rbd: support file encrypted snapshots

Support fscrypt on RBD snapshots

Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
This commit is contained in:
Marcel Lauhoff 2022-08-04 17:52:36 +02:00 committed by mergify[bot]
parent 82d92aab4a
commit 3e3af4da18
2 changed files with 17 additions and 3 deletions

View File

@ -1024,10 +1024,17 @@ func genSnapFromSnapID(
rbdSnap, err)
}
if imageAttributes.KmsID != "" {
if imageAttributes.KmsID != "" && imageAttributes.EncryptionType == util.EncryptionTypeBlock {
err = rbdSnap.configureBlockEncryption(imageAttributes.KmsID, secrets)
if err != nil {
return fmt.Errorf("failed to configure encryption for "+
return fmt.Errorf("failed to configure block encryption for "+
"%q: %w", rbdSnap, err)
}
}
if imageAttributes.KmsID != "" && imageAttributes.EncryptionType == util.EncryptionTypeFile {
err = rbdSnap.configureFileEncryption(imageAttributes.KmsID, secrets)
if err != nil {
return fmt.Errorf("failed to configure file encryption for "+
"%q: %w", rbdSnap, err)
}
}
@ -1119,12 +1126,18 @@ func generateVolumeFromVolumeID(
rbdVol.ImageID = imageAttributes.ImageID
rbdVol.Owner = imageAttributes.Owner
if imageAttributes.KmsID != "" {
if imageAttributes.KmsID != "" && imageAttributes.EncryptionType == util.EncryptionTypeBlock {
err = rbdVol.configureBlockEncryption(imageAttributes.KmsID, secrets)
if err != nil {
return rbdVol, err
}
}
if imageAttributes.KmsID != "" && imageAttributes.EncryptionType == util.EncryptionTypeFile {
err = rbdVol.configureFileEncryption(imageAttributes.KmsID, secrets)
if err != nil {
return rbdVol, err
}
}
// convert the journal pool ID to name, for use in DeleteVolume cases
if imageAttributes.JournalPoolID >= 0 {
rbdVol.JournalPool, err = util.GetPoolName(rbdVol.Monitors, cr, imageAttributes.JournalPoolID)

View File

@ -112,6 +112,7 @@ func generateVolFromSnap(rbdSnap *rbdSnapshot) *rbdVolume {
// snapshot will have the same volumeID which cases the panic in
// copyEncryptionConfig function.
vol.blockEncryption = rbdSnap.blockEncryption
vol.fileEncryption = rbdSnap.fileEncryption
return vol
}