1 files changed, 64 insertions, 0 deletions
diff --git a/tests/unittests/test_commands_block_meta.py b/tests/unittests/test_commands_block_meta.py
index 1a1f65d6..9d7d0f3d 100644
--- a/tests/unittests/test_commands_block_meta.py
+++ b/tests/unittests/test_commands_block_meta.py
@@ -2198,6 +2198,70 @@ class TestDmCryptHandler(CiTestCase):
         self.m_subp.assert_has_calls(expected_calls)
         self.assertEqual(len(util.load_file(self.crypttab).splitlines()), 1)
 
+    def test_dm_crypt_zkey_cryptsetup_with_recovery_key(self):
+        """ verify dm_crypt zkey calls generates and run before crypt open."""
+
+        # zkey binary is present
+        self.m_block.zkey_supported.return_value = True
+        self.m_which.return_value = "/my/path/to/zkey"
+        volume_path = self.random_string()
+        self.m_getpath.return_value = volume_path
+        volume_byid = "/dev/disk/by-id/ccw-%s" % volume_path
+        self.m_block.disk_to_byid_path.return_value = volume_byid
+
+        recovery_keyfile = self.random_string()
+
+        config = {
+            'storage': {
+                'version': 1,
+                'config': [
+                    {'grub_device': True,
+                     'id': 'sda',
+                     'name': 'sda',
+                     'path': '/wark/xxx',
+                     'ptable': 'msdos',
+                     'type': 'disk',
+                     'wipe': 'superblock'},
+                    {'device': 'sda',
+                     'id': 'sda-part1',
+                     'name': 'sda-part1',
+                     'number': 1,
+                     'size': '511705088B',
+                     'type': 'partition'},
+                    {'id': 'dmcrypt0',
+                     'type': 'dm_crypt',
+                     'dm_name': 'cryptroot',
+                     'volume': 'sda-part1',
+                     'cipher': self.cipher,
+                     'keysize': self.keysize,
+                     'keyfile': self.keyfile,
+                     'recovery_keyfile': recovery_keyfile},
+                ],
+            }
+        }
+        storage_config = block_meta.extract_storage_ordered_dict(config)
+
+        info = storage_config['dmcrypt0']
+
+        volume_name = "%s:%s" % (volume_byid, info['dm_name'])
+        block_meta.dm_crypt_handler(info, storage_config, empty_context)
+        expected_calls = [
+            call(['zkey', 'generate', '--xts', '--volume-type', 'luks2',
+                  '--sector-size', '4096', '--name', info['dm_name'],
+                  '--description',
+                  'curtin generated zkey for %s' % volume_name,
+                  '--volumes', volume_name], capture=True),
+            call(['zkey', 'cryptsetup', '--run', '--volumes', volume_byid,
+                  '--batch-mode', '--key-file', self.keyfile], capture=True),
+            call(['cryptsetup', 'luksAddKey',
+                  '--key-file', self.keyfile,
+                  volume_path, recovery_keyfile]),
+            call(['cryptsetup', 'open', '--type', 'luks2', volume_path,
+                  info['dm_name'], '--key-file', self.keyfile]),
+        ]
+        self.m_subp.assert_has_calls(expected_calls)
+        self.assertEqual(len(util.load_file(self.crypttab).splitlines()), 1)
+
     def test_dm_crypt_zkey_gen_failure_fallback_to_cryptsetup(self):
         """ verify dm_cyrpt zkey generate err falls back cryptsetup format. """