mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2024-11-22 14:20:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

rbd: support file encrypted snapshots

Browse Source 
Support fscrypt on RBD snapshots

Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
This commit is contained in:
Marcel Lauhoff 2022-08-04 17:52:36 +02:00 committed by mergify[bot]
parent 82d92aab4a
commit 3e3af4da18
2 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
internal/rbd/rbd_util.go
View File

@ -1024,10 +1024,17 @@ func genSnapFromSnapID(
rbdSnap, err) rbdSnap, err)
} }
if imageAttributes.KmsID != "" { if imageAttributes.KmsID != "" && imageAttributes.EncryptionType == util.EncryptionTypeBlock {
err = rbdSnap.configureBlockEncryption(imageAttributes.KmsID, secrets) err = rbdSnap.configureBlockEncryption(imageAttributes.KmsID, secrets)
if err != nil { if err != nil {
return fmt.Errorf("failed to configure encryption for "+ return fmt.Errorf("failed to configure block encryption for "+
"%q: %w", rbdSnap, err)
}
}
if imageAttributes.KmsID != "" && imageAttributes.EncryptionType == util.EncryptionTypeFile {
err = rbdSnap.configureFileEncryption(imageAttributes.KmsID, secrets)
if err != nil {
return fmt.Errorf("failed to configure file encryption for "+
"%q: %w", rbdSnap, err) "%q: %w", rbdSnap, err)
} }
} }
@ -1119,12 +1126,18 @@ func generateVolumeFromVolumeID(
rbdVol.ImageID = imageAttributes.ImageID rbdVol.ImageID = imageAttributes.ImageID
rbdVol.Owner = imageAttributes.Owner rbdVol.Owner = imageAttributes.Owner
if imageAttributes.KmsID != "" { if imageAttributes.KmsID != "" && imageAttributes.EncryptionType == util.EncryptionTypeBlock {
err = rbdVol.configureBlockEncryption(imageAttributes.KmsID, secrets) err = rbdVol.configureBlockEncryption(imageAttributes.KmsID, secrets)
if err != nil { if err != nil {
return rbdVol, err return rbdVol, err
} }
} }
if imageAttributes.KmsID != "" && imageAttributes.EncryptionType == util.EncryptionTypeFile {
err = rbdVol.configureFileEncryption(imageAttributes.KmsID, secrets)
if err != nil {
return rbdVol, err
}
}
// convert the journal pool ID to name, for use in DeleteVolume cases // convert the journal pool ID to name, for use in DeleteVolume cases
if imageAttributes.JournalPoolID >= 0 { if imageAttributes.JournalPoolID >= 0 {
rbdVol.JournalPool, err = util.GetPoolName(rbdVol.Monitors, cr, imageAttributes.JournalPoolID) rbdVol.JournalPool, err = util.GetPoolName(rbdVol.Monitors, cr, imageAttributes.JournalPoolID)

1
internal/rbd/snapshot.go
View File

@ -112,6 +112,7 @@ func generateVolFromSnap(rbdSnap *rbdSnapshot) *rbdVolume {
// snapshot will have the same volumeID which cases the panic in // snapshot will have the same volumeID which cases the panic in
// copyEncryptionConfig function. // copyEncryptionConfig function.
vol.blockEncryption = rbdSnap.blockEncryption vol.blockEncryption = rbdSnap.blockEncryption
vol.fileEncryption = rbdSnap.fileEncryption
return vol return vol
} }