Bug 1974806

Summary: Error for PV encryption using encryptionKMSType "vault"
Product: [Red Hat Storage] Red Hat OpenShift Container Storage Reporter: mdipalma
Component: csi-driverAssignee: Humble Chirammal <hchiramm>
Status: CLOSED DUPLICATE QA Contact: Elad <ebenahar>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 4.7CC: etamir, madam, ocs-bugs
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-06-22 15:31:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description mdipalma 2021-06-22 15:13:30 UTC 
Description of problem (please be detailed as possible and provide log
snippests):
When configuring PV encryption with an external kms, 2 types (encryptionKMSType) are available - vaulttokens and vault. When using the "vault" encryption KMS type the follow error is returned:

invalid encryption kms configuration: unknown encryption KMS type

The "vault" encryption KMS type should be available. https://github.com/openshift/ceph-csi/blob/release-4.7/internal/util/crypto.go#L166


Version of all relevant components (if applicable):
ODF 4.7.x

Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)?
Yes, serviceaccount authentication to an external Vault kms is broken.

Is there any workaround available to the best of your knowledge?
No

Rate from 1 - 5 the complexity of the scenario you performed that caused this
bug (1 - very simple, 5 - very complex)?
5 

Can this issue reproducible?
Yes

Can this issue reproduce from the UI?
Yes

If this is a regression, please provide more details to justify this:


Steps to Reproduce:
1. https://github.com/ceph/ceph-csi/blob/devel/docs/design/proposals/encrypted-pvc.md
2. https://github.com/ceph/ceph-csi/blob/devel/examples/kms/vault/csi-kms-connection-details.yaml
3. Create a storageclass with encryption enabled 
4. Create PVC using the encrypted storage class
5. Watch for errors

Actual results:
PVC is pending with error: invalid encryption kms configuration: unknown encryption KMS type

Expected results:
Bound PVC

Additional info:
Comment 1 Eran Tamir 2021-06-22 15:31:38 UTC 

*** This bug has been marked as a duplicate of bug 1974800 ***