Skip to content

Enable encryption in backup operator test #2355

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Enable encryption in backup operator test #2355

wants to merge 1 commit into from

Conversation

akankshamahajan15
Copy link

Description

Enable encryption in backup operator test.

Type of change

  • New feature (non-breaking change which adds functionality)

Discussion

Testing

CLEANUP=false NAMESPACE=ak make -C e2e test_operator_backups.run

Documentation

Follow-up

@akankshamahajan15
Copy link
Author

akankshamahajan15 commented Aug 22, 2025
edited
Loading

The backup test is failing because of #2332

In order to test encryption changes, I reverted that PR locally and tested encryption changes.

@foundationdb-ci
Copy link
Contributor

Result of fdb-kubernetes-operator-pr on Linux RHEL 9

  • Commit ID: 8e290a8
  • Duration 0:03:09
  • Result: ❌ FAILED
  • Error: git checkout failed with exit status 128: fatal: unable to read tree (8e290a86d787f9f551536508b9dbda27e5a9dbdb) for primary source and source version 8e290a86d787f9f551536508b9dbda27e5a9dbdb
  • Build Log terminal output (available for 30 days)
  • Build Workspace zip file of the working directory (available for 30 days)

@foundationdb-ci
Copy link
Contributor

Result of fdb-kubernetes-operator-pr on Linux RHEL 9

  • Commit ID: 421ed56
  • Duration 2:28:07
  • Result: ✅ SUCCEEDED
  • Error: N/A
  • Build Log terminal output (available for 30 days)
  • Build Workspace zip file of the working directory (available for 30 days)

johscheuer
johscheuer requested changes Sep 1, 2025
View reviewed changes
e2e/fixtures/fdb_backup.go
@@ -73,6 +73,7 @@ func (factory *Factory) CreateBackupForCluster(
AllowTagOverride: ptr.To(true),
ClusterName: fdbCluster.Name(),
Version: fdbVersion.String(),
EncryptionKeyPath: "/tmp/encryption-key/key.bin",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This means all tests will be running with encryption enabled. I would prefer having an option in the FdbBackupConfiguration to enabled encryption if wanted.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the review! I'm new to this repo so didn't know exactly where to add the encryption key logic.
I will check the FdbBackupConfiguration and update the logic there.

e2e/test_operator_backups/operator_backup_test.go
@@ -68,6 +68,8 @@ var _ = BeforeSuite(func() {

// Create a blobstore for testing backups and restore
factory.CreateBlobstoreIfAbsent(fdbCluster.Namespace())

// Note: Encryption key secret is automatically created during namespace setup
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there anything we should change in the e2e test case to ensure we test backups with and without encryption (and also validate that the backup is actually encrypted)?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a great point.
I'm trying to add a file - metadata that contains if backup is encrypted or not.
After that we can check that metadata file has encryption enabled in the test and
if encryption is enabled and restore works then that can give us a some kind of gurantee.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also I'm trying to change this test to include both encryption and without encryption test.

@johscheuer
Copy link
Member

The backup test is failing because of #2332

In order to test encryption changes, I reverted that PR locally and tested encryption changes.

I would be surprised, the newly added test case was not running 🤔

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@johscheuer johscheuer johscheuer requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@akankshamahajan15 @foundationdb-ci @johscheuer