From c67c33a5a8ebe057284d54e67096612e7d99b456 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Han?= <seb@redhat.com>
Date: Wed, 29 Sep 2021 15:59:18 +0200
Subject: [PATCH] ceph: do not fail on keys deletion
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Prior, we were returning a nil map and thus the assignment for forced
deletion was not working since we were trying to assign on a nil map.

Signed-off-by: Sébastien Han <seb@redhat.com>
(cherry picked from commit 2e73baf4f590cad7626fb9763b46dfe8a541c6b2)
---
 pkg/daemon/ceph/osd/kms/vault.go      |  2 +-
 pkg/daemon/ceph/osd/kms/vault_test.go | 24 ++++++++++++++++++++++++
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/pkg/daemon/ceph/osd/kms/vault.go b/pkg/daemon/ceph/osd/kms/vault.go
index 5948c2fe3d8b..2c27a3c77f83 100644
--- a/pkg/daemon/ceph/osd/kms/vault.go
+++ b/pkg/daemon/ceph/osd/kms/vault.go
@@ -183,7 +183,7 @@ func buildKeyContext(config map[string]string) map[string]string {
 	keyContext := map[string]string{secrets.KeyVaultNamespace: config[api.EnvVaultNamespace]}
 	vaultNamespace, ok := config[api.EnvVaultNamespace]
 	if !ok || vaultNamespace == "" {
-		keyContext = nil
+		keyContext = map[string]string{}
 	}
 
 	return keyContext
diff --git a/pkg/daemon/ceph/osd/kms/vault_test.go b/pkg/daemon/ceph/osd/kms/vault_test.go
index c7c8e1ffac40..043462f52edc 100644
--- a/pkg/daemon/ceph/osd/kms/vault_test.go
+++ b/pkg/daemon/ceph/osd/kms/vault_test.go
@@ -157,3 +157,27 @@ func Test_configTLS(t *testing.T) {
 	assert.NotEqual(t, "vault-client-cert", config["VAULT_CLIENT_CERT"])
 	assert.NotEqual(t, "vault-client-key", config["VAULT_CLIENT_KEY"])
 }
+
+func Test_buildKeyContext(t *testing.T) {
+	t.Run("no vault namespace, return empty map and assignment is possible", func(t *testing.T) {
+		config := map[string]string{
+			"KMS_PROVIDER": "vault",
+			"VAULT_ADDR":   "1.1.1.1",
+		}
+		context := buildKeyContext(config)
+		assert.Len(t, context, 0)
+		context["foo"] = "bar"
+	})
+
+	t.Run("vault namespace, return 1 single element in the map and assignment is possible", func(t *testing.T) {
+		config := map[string]string{
+			"KMS_PROVIDER":    "vault",
+			"VAULT_ADDR":      "1.1.1.1",
+			"VAULT_NAMESPACE": "vault-namespace",
+		}
+		context := buildKeyContext(config)
+		assert.Len(t, context, 1)
+		context["foo"] = "bar"
+		assert.Len(t, context, 2)
+	})
+}