encrypted & unlocked
+		_set_encpolicy $testdir $keyid
+		pushd $testdir
+		${mydir}/../suites/${testcase}.sh
+		popd
+		clean_up
+		;;
+	"locked")
+		# remove the key, then the test directory will be locked
+		# and any modification will be denied by requiring the key
+		_rm_enckey $testdir $keyid
+		clean_up
+		;;
+	*)
+		clean_up
+		echo "Unknown parameter $1"
+		exit 1
+esac
-- 
2.39.5