From 59b7a261754d8b4af4fbf63e2794bca08329c421 Mon Sep 17 00:00:00 2001
From: Rakshith R <rar@redhat.com>
Date: Tue, 28 Sep 2021 10:36:20 +0530
Subject: [PATCH] rbd: modify copyEncryptionConfig to accept copyOnlyPassphrase
 arg

During PVC snapshot/clone both kms config and passphrase needs to copied,
while for PVC restore only passphrase needs to be copied to dest rbdvol
since destination storageclass may have another kms config.

Signed-off-by: Rakshith R <rar@redhat.com>
---
 internal/rbd/clone.go            |  2 +-
 internal/rbd/controllerserver.go |  4 ++--
 internal/rbd/encryption.go       | 16 +++++++++++-----
 internal/rbd/rbd_journal.go      |  2 +-
 internal/rbd/rbd_util.go         |  2 +-
 5 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/internal/rbd/clone.go b/internal/rbd/clone.go
index 68fc34b3f..3b91e47be 100644
--- a/internal/rbd/clone.go
+++ b/internal/rbd/clone.go
@@ -161,7 +161,7 @@ func (rv *rbdVolume) createCloneFromImage(ctx context.Context, parentVol *rbdVol
 	}
 
 	if parentVol.isEncrypted() {
-		err = parentVol.copyEncryptionConfig(&rv.rbdImage)
+		err = parentVol.copyEncryptionConfig(&rv.rbdImage, false)
 		if err != nil {
 			return fmt.Errorf("failed to copy encryption config for %q: %w", rv, err)
 		}
diff --git a/internal/rbd/controllerserver.go b/internal/rbd/controllerserver.go
index 0cc6c2e2e..8dd8e77d0 100644
--- a/internal/rbd/controllerserver.go
+++ b/internal/rbd/controllerserver.go
@@ -1105,7 +1105,7 @@ func cloneFromSnapshot(
 	defer vol.Destroy()
 
 	if rbdVol.isEncrypted() {
-		err = rbdVol.copyEncryptionConfig(&vol.rbdImage)
+		err = rbdVol.copyEncryptionConfig(&vol.rbdImage, false)
 		if err != nil {
 			return nil, status.Error(codes.Internal, err.Error())
 		}
@@ -1224,7 +1224,7 @@ func (cs *ControllerServer) doSnapshotClone(
 	}()
 
 	if parentVol.isEncrypted() {
-		cryptErr := parentVol.copyEncryptionConfig(&cloneRbd.rbdImage)
+		cryptErr := parentVol.copyEncryptionConfig(&cloneRbd.rbdImage, false)
 		if cryptErr != nil {
 			log.WarningLog(ctx, "failed copy encryption "+
 				"config for %q: %v", cloneRbd, cryptErr)
diff --git a/internal/rbd/encryption.go b/internal/rbd/encryption.go
index c28aa532c..217fe4cfd 100644
--- a/internal/rbd/encryption.go
+++ b/internal/rbd/encryption.go
@@ -123,7 +123,11 @@ func (ri *rbdImage) setupEncryption(ctx context.Context) error {
 // rbdImage to the passed argument. This function re-encrypts the passphrase
 // from the original, so that both encrypted passphrases (potentially, depends
 // on the DEKStore) have different contents.
-func (ri *rbdImage) copyEncryptionConfig(cp *rbdImage) error {
+// When copyOnlyPassphrase is set to true, only the passphrase is copied to the
+// destination rbdImage's VolumeEncryption object which needs to be initialized
+// beforehand and is possibly different from the source VolumeEncryption
+// (Usecase: Restoring snapshot into a storageclass with different encryption config).
+func (ri *rbdImage) copyEncryptionConfig(cp *rbdImage, copyOnlyPassphrase bool) error {
 	if ri.VolID == cp.VolID {
 		return fmt.Errorf("BUG: %q and %q have the same VolID (%s) "+
 			"set!? Call stack: %s", ri, cp, ri.VolID, util.CallStack())
@@ -136,9 +140,11 @@ func (ri *rbdImage) copyEncryptionConfig(cp *rbdImage) error {
 			ri, err)
 	}
 
-	cp.encryption, err = util.NewVolumeEncryption(ri.encryption.GetID(), ri.encryption.KMS)
-	if errors.Is(err, util.ErrDEKStoreNeeded) {
-		cp.encryption.SetDEKStore(cp)
+	if !copyOnlyPassphrase {
+		cp.encryption, err = util.NewVolumeEncryption(ri.encryption.GetID(), ri.encryption.KMS)
+		if errors.Is(err, util.ErrDEKStoreNeeded) {
+			cp.encryption.SetDEKStore(cp)
+		}
 	}
 
 	// re-encrypt the plain passphrase for the cloned volume
@@ -178,7 +184,7 @@ func (ri *rbdImage) repairEncryptionConfig(dest *rbdImage) error {
 			dest.conn = ri.conn.Copy()
 		}
 
-		return ri.copyEncryptionConfig(dest)
+		return ri.copyEncryptionConfig(dest, false)
 	}
 
 	return nil
diff --git a/internal/rbd/rbd_journal.go b/internal/rbd/rbd_journal.go
index a61257d77..5e8cc1f7a 100644
--- a/internal/rbd/rbd_journal.go
+++ b/internal/rbd/rbd_journal.go
@@ -334,7 +334,7 @@ func (rv *rbdVolume) Exists(ctx context.Context, parentVol *rbdVolume) (bool, er
 	}
 
 	if parentVol != nil && parentVol.isEncrypted() {
-		err = parentVol.copyEncryptionConfig(&rv.rbdImage)
+		err = parentVol.copyEncryptionConfig(&rv.rbdImage, false)
 		if err != nil {
 			log.ErrorLog(ctx, err.Error())
 
diff --git a/internal/rbd/rbd_util.go b/internal/rbd/rbd_util.go
index 07defa2e1..0cc663c54 100644
--- a/internal/rbd/rbd_util.go
+++ b/internal/rbd/rbd_util.go
@@ -1400,7 +1400,7 @@ func (rv *rbdVolume) cloneRbdImageFromSnapshot(
 	if pSnapOpts.isEncrypted() {
 		pSnapOpts.conn = rv.conn.Copy()
 
-		err = pSnapOpts.copyEncryptionConfig(&rv.rbdImage)
+		err = pSnapOpts.copyEncryptionConfig(&rv.rbdImage, true)
 		if err != nil {
 			return fmt.Errorf("failed to clone encryption config: %w", err)
 		}