tests: Adapt trusted ephemeral storage test

With the new CDH version, the LUKS header is moved off of the disk
into guest memory. We hence adapt the test's filesystem type checks.

Signed-off-by: Manuel Huber <manuelh@nvidia.com>

tests/integration/kubernetes/k8s-trusted-ephemeral-data-storage.bats

@@ -19,6 +19,8 @@ setup() {
     mountpoint="/mnt/temp-encrypted"
 
     host_df="$(exec_host "${node}" df -PT -B1 "$(get_kubelet_data_dir)" | tail -n +2)"
+    info "host_df output:"
+    info "${host_df}"
     host_cap_bytes="$(echo "${host_df}" | awk '{print $3}')"
 
     yaml_file="${pod_config_dir}/pod-trusted-ephemeral-data-storage.yaml"
@@ -36,7 +38,7 @@ setup() {
 
     # With long device names, df adds line breaks by default, so we pass -P to prevent that.
     emptydir_df="$(kubectl exec "${pod_name}" -- df -PT -B1 "${mountpoint}" | tail -n +2)"
-    info "df output:"
+    info "emptydir_df output:"
     info "${emptydir_df}"
 
     dm_device="$(echo "${emptydir_df}" | awk '{print $1}')"
@@ -46,17 +48,18 @@ setup() {
 
     # The output of the cryptsetup command will contain something like this:
     #
-    #   /dev/mapper/encrypted_disk_N6PxO is active and is in use.
-    #     type:    LUKS2
-    #     cipher:  aes-xts-plain64
+    #   /dev/mapper/741ed4bf-3073-49ed-9b7a-d6fa7cce0db1 is active and is in use.
+    #     type:    n/a
+    #     cipher:  aes-xts-plain
     #     keysize: 768 bits
     #     key location: keyring
     #     integrity: hmac(sha256)
     #     integrity keysize: 256 bits
-    #     device:  /dev/vda
+    #     integrity tag size: 32 bytes
+    #     device:  /dev/sdd
     #     sector size:  4096
     #     offset:  0 sectors
-    #     size:    2031880 sectors
+    #     size:    300052568 sectors
     #     mode:    read/write
     crypt_status="$(kubectl exec "${pod_name}" -- cryptsetup status "${dm_device}")"
     info "cryptsetup status output:"
@@ -65,16 +68,15 @@ setup() {
     # Check filesystem type and capacity.
 
     [[ "${fs_type}" == "ext4" ]]
-    # Allow up to 7% LUKS metadata overhead.
-    (( emptydir_cap_bytes >= host_cap_bytes * 93 / 100 ))
-    # Allow up to 15% LUKS + ext4 metadata overhead.
-    (( emptydir_avail_bytes >= host_cap_bytes * 85 / 100 ))
+    # Allow up to 4% metadata overhead.
+    (( emptydir_cap_bytes >= host_cap_bytes * 96 / 100 ))
+    # Allow up to 10% metadata overhead.
+    (( emptydir_avail_bytes >= host_cap_bytes * 90 / 100 ))
 
     # Check encryption settings.
-
     grep -q "${dm_device} is active and is in use" <<< "${crypt_status}"
-    grep -Eq "type: +LUKS2" <<< "${crypt_status}"
-    grep -Eq "cipher: +aes-xts-plain64" <<< "${crypt_status}"
+    grep -Eq "type: +n/a" <<< "${crypt_status}" # The LUKS header is detached.
+    grep -Eq "cipher: +aes-xts-plain" <<< "${crypt_status}"
     grep -Eq "integrity: +hmac\(sha256\)" <<< "${crypt_status}"
 
     # Check I/O.