Merge pull request openshift#2191 from ardaguclu/fix-e2e-kms

NO-JIRA: Set required KMSConfig in e2e tests for KMS mode

Author: openshift-merge-bot[bot]

test/library/encryption/helpers.go

@@ -24,6 +24,7 @@ import (
 	configv1client "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1"
 
 	"github.com/openshift/library-go/test/library"
+	"github.com/openshift/library-go/test/library/encryption/kms"
 )
 
 var (
@@ -66,6 +67,7 @@ func SetAndWaitForEncryptionType(t testing.TB, encryptionType configv1.Encryptio
 	if needsUpdate {
 		t.Logf("Updating encryption type in the config file for APIServer to %q", encryptionType)
 		apiServer.Spec.Encryption.Type = encryptionType
+		apiServer.Spec.Encryption.KMS = defaultTestKMSConfig(encryptionType)
 		_, err = clientSet.ApiServerConfig.Update(context.TODO(), apiServer, metav1.UpdateOptions{})
 		require.NoError(t, err)
 	} else {
@@ -338,3 +340,23 @@ func setUpTearDown(namespace string) func(testing.TB, bool) {
 		}
 	}
 }
+
+func defaultTestKMSConfig(encryptionType configv1.EncryptionType) *configv1.KMSConfig {
+	if encryptionType != configv1.EncryptionTypeKMS {
+		return nil
+	}
+	return &configv1.KMSConfig{
+		Type: configv1.VaultKMSProvider,
+		Vault: configv1.VaultKMSConfig{
+			KMSPluginImage: kms.WellKnownUpstreamMockKMSPluginImage,
+			VaultAddress:   "https://vault.example.com",
+			Authentication: configv1.VaultAuthentication{
+				Type: configv1.VaultAuthenticationTypeAppRole,
+				AppRole: configv1.VaultAppRoleAuthentication{
+					Secret: configv1.VaultSecretReference{Name: "vault-approle-secret"},
+				},
+			},
+			TransitKey: "test-transit-key",
+		},
+	}
+}