rbd: store csi.storage.k8s.io/pvc/namespace metadata as Owner

The Owner of an RBD image (Kubernetes Namespace, tenant) can be used to
identify additional configuration options. This will be used for
fetching the right Vault Token when encrypting/decrypting volumes.

Signed-off-by: Niels de Vos <ndevos@redhat.com>

internal/rbd/rbd_util.go

@@ -105,7 +105,9 @@ type rbdVolume struct {
 	readOnly            bool
 	Primary             bool
 	KMS                 util.EncryptionKMS
-	CreatedAt           *timestamp.Timestamp
+	// Owner is the creator (tenant, Kubernetes Namespace) of the volume.
+	Owner     string
+	CreatedAt *timestamp.Timestamp
 	// conn is a connection to the Ceph cluster obtained from a ConnPool
 	conn *util.ClusterConnection
 	// an opened IOContext, call .openIoctx() before using
@@ -734,6 +736,7 @@ func genVolFromVolID(ctx context.Context, volumeID string, cr *util.Credentials,
 	rbdVol.RbdImageName = imageAttributes.ImageName
 	rbdVol.ReservedID = vi.ObjectUUID
 	rbdVol.ImageID = imageAttributes.ImageID
+	rbdVol.Owner = imageAttributes.Owner
 
 	if imageAttributes.KmsID != "" {
 		rbdVol.Encrypted = true
@@ -813,6 +816,15 @@ func genVolFromVolumeOptions(ctx context.Context, volOptions, credentials map[st
 		rbdVol.Mounter = rbdDefaultMounter
 	}
 
+	// if the KMS is of type VaultToken, additional metadata is needed
+	// depending on the tenant, the KMS can be configured with other
+	// options
+	// FIXME: this works only on Kubernetes, how do other CO supply metadata?
+	rbdVol.Owner, ok = volOptions["csi.storage.k8s.io/pvc/namespace"]
+	if !ok {
+		util.DebugLog(ctx, "could not detect owner for %s", rbdVol.String())
+	}
+
 	rbdVol.Encrypted = false
 	encrypted, ok = volOptions["encrypted"]
 	if ok {