[Cherry-pick-9177][release-4.14] Replacing crypt device check from po…

…d to node. (#10039)


Signed-off-by: Parag Kamble <[email protected]>

ocs_ci/ocs/node.py

@@ -2849,3 +2849,44 @@ def is_node_rack_or_zone_exist(failure_domain, node_name):
     """
     node_obj = get_node_objs([node_name])[0]
     return get_node_rack_or_zone(failure_domain, node_obj) is not None
+
+
+def list_encrypted_rbd_devices_on_node(node):
+    """
+    Get rbd crypt devices from the node
+
+    Args:
+        node: node name
+
+    Returns:
+        List of encrypted osd device names
+    """
+    node_obj = OCP(kind="node")
+    crypt_devices_out = node_obj.exec_oc_debug_cmd(
+        node=node,
+        cmd_list=["lsblk | grep crypt | awk '{print $1}'"],
+    ).split("\n")
+    crypt_devices = [device.strip() for device in crypt_devices_out if device != ""]
+    return crypt_devices
+
+
+def verify_crypt_device_present_on_node(node, vol_handle):
+    """
+    Find the crypt device maching for given volume handle.
+
+    Args:
+        node : node name
+        vol_handle : volumen handle name.
+    Returns:
+        bool: True if volume handle device found on the node, False otherwise
+    """
+    device_list = list_encrypted_rbd_devices_on_node(node)
+    crypt_device = [device for device in device_list if vol_handle in device]
+    if not crypt_device:
+        log.error(
+            f"crypt device for volume handle {vol_handle} not present on node : {node}"
+        )
+        return False
+
+    log.info(f"Crypt device for volume handle {vol_handle} present on the node: {node}")
+    return True

tests/manage/pv_services/pv_encryption/test_encrypted_rbd_pvc_clone.py

@@ -24,6 +24,7 @@
 )
 from ocs_ci.utility import kms
 from semantic_version import Version
+from ocs_ci.ocs.node import verify_crypt_device_present_on_node
 
 
 log = logging.getLogger(__name__)
@@ -162,14 +163,11 @@ def test_pvc_to_pvc_clone(self, kv_version, kms_provider, pod_factory):
 
         log.info("Checking for encrypted device and running IO on all pods")
         for vol_handle, pod_obj in zip(self.vol_handles, self.pod_objs):
-            if pod_obj.exec_sh_cmd_on_pod(
-                command=f"lsblk | grep {vol_handle} | grep crypt"
-            ):
-                log.info(f"Encrypted device found in {pod_obj.name}")
-            else:
-                raise ResourceNotFoundError(
-                    f"Encrypted device not found in {pod_obj.name}"
-                )
+            node = pod_obj.get_node()
+            assert verify_crypt_device_present_on_node(
+                node, vol_handle
+            ), f"Crypt devicve {vol_handle} not found on node:{node}"
+
             log.info(f"File created during IO {pod_obj.name}")
             pod_obj.run_io(
                 storage_type="block",
@@ -244,14 +242,10 @@ def test_pvc_to_pvc_clone(self, kv_version, kms_provider, pod_factory):
                     )
         # Verify encrypted device is present and md5sum on all pods
         for vol_handle, pod_obj in zip(cloned_vol_handles, cloned_pod_objs):
-            if pod_obj.exec_sh_cmd_on_pod(
-                command=f"lsblk | grep {vol_handle} | grep crypt"
-            ):
-                log.info(f"Encrypted device found in {pod_obj.name}")
-            else:
-                raise ResourceNotFoundError(
-                    f"Encrypted device not found in {pod_obj.name}"
-                )
+            node = pod_obj.get_node()
+            assert verify_crypt_device_present_on_node(
+                node, vol_handle
+            ), f"Crypt devicve {vol_handle} not found on node:{node}"
 
             log.info(f"Verifying md5sum on pod {pod_obj.name}")
             pod.verify_data_integrity(

tests/manage/pv_services/pv_encryption/test_encrypted_rbd_pvc_snapshot.py

@@ -26,6 +26,7 @@
 )
 from ocs_ci.utility import kms
 from semantic_version import Version
+from ocs_ci.ocs.node import verify_crypt_device_present_on_node
 
 log = logging.getLogger(__name__)
 
@@ -171,15 +172,10 @@ def test_encrypted_rbd_block_pvc_snapshot(
         )
         for vol_handle, pod_obj in zip(self.vol_handles, self.pod_objs):
 
-            # Verify whether encrypted device is present inside the pod
-            if pod_obj.exec_sh_cmd_on_pod(
-                command=f"lsblk | grep {vol_handle} | grep crypt"
-            ):
-                log.info(f"Encrypted device found in {pod_obj.name}")
-            else:
-                raise ResourceNotFoundError(
-                    f"Encrypted device not found in {pod_obj.name}"
-                )
+            node = pod_obj.get_node()
+            assert verify_crypt_device_present_on_node(
+                node, vol_handle
+            ), f"Crypt devicve {vol_handle} not found on node:{node}"
 
             # Find initial md5sum
             pod_obj.md5sum_before_io = cal_md5sum(
@@ -331,14 +327,10 @@ def test_encrypted_rbd_block_pvc_snapshot(
 
         # Verify encrypted device is present and md5sum on all pods
         for vol_handle, pod_obj in zip(restore_vol_handles, restore_pod_objs):
-            if pod_obj.exec_sh_cmd_on_pod(
-                command=f"lsblk | grep {vol_handle} | grep crypt"
-            ):
-                log.info(f"Encrypted device found in {pod_obj.name}")
-            else:
-                raise ResourceNotFoundError(
-                    f"Encrypted device not found in {pod_obj.name}"
-                )
+            node = pod_obj.get_node()
+            assert verify_crypt_device_present_on_node(
+                node, vol_handle
+            ), f"Crypt devicve {vol_handle} not found on node:{node}"
 
             log.info(f"Verifying md5sum on pod {pod_obj.name}")
             verify_data_integrity(

tests/manage/pv_services/pv_encryption/test_kmip_rbd_pv_encryption.py

@@ -17,6 +17,7 @@
     create_pods,
 )
 from ocs_ci.ocs import constants
+from ocs_ci.ocs.node import verify_crypt_device_present_on_node
 
 
 log = logging.getLogger(__name__)
@@ -103,12 +104,10 @@ def test_rbd_pv_encryption_kmip(
 
         # Verify whether encrypted device is present inside the pod and run IO
         for vol_handle, pod_obj in zip(vol_handles, pod_objs):
-            if pod_obj.exec_sh_cmd_on_pod(
-                command=f"lsblk | grep {vol_handle} | grep crypt"
-            ):
-                log.info(f"Encrypted device found in {pod_obj.name}")
-            else:
-                log.error(f"Encrypted device not found in {pod_obj.name}")
+            node = pod_obj.get_node()
+            assert verify_crypt_device_present_on_node(
+                node, vol_handle
+            ), f"Crypt devicve {vol_handle} not found on node:{node}"
 
             pod_obj.run_io(
                 storage_type="block",

tests/manage/pv_services/pv_encryption/test_rbd_pv_encryption.py

@@ -22,6 +22,7 @@
 )
 from ocs_ci.utility import kms
 from semantic_version import Version
+from ocs_ci.ocs.node import verify_crypt_device_present_on_node
 
 
 log = logging.getLogger(__name__)
@@ -161,12 +162,10 @@ def test_rbd_pv_encryption(
 
         # Verify whether encrypted device is present inside the pod and run IO
         for vol_handle, pod_obj in zip(vol_handles, pod_objs):
-            if pod_obj.exec_sh_cmd_on_pod(
-                command=f"lsblk | grep {vol_handle} | grep crypt"
-            ):
-                log.info(f"Encrypted device found in {pod_obj.name}")
-            else:
-                log.error(f"Encrypted device not found in {pod_obj.name}")
+            node = pod_obj.get_node()
+            assert verify_crypt_device_present_on_node(
+                node, vol_handle
+            ), f"Crypt devicve {vol_handle} not found on node:{node}"
 
             pod_obj.run_io(
                 storage_type="block",

tests/manage/pv_services/pv_encryption/test_rbd_pv_encryption_vaulttenantsa.py

@@ -22,6 +22,7 @@
     ResourceNotFoundError,
 )
 from ocs_ci.utility import kms
+from ocs_ci.ocs.node import verify_crypt_device_present_on_node
 
 log = logging.getLogger(__name__)
 
@@ -148,14 +149,10 @@ def test_rbd_pv_encryption_vaulttenantsa(
 
         # Verify whether encrypted device is present inside the pod and run IO
         for vol_handle, pod_obj in zip(vol_handles, pod_objs):
-            if pod_obj.exec_sh_cmd_on_pod(
-                command=f"lsblk | grep {vol_handle} | grep crypt"
-            ):
-                log.info(f"Encrypted device found in {pod_obj.name}")
-            else:
-                raise ResourceNotFoundError(
-                    f"Encrypted device not found in {pod_obj.name}"
-                )
+            node = pod_obj.get_node()
+            assert verify_crypt_device_present_on_node(
+                node, vol_handle
+            ), f"Crypt devicve {vol_handle} not found on node:{node}"
 
             pod_obj.run_io(
                 storage_type="block",

tests/ui/test_pv_encryption_ui.py

@@ -31,6 +31,7 @@
 from ocs_ci.utility.utils import get_vault_cli, get_ocp_version
 from ocs_ci.ocs import constants
 from ocs_ci.utility import version
+from ocs_ci.ocs.node import verify_crypt_device_present_on_node
 
 logger = logging.getLogger(__name__)
 
@@ -228,12 +229,10 @@ def test_for_encrypted_pv_ui(
             "Verify whether encrypted device is present inside the pod and run IO"
         )
         for vol_handle, pod_obj in zip(vol_handles, pod_objs):
-            if pod_obj.exec_sh_cmd_on_pod(
-                command=f"lsblk | grep {vol_handle} | grep crypt"
-            ):
-                logger.info(f"Encrypted device found in {pod_obj.name}")
-            else:
-                logger.error(f"Encrypted device not found in {pod_obj.name}")
+            node = pod_obj.get_node()
+            assert verify_crypt_device_present_on_node(
+                node, vol_handle
+            ), f"Crypt devicve {vol_handle} not found on node:{node}"
 
             logger.info(f"Running FIO on Pod '{pod_obj.name}'")
             pod_obj.run_io(