set encryption on provider client mode clusters

Signed-off-by: fbalak <[email protected]>
red-hat-storage · Jun 12, 2024 · 4fd3be1 · 4fd3be1
1 parent 4cd7593
commit 4fd3be1
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/ocs_ci/deployment/provider_client/storage_client_deployment.py b/ocs_ci/deployment/provider_client/storage_client_deployment.py
@@ -1,6 +1,7 @@
 """
 This module provides installation of ODF and native storage-client creation in provider mode
 """
+
 import logging
 import time
 
@@ -22,6 +23,7 @@
     wait_for_machineconfigpool_status,
 )
 from ocs_ci.utility import templating, version
+from ocs_ci.utility import kms as KMS
 from ocs_ci.deployment.deployment import Deployment, create_catalog_source
 from ocs_ci.deployment.baremetal import clean_disk
 from ocs_ci.ocs.resources.storage_cluster import verify_storage_cluster
@@ -176,6 +178,11 @@ def provider_and_native_client_installation(
                 )
                 self.ocp_obj.exec_oc_cmd(f"apply -f {constants.STORAGE_PROFILE_YAML}")
 
+        # Configure KMS resources on cluster if required
+        if config.DEPLOYMENT.get("kms_deployment"):
+            kms = KMS.get_kms_deployment()
+            kms.deploy()
+
         # Create storage cluster if not present already
         is_storagecluster = self.storage_cluster_obj.is_exist(
             resource_name=constants.DEFAULT_STORAGE_CLUSTER
@@ -188,6 +195,18 @@ def provider_and_native_client_installation(
                 storage_cluster_data = templating.load_yaml(
                     constants.OCS_STORAGE_CLUSTER_YAML
                 )
+                if config.ENV_DATA.get("encryption_at_rest"):
+                    logger.info("Enabling encryption at REST!")
+                    cluster_data["spec"]["encryption"] = {
+                        "enable": True,
+                    }
+                    cluster_data["spec"]["encryption"] = {
+                        "clusterWide": True,
+                    }
+                if config.DEPLOYMENT.get("kms_deployment"):
+                    cluster_data["spec"]["encryption"]["kms"] = {
+                        "enable": True,
+                    }
                 templating.dump_data_to_temp_yaml(
                     storage_cluster_data, constants.OCS_STORAGE_CLUSTER_YAML
                 )