tests/*/luks: add blackbox tests for luks

Fixes #1554

Author: prestist

tests/negative/luks/creation.go

@@ -0,0 +1,58 @@
+// Copyright 2023 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package luks
+
+import (
+	"github.com/coreos/ignition/v2/tests/register"
+	"github.com/coreos/ignition/v2/tests/types"
+)
+
+func init() {
+	register.Register(register.NegativeTest, LuksOnNonExtDevice())
+}
+
+func LuksOnNonExtDevice() types.Test {
+	name := "tang.filesystem.luks.encrypt"
+	in := types.GetBaseDisk()
+	out := types.GetBaseDisk()
+	mntDevices := []types.MntDevice{
+		{
+			Label:        "EFI-SYSTEM",
+			Substitution: "$DEVICE",
+		},
+	}
+	config := `{
+		"ignition": { "version": "$version" },
+		"storage": {
+		  "luks": [
+			{
+			  "device": "$DEVICE",
+			  "name": "$UUID",
+			  "wipe_volume": true
+			}
+		  ]
+		}
+	}`
+	configMinVersion := "3.2.0"
+
+	return types.Test{
+		Name:             name,
+		In:               in,
+		Out:              out,
+		MntDevices:       mntDevices,
+		Config:           config,
+		ConfigMinVersion: configMinVersion,
+	}
+}

tests/positive/luks/creation.go

@@ -0,0 +1,131 @@
+// Copyright 2023 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package luks
+
+import (
+	"github.com/coreos/ignition/v2/tests/register"
+	"github.com/coreos/ignition/v2/tests/types"
+)
+
+func init() {
+	register.Register(register.PositiveTest, LuksWithStaticKey())
+	register.Register(register.PositiveTest, LuksWithTPM())
+
+}
+
+func LuksWithStaticKey() types.Test {
+	name := "static.filesystem.luks.encrypt"
+	in := types.GetBaseDisk()
+	out := types.GetBaseDisk()
+	mntDevices := []types.MntDevice{
+		{
+			Label:        "OEM",
+			Substitution: "$DEVICE",
+		},
+	}
+	config := `{
+		"ignition": { "version": "$version" },
+		"storage": {
+		  "disks": [
+			{
+			  "device": "$DEVICE",
+			  "partitions": [
+				{
+					"label": "luks-device",
+					"sizeMiB": 0,
+					"startMiB": 0
+				}
+				],
+				"wipe_table": true
+			}
+		  ],
+		  "luks": [
+			{
+			  "device": "$DEVICE",
+			  "name": "$UUID",
+			  "keyFile": {
+				"compression": "",
+				"source": "data:,REPLACE-THIS-WITH-YOUR-KEY-MATERIAL"
+			  },
+			  "wipe_volume": true
+			}
+		  ]
+		}
+	}`
+	configMinVersion := "3.2.0"
+	in[0].Partitions.GetPartition("OEM").FilesystemType = "ext4"
+	out[0].Partitions.GetPartition("OEM").FilesystemType = "crypto_LUKS"
+
+	return types.Test{
+		Name:             name,
+		In:               in,
+		Out:              out,
+		MntDevices:       mntDevices,
+		Config:           config,
+		ConfigMinVersion: configMinVersion,
+	}
+}
+
+func LuksWithTPM() types.Test {
+	name := "tpm.filesystem.luks.encrypt"
+	in := types.GetBaseDisk()
+	out := types.GetBaseDisk()
+	mntDevices := []types.MntDevice{
+		{
+			Label:        "OEM",
+			Substitution: "$DEVICE",
+		},
+	}
+	config := `{
+		"ignition": { "version": "$version" },
+		"storage": {
+		  "disks": [
+			{
+			  "device": "$DEVICE",
+			  "partitions": [
+				{
+					"label": "luks-device",
+					"sizeMiB": 0,
+					"startMiB": 0
+				}
+				],
+				"wipe_table": true
+			}
+		  ],
+		  "luks": [
+			{
+			  "clevis": {
+				"tpm2": true
+			  },	
+			  "device": "$DEVICE",
+			  "name": "$UUID",
+			  "wipe_volume": true
+			}
+		  ]
+		}
+	}`
+	configMinVersion := "3.2.0"
+	in[0].Partitions.GetPartition("OEM").FilesystemType = "ext4"
+	out[0].Partitions.GetPartition("OEM").FilesystemType = "crypto_LUKS"
+
+	return types.Test{
+		Name:             name,
+		In:               in,
+		Out:              out,
+		MntDevices:       mntDevices,
+		Config:           config,
+		ConfigMinVersion: configMinVersion,
+	}
+}

tests/registry/registry.go

@@ -19,6 +19,7 @@ import (
 	_ "github.com/coreos/ignition/v2/tests/negative/files"
 	_ "github.com/coreos/ignition/v2/tests/negative/filesystems"
 	_ "github.com/coreos/ignition/v2/tests/negative/general"
+	_ "github.com/coreos/ignition/v2/tests/negative/luks"
 	_ "github.com/coreos/ignition/v2/tests/negative/partitions"
 	_ "github.com/coreos/ignition/v2/tests/negative/proxy"
 	_ "github.com/coreos/ignition/v2/tests/negative/regression"
@@ -27,6 +28,7 @@ import (
 	_ "github.com/coreos/ignition/v2/tests/positive/files"
 	_ "github.com/coreos/ignition/v2/tests/positive/filesystems"
 	_ "github.com/coreos/ignition/v2/tests/positive/general"
+	_ "github.com/coreos/ignition/v2/tests/positive/luks"
 	_ "github.com/coreos/ignition/v2/tests/positive/partitions"
 	_ "github.com/coreos/ignition/v2/tests/positive/passwd"
 	_ "github.com/coreos/ignition/v2/tests/positive/proxy"