Replacing crypt device check from pod to node. (#9177)

Signed-off-by: Parag Kamble <[email protected]>

ocs_ci/ocs/node.py

@@ -2850,3 +2850,46 @@ def is_node_rack_or_zone_exist(failure_domain, node_name):
     """
     node_obj = get_node_objs([node_name])[0]
     return get_node_rack_or_zone(failure_domain, node_obj) is not None
+
+
+def list_encrypted_rbd_devices_onnode(node):
+    """
+    Get rbd crypt devices from the node
+
+    Args:
+        node: node name
+
+    Returns:
+        List of encrypted osd device names
+    """
+    node_obj = OCP(kind="node")
+    crypt_devices_out = node_obj.exec_oc_debug_cmd(
+        node=node,
+        cmd_list=["lsblk | grep crypt | awk '{print $1}'"],
+    ).split("\n")
+    crypt_devices = [device.strip() for device in crypt_devices_out if device != ""]
+    return crypt_devices
+
+
+def verify_crypt_device_present_onnode(node, vol_handle):
+    """
+    Find the crypt device maching for given volume handle.
+
+    Args:
+        node : node name
+        vol_handle : volumen handle name.
+
+    Returns:
+        True: if volume handle device found on the node.
+        False: if volume handle device not found on the node.
+    """
+    device_list = list_encrypted_rbd_devices_onnode(node)
+    crypt_device = [device for device in device_list if vol_handle in device]
+    if not crypt_device:
+        log.error(
+            f"crypt device for volume handle {vol_handle} not present on node : {node}"
+        )
+        return False
+
+    log.info(f"Crypt device for volume handle {vol_handle} present on the node: {node}")
+    return True

tests/functional/pv/pv_encryption/test_encrypted_rbd_pvc_clone.py

@@ -25,6 +25,7 @@
 )
 from ocs_ci.utility import kms
 from semantic_version import Version
+from ocs_ci.ocs.node import verify_crypt_device_present_onnode
 
 
 log = logging.getLogger(__name__)
@@ -164,14 +165,11 @@ def test_pvc_to_pvc_clone(self, kv_version, kms_provider, pod_factory):
 
         log.info("Checking for encrypted device and running IO on all pods")
         for vol_handle, pod_obj in zip(self.vol_handles, self.pod_objs):
-            if pod_obj.exec_sh_cmd_on_pod(
-                command=f"lsblk | grep {vol_handle} | grep crypt"
-            ):
-                log.info(f"Encrypted device found in {pod_obj.name}")
-            else:
-                raise ResourceNotFoundError(
-                    f"Encrypted device not found in {pod_obj.name}"
-                )
+            node = pod_obj.get_node()
+            assert verify_crypt_device_present_onnode(
+                node, vol_handle
+            ), f"Crypt devicve {vol_handle} not found on node:{node}"
+
             log.info(f"File created during IO {pod_obj.name}")
             pod_obj.run_io(
                 storage_type="block",
@@ -246,14 +244,10 @@ def test_pvc_to_pvc_clone(self, kv_version, kms_provider, pod_factory):
                     )
         # Verify encrypted device is present and md5sum on all pods
         for vol_handle, pod_obj in zip(cloned_vol_handles, cloned_pod_objs):
-            if pod_obj.exec_sh_cmd_on_pod(
-                command=f"lsblk | grep {vol_handle} | grep crypt"
-            ):
-                log.info(f"Encrypted device found in {pod_obj.name}")
-            else:
-                raise ResourceNotFoundError(
-                    f"Encrypted device not found in {pod_obj.name}"
-                )
+            node = pod_obj.get_node()
+            assert verify_crypt_device_present_onnode(
+                node, vol_handle
+            ), f"Crypt devicve {vol_handle} not found on node:{node}"
 
             log.info(f"Verifying md5sum on pod {pod_obj.name}")
             pod.verify_data_integrity(

tests/functional/pv/pv_encryption/test_encrypted_rbd_pvc_snapshot.py

@@ -27,6 +27,7 @@
 )
 from ocs_ci.utility import kms
 from semantic_version import Version
+from ocs_ci.ocs.node import verify_crypt_device_present_onnode
 
 log = logging.getLogger(__name__)
 
@@ -173,15 +174,10 @@ def test_encrypted_rbd_block_pvc_snapshot(
         )
         for vol_handle, pod_obj in zip(self.vol_handles, self.pod_objs):
 
-            # Verify whether encrypted device is present inside the pod
-            if pod_obj.exec_sh_cmd_on_pod(
-                command=f"lsblk | grep {vol_handle} | grep crypt"
-            ):
-                log.info(f"Encrypted device found in {pod_obj.name}")
-            else:
-                raise ResourceNotFoundError(
-                    f"Encrypted device not found in {pod_obj.name}"
-                )
+            node = pod_obj.get_node()
+            assert verify_crypt_device_present_onnode(
+                node, vol_handle
+            ), f"Crypt devicve {vol_handle} not found on node:{node}"
 
             # Find initial md5sum
             pod_obj.md5sum_before_io = cal_md5sum(
@@ -333,14 +329,10 @@ def test_encrypted_rbd_block_pvc_snapshot(
 
         # Verify encrypted device is present and md5sum on all pods
         for vol_handle, pod_obj in zip(restore_vol_handles, restore_pod_objs):
-            if pod_obj.exec_sh_cmd_on_pod(
-                command=f"lsblk | grep {vol_handle} | grep crypt"
-            ):
-                log.info(f"Encrypted device found in {pod_obj.name}")
-            else:
-                raise ResourceNotFoundError(
-                    f"Encrypted device not found in {pod_obj.name}"
-                )
+            node = pod_obj.get_node()
+            assert verify_crypt_device_present_onnode(
+                node, vol_handle
+            ), f"Crypt devicve {vol_handle} not found on node:{node}"
 
             log.info(f"Verifying md5sum on pod {pod_obj.name}")
             verify_data_integrity(

tests/functional/pv/pv_encryption/test_kmip_rbd_pv_encryption.py

@@ -18,6 +18,7 @@
     create_pods,
 )
 from ocs_ci.ocs import constants
+from ocs_ci.ocs.node import verify_crypt_device_present_onnode
 
 
 log = logging.getLogger(__name__)
@@ -105,12 +106,10 @@ def test_rbd_pv_encryption_kmip(
 
         # Verify whether encrypted device is present inside the pod and run IO
         for vol_handle, pod_obj in zip(vol_handles, pod_objs):
-            if pod_obj.exec_sh_cmd_on_pod(
-                command=f"lsblk | grep {vol_handle} | grep crypt"
-            ):
-                log.info(f"Encrypted device found in {pod_obj.name}")
-            else:
-                log.error(f"Encrypted device not found in {pod_obj.name}")
+            node = pod_obj.get_node()
+            assert verify_crypt_device_present_onnode(
+                node, vol_handle
+            ), f"Crypt devicve {vol_handle} not found on node:{node}"
 
             pod_obj.run_io(
                 storage_type="block",

tests/functional/pv/pv_encryption/test_rbd_pv_encryption.py

@@ -23,6 +23,7 @@
 )
 from ocs_ci.utility import kms
 from semantic_version import Version
+from ocs_ci.ocs.node import verify_crypt_device_present_onnode
 
 
 log = logging.getLogger(__name__)
@@ -163,12 +164,10 @@ def test_rbd_pv_encryption(
 
         # Verify whether encrypted device is present inside the pod and run IO
         for vol_handle, pod_obj in zip(vol_handles, pod_objs):
-            if pod_obj.exec_sh_cmd_on_pod(
-                command=f"lsblk | grep {vol_handle} | grep crypt"
-            ):
-                log.info(f"Encrypted device found in {pod_obj.name}")
-            else:
-                log.error(f"Encrypted device not found in {pod_obj.name}")
+            node = pod_obj.get_node()
+            assert verify_crypt_device_present_onnode(
+                node, vol_handle
+            ), f"Crypt devicve {vol_handle} not found on node:{node}"
 
             pod_obj.run_io(
                 storage_type="block",

tests/functional/pv/pv_encryption/test_rbd_pv_encryption_vaulttenantsa.py

@@ -23,6 +23,7 @@
     ResourceNotFoundError,
 )
 from ocs_ci.utility import kms
+from ocs_ci.ocs.node import verify_crypt_device_present_onnode
 
 log = logging.getLogger(__name__)
 
@@ -150,14 +151,10 @@ def test_rbd_pv_encryption_vaulttenantsa(
 
         # Verify whether encrypted device is present inside the pod and run IO
         for vol_handle, pod_obj in zip(vol_handles, pod_objs):
-            if pod_obj.exec_sh_cmd_on_pod(
-                command=f"lsblk | grep {vol_handle} | grep crypt"
-            ):
-                log.info(f"Encrypted device found in {pod_obj.name}")
-            else:
-                raise ResourceNotFoundError(
-                    f"Encrypted device not found in {pod_obj.name}"
-                )
+            node = pod_obj.get_node()
+            assert verify_crypt_device_present_onnode(
+                node, vol_handle
+            ), f"Crypt devicve {vol_handle} not found on node:{node}"
 
             pod_obj.run_io(
                 storage_type="block",

tests/functional/ui/test_pv_encryption_ui.py

@@ -31,6 +31,7 @@
 from ocs_ci.utility.utils import get_vault_cli, get_ocp_version
 from ocs_ci.ocs import constants
 from ocs_ci.utility import version
+from ocs_ci.ocs.node import verify_crypt_device_present_onnode
 
 logger = logging.getLogger(__name__)
 
@@ -228,12 +229,10 @@ def test_for_encrypted_pv_ui(
             "Verify whether encrypted device is present inside the pod and run IO"
         )
         for vol_handle, pod_obj in zip(vol_handles, pod_objs):
-            if pod_obj.exec_sh_cmd_on_pod(
-                command=f"lsblk | grep {vol_handle} | grep crypt"
-            ):
-                logger.info(f"Encrypted device found in {pod_obj.name}")
-            else:
-                logger.error(f"Encrypted device not found in {pod_obj.name}")
+            node = pod_obj.get_node()
+            assert verify_crypt_device_present_onnode(
+                node, vol_handle
+            ), f"Crypt devicve {vol_handle} not found on node:{node}"
 
             logger.info(f"Running FIO on Pod '{pod_obj.name}'")
             pod_obj.run_io(