From 8650538b78b5eda0c73a5884d53f6d3d5b5b6329 Mon Sep 17 00:00:00 2001
From: Rakshith R <rar@redhat.com>
Date: Tue, 11 Oct 2022 12:18:20 +0530
Subject: [PATCH] rbd: setup encryption if rbdVol exits during CreateVol

This commit adds code to setup encryption on a rbdVol
being repaired in a followup CreateVolume request.
This is fixes a bug wherein encryption metadata may not
have been set in previous request due to container restart.

Fixes: #3402

Signed-off-by: Rakshith R <rar@redhat.com>
---
 internal/rbd/controllerserver.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/internal/rbd/controllerserver.go b/internal/rbd/controllerserver.go
index 0ed109ae4..efa324407 100644
--- a/internal/rbd/controllerserver.go
+++ b/internal/rbd/controllerserver.go
@@ -508,6 +508,15 @@ func (cs *ControllerServer) repairExistingVolume(ctx context.Context, req *csi.C
 
 			return nil, err
 		}
+
+	default:
+		// setup encryption again to make sure everything is in place.
+		if rbdVol.isBlockEncrypted() {
+			err := rbdVol.setupBlockEncryption(ctx)
+			if err != nil {
+				return nil, fmt.Errorf("failed to setup encryption for image %s: %w", rbdVol, err)
+			}
+		}
 	}
 
 	// Set metadata on restart of provisioner pod when image exist