Merge pull request #8868 from leseb/fix-crash-kms-deletion

ceph: do not fail on keys deletion
rook · Sep 29, 2021 · 85612b1 · 85612b1
2 parents 804500f + 2e73baf
commit 85612b1
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 1 deletion.
diff --git a/pkg/daemon/ceph/osd/kms/vault.go b/pkg/daemon/ceph/osd/kms/vault.go
@@ -183,7 +183,7 @@ func buildKeyContext(config map[string]string) map[string]string {
 	keyContext := map[string]string{secrets.KeyVaultNamespace: config[api.EnvVaultNamespace]}
 	vaultNamespace, ok := config[api.EnvVaultNamespace]
 	if !ok || vaultNamespace == "" {
-		keyContext = nil
+		keyContext = map[string]string{}
 	}
 
 	return keyContext

diff --git a/pkg/daemon/ceph/osd/kms/vault_test.go b/pkg/daemon/ceph/osd/kms/vault_test.go
@@ -157,3 +157,27 @@ func Test_configTLS(t *testing.T) {
 	assert.NotEqual(t, "vault-client-cert", config["VAULT_CLIENT_CERT"])
 	assert.NotEqual(t, "vault-client-key", config["VAULT_CLIENT_KEY"])
 }
+
+func Test_buildKeyContext(t *testing.T) {
+	t.Run("no vault namespace, return empty map and assignment is possible", func(t *testing.T) {
+		config := map[string]string{
+			"KMS_PROVIDER": "vault",
+			"VAULT_ADDR":   "1.1.1.1",
+		}
+		context := buildKeyContext(config)
+		assert.Len(t, context, 0)
+		context["foo"] = "bar"
+	})
+
+	t.Run("vault namespace, return 1 single element in the map and assignment is possible", func(t *testing.T) {
+		config := map[string]string{
+			"KMS_PROVIDER":    "vault",
+			"VAULT_ADDR":      "1.1.1.1",
+			"VAULT_NAMESPACE": "vault-namespace",
+		}
+		context := buildKeyContext(config)
+		assert.Len(t, context, 1)
+		context["foo"] = "bar"
+		assert.Len(t, context, 2)
+	})
+}