fix issues with SC KMS flow

frontend/packages/ceph-storage-plugin/integration-tests-cypress/views/storage-class.ts

@@ -13,7 +13,7 @@ const configureKms = () => {
  // save
  cy.byTestID('confirm-action').click();
  cy.byTestID('save-action').click();
- cy.byTestID('edit-kms-link').contains('Change connection details');
+ cy.byTestID('kms-connection-dropdown').should('contain', 'vault');
 };
 
 export const createStorageClass = (scName: string, poolName?: string, encrypted?: boolean) => {

frontend/packages/ceph-storage-plugin/locales/en/ceph-storage-plugin.json

@@ -422,6 +422,7 @@
  "Please enter a valid port": "Please enter a valid port",
  "Key Management Service Provider": "Key Management Service Provider",
  "kms-provider-name": "kms-provider-name",
+ "A unique name for the key management service within the project.": "A unique name for the key management service within the project.",
  "Address": "Address",
  "Port": "Port",
  "Token": "Token",
@@ -594,17 +595,12 @@
  "Storage pool into which volume data shall be stored": "Storage pool into which volume data shall be stored",
  "Error retrieving Parameters": "Error retrieving Parameters",
  "my-storage-pool": "my-storage-pool",
- "Change connection details": "Change connection details",
- "Vault Enterprise Namespace:": "Vault Enterprise Namespace:",
- "Key management service name:": "Key management service name:",
- "Provider:": "Provider:",
- "Address and Port:": "Address and Port:",
- "CA certificate:": "CA certificate:",
- "Provided": "Provided",
+ "An encryption key will be generated for each PersistentVolume created using this StorageClass.": "An encryption key will be generated for each PersistentVolume created using this StorageClass.",
+ "Select an existing connection": "Select an existing connection",
  "KMS service {{value}} already exist": "KMS service {{value}} already exist",
- "An encryption key will be generated for each persistent volume created using this StorageClass.": "An encryption key will be generated for each persistent volume created using this StorageClass.",
+ "Choose existing KMS connection": "Choose existing KMS connection",
+ "Create new KMS connection": "Create new KMS connection",
  "PV expansion operation is not supported for encrypted PVs.": "PV expansion operation is not supported for encrypted PVs.",
- "The last saved values will be updated": "The last saved values will be updated",
  "Enable Thick Provisioning": "Enable Thick Provisioning",
  "By enabling thick-provisioning, volumes will allocate the requested capacity upon volume creation. Volume creation will be slower when thick-provisioning is enabled.": "By enabling thick-provisioning, volumes will allocate the requested capacity upon volume creation. Volume creation will be slower when thick-provisioning is enabled.",
  "OpenShift Data Foundation": "OpenShift Data Foundation",

frontend/packages/ceph-storage-plugin/src/components/kms-config/kms-config.tsx

@@ -22,7 +22,6 @@ import { InternalClusterState, ActionType } from '../ocs-install/internal-mode/r
 import { KMSProviders } from '../../constants';
 import { KMSConfig } from '../../types';
 import { State } from '../ocs-install/attached-devices-mode/reducer';
-import { StorageClassState } from '../../utils/kms-encryption';
 import { WizardState } from '../create-storage-system/reducer';
 
 import './kms-config.scss';
@@ -145,6 +144,10 @@ export const KMSConfigure: React.FC<KMSConfigureProps> = ({ state, dispatch, mod
  className={`${className}__form-body`}
  helperTextInvalid="This is a required field"
  validated={isValid(kms.name.valid)}
+ helperText={
+ !mode &&
+ t('ceph-storage-plugin~A unique name for the key management service within the project.')
+ }
  isRequired
  >
  <TextInput
@@ -250,7 +253,7 @@ export const KMSConfigure: React.FC<KMSConfigureProps> = ({ state, dispatch, mod
 };
 
 type KMSConfigureProps = {
- state: InternalClusterState | State | StorageClassState | WizardState['securityAndNetwork'];
+ state: InternalClusterState | State | WizardState['securityAndNetwork'];
  dispatch: EncryptionDispatch;
  mode?: string;
  className: string;

frontend/packages/ceph-storage-plugin/src/components/kms-config/utils.tsx

@@ -13,7 +13,6 @@ import {
 import { Action } from '../ocs-install/attached-devices-mode/reducer';
 import { InternalClusterAction } from '../ocs-install/internal-mode/reducer';
 import { KMSConfig, KMSConfigMap } from '../../types';
-import { StorageClassClusterAction } from '../../utils/kms-encryption';
 import { CreateStorageSystemAction } from '../create-storage-system/reducer';
 
 export const parseURL = (url: string) => {
@@ -66,28 +65,20 @@ export const generateClientKeySecret = (clientKey: string) => ({
  },
 });
 
-export const createKmsResources = (kms: KMSConfig, update = false, previousData?: any) => {
- let tokenSecret: SecretKind;
- if (kms.token) {
- tokenSecret = {
- apiVersion: SecretModel.apiVersion,
- kind: SecretModel.kind,
- metadata: {
- name: KMSSecretName,
- namespace: CEPH_STORAGE_NAMESPACE,
- },
- stringData: {
- token: kms.token.value,
- },
- };
- }
+export const createAdvancedKmsResources = (kms: KMSConfig) => {
+ const advancedKmsResources: Promise<K8sResourceKind>[] = [];
 
- const resources: Promise<K8sResourceKind>[] = [];
+ if (kms.caCert) advancedKmsResources.push(k8sCreate(SecretModel, kms.caCert));
+ if (kms.clientCert) advancedKmsResources.push(k8sCreate(SecretModel, kms.clientCert));
+ if (kms.clientKey) advancedKmsResources.push(k8sCreate(SecretModel, kms.clientKey));
 
- const parsedAddress = parseURL(kms.address.value);
+ return advancedKmsResources;
+};
 
- const configData: KMSConfigMap = {
- KMS_PROVIDER: 'vault',
+export const createCsiKmsResources = (kms: KMSConfig, update: boolean = false) => {
+ const parsedAddress = parseURL(kms.address.value);
+ const csiConfigData: KMSConfigMap = {
+ KMS_PROVIDER: 'vaulttokens',
  KMS_SERVICE_NAME: kms.name.value,
  VAULT_ADDR: `${`${parsedAddress.protocol}//${parsedAddress.hostname}`}:${kms.port.value}`,
  VAULT_BACKEND_PATH: kms.backend,
@@ -96,22 +87,63 @@ export const createKmsResources = (kms: KMSConfig, update = false, previousData?
  VAULT_CLIENT_CERT: kms.clientCert?.metadata.name,
  VAULT_CLIENT_KEY: kms.clientKey?.metadata.name,
  VAULT_NAMESPACE: kms.providerNamespace,
+ VAULT_TOKEN_NAME: kms.token.value ? KMSSecretName : '',
+ VAULT_CACERT_FILE: kms.caCertFile,
+ VAULT_CLIENT_CERT_FILE: kms.clientCertFile,
+ VAULT_CLIENT_KEY_FILE: kms.clientKeyFile,
  };
 
- const configMapObj: ConfigMapKind = {
+ const csiConfigObj: ConfigMapKind = {
  apiVersion: ConfigMapModel.apiVersion,
  kind: ConfigMapModel.kind,
  data: {
- ...configData,
+ [`${kms.name.value}`]: JSON.stringify(csiConfigData),
  },
  metadata: {
- name: KMSConfigMapName,
+ name: KMSConfigMapCSIName,
  namespace: CEPH_STORAGE_NAMESPACE,
  },
  };
 
- const csiConfigData: KMSConfigMap = {
- KMS_PROVIDER: 'vaulttokens',
+ const csiKmsResources: Promise<K8sResourceKind>[] =
+ /** kms.token.value === "" if we are calling this function from StorageClass KMS flow.
+ * Hence, we need to createAdvancedKmsResources, else it is already created if calling from OCS wizard flow.
+ */
+ kms.token.value ? [] : createAdvancedKmsResources(kms);
+
+ if (update) {
+ const cmPatch = [
+ {
+ op: 'replace',
+ path: `/data/${kms.name.value}`,
+ value: JSON.stringify(csiConfigData),
+ },
+ ];
+ csiKmsResources.push(k8sPatch(ConfigMapModel, csiConfigObj, cmPatch));
+ } else {
+ csiKmsResources.push(k8sCreate(ConfigMapModel, csiConfigObj));
+ }
+
+ return csiKmsResources;
+};
+
+export const createClusterKmsResources = (kms: KMSConfig) => {
+ const parsedAddress = parseURL(kms.address.value);
+
+ const tokenSecret: SecretKind = {
+ apiVersion: SecretModel.apiVersion,
+ kind: SecretModel.kind,
+ metadata: {
+ name: KMSSecretName,
+ namespace: CEPH_STORAGE_NAMESPACE,
+ },
+ stringData: {
+ token: kms.token.value,
+ },
+ };
+
+ const configData: KMSConfigMap = {
+ KMS_PROVIDER: 'vault',
  KMS_SERVICE_NAME: kms.name.value,
  VAULT_ADDR: `${`${parsedAddress.protocol}//${parsedAddress.hostname}`}:${kms.port.value}`,
  VAULT_BACKEND_PATH: kms.backend,
@@ -120,57 +152,29 @@ export const createKmsResources = (kms: KMSConfig, update = false, previousData?
  VAULT_CLIENT_CERT: kms.clientCert?.metadata.name,
  VAULT_CLIENT_KEY: kms.clientKey?.metadata.name,
  VAULT_NAMESPACE: kms.providerNamespace,
- VAULT_TOKEN_NAME: KMSSecretName,
- VAULT_CACERT_FILE: kms.caCertFile,
- VAULT_CLIENT_CERT_FILE: kms.clientCertFile,
- VAULT_CLIENT_KEY_FILE: kms.clientKeyFile,
  };
 
- const csiConfigObj: ConfigMapKind = {
+ const configMapObj: ConfigMapKind = {
  apiVersion: ConfigMapModel.apiVersion,
  kind: ConfigMapModel.kind,
  data: {
- [`1-${kms.name.value}`]: JSON.stringify(csiConfigData),
+ ...configData,
  },
  metadata: {
- name: KMSConfigMapCSIName,
+ name: KMSConfigMapName,
  namespace: CEPH_STORAGE_NAMESPACE,
  },
  };
 
- if (kms.caCert) {
- resources.push(k8sCreate(SecretModel, kms.caCert));
- }
-
- if (kms.clientCert) {
- resources.push(k8sCreate(SecretModel, kms.clientCert));
- }
-
- if (kms.clientKey) {
- resources.push(k8sCreate(SecretModel, kms.clientKey));
- }
-
- if (update) {
- const patchValue = Object.keys(previousData).length + 1;
- const cmPatch = [
- {
- op: 'replace',
- path: `/data/${patchValue}-${kms.name.value}`,
- value: JSON.stringify(csiConfigData),
- },
- ];
- resources.push(k8sPatch(ConfigMapModel, csiConfigObj, cmPatch));
- } else {
- resources.push(k8sCreate(SecretModel, tokenSecret));
- resources.push(k8sCreate(ConfigMapModel, configMapObj));
- resources.push(k8sCreate(ConfigMapModel, csiConfigObj));
- }
+ const clusterKmsResources: Promise<K8sResourceKind>[] = createAdvancedKmsResources(kms);
+ clusterKmsResources.push(k8sCreate(SecretModel, tokenSecret));
+ clusterKmsResources.push(k8sCreate(ConfigMapModel, configMapObj));
 
- return resources;
+ return [...clusterKmsResources, ...createCsiKmsResources(kms)];
 };
 
 export type EncryptionDispatch = React.Dispatch<
- Action | InternalClusterAction | StorageClassClusterAction | CreateStorageSystemAction
+ Action | InternalClusterAction | CreateStorageSystemAction
 >;
 
 export const setEncryptionDispatch = (

frontend/packages/ceph-storage-plugin/src/components/modals/advanced-kms-modal/advanced-kms-modal.tsx

@@ -24,7 +24,6 @@ import {
  generateClientKeySecret,
  EncryptionDispatch,
 } from '../../kms-config/utils';
-import { StorageClassState } from '../../../utils/kms-encryption';
 import './advanced-kms-modal.scss';
 import { WizardState } from '../../create-storage-system/reducer';
 
@@ -255,7 +254,7 @@ export const AdvancedKMSModal = withHandlePromise((props: AdvancedKMSModalProps)
 });
 
 export type AdvancedKMSModalProps = {
- state: InternalClusterState | State | StorageClassState | WizardState['securityAndNetwork'];
+ state: InternalClusterState | State | WizardState['securityAndNetwork'];
  dispatch: EncryptionDispatch;
  mode?: string;
 } & HandlePromiseProps &

frontend/packages/ceph-storage-plugin/src/components/ocs-install/attached-devices-mode/install-wizard.tsx

@@ -44,7 +44,7 @@ import { StorageClusterKind, NetworkType, NavUtils } from '../../../types';
 import { getOCSRequestData, labelNodes, labelOCSNamespace } from '../ocs-request-data';
 import { OCSServiceModel } from '../../../models';
 import { OCS_CONVERGED_FLAG, OCS_INDEPENDENT_FLAG, OCS_FLAG } from '../../../features';
-import { createKmsResources } from '../../kms-config/utils';
+import { createClusterKmsResources } from '../../kms-config/utils';
 import '../install-wizard/install-wizard.scss';
 import './attached-devices.scss';
 
@@ -87,7 +87,7 @@ const createCluster = async (
  );
  const promises: Promise<K8sResourceKind>[] = [...labelNodes(nodes), labelOCSNamespace()];
  if (encryption.advanced && kms.hasHandled) {
- promises.push(...createKmsResources(kms));
+ promises.push(...createClusterKmsResources(kms));
  }
  if (enableTaint) {
  promises.push(...taintNodes(nodes));

frontend/packages/ceph-storage-plugin/src/components/ocs-install/internal-mode/install-wizard.tsx

@@ -26,7 +26,7 @@ import { OCS_CONVERGED_FLAG, OCS_INDEPENDENT_FLAG, OCS_FLAG } from '../../../fea
 import { MODES, OCS_INTERNAL_CR_NAME, MINIMUM_NODES, CreateStepsSC } from '../../../constants';
 import { StorageClusterKind, NetworkType, NavUtils } from '../../../types';
 import { labelNodes, getOCSRequestData, labelOCSNamespace } from '../ocs-request-data';
-import { createKmsResources } from '../../kms-config/utils';
+import { createClusterKmsResources } from '../../kms-config/utils';
 import '../install-wizard/install-wizard.scss';
 
 const makeOCSRequest = (state: InternalClusterState): Promise<StorageClusterKind> => {
@@ -54,7 +54,7 @@ const makeOCSRequest = (state: InternalClusterState): Promise<StorageClusterKind
  );
  const promises: Promise<K8sResourceKind>[] = [...labelNodes(nodes), labelOCSNamespace()];
  if (encryption.advanced && kms.hasHandled) {
- promises.push(...createKmsResources(kms));
+ promises.push(...createClusterKmsResources(kms));
  }
  if (enableTaint) {
  promises.push(...taintNodes(nodes));

frontend/packages/ceph-storage-plugin/src/components/ocs-storage-class-form/ocs-storage-class-form.scss

@@ -37,10 +37,18 @@
  &__help-block {
  display: inline !important; //To override bootstrap help-block
  }
-}
 
-.ocs-storageClass-encryption__form-checkbox {
- .pf-c-check__description {
- margin-bottom: var(--pf-global--spacer--md);
+ &__form-checkbox {
+ .pf-c-check__description {
+ margin-bottom: var(--pf-global--spacer--md);
+ }
+ }
+
+ &__form-radio {
+ margin-bottom: var(--pf-global--spacer--md) !important;
+ }
+
+ &__form--padding {
+ padding-left: var(--pf-global--spacer--md) !important;
  }
 }