rbd: do not read pvc namespace from volume attributes

Below are the 3 different cases where we need the PVC namespace for encryption * CreateVolume:- Read the namespace from the createVolume parameters and store it in the omap * NodeStage:- Read the namespace from the omap not from the volumeContext * Regenerate:- Read the pvc namespace from the claimRef not from the volumeAttributes. Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2025-06-13 10:33:35 +00:00 · 2022-03-15 18:28:02 +05:30
parent 77011fbc61
commit 8c5e414d53
6 changed files with 39 additions and 24 deletions
--- a/internal/rbd/controllerserver.go
+++ b/internal/rbd/controllerserver.go
@ -124,13 +124,27 @@ func (cs *ControllerServer) parseVolCreateRequest(
 	rbdVol, err := genVolFromVolumeOptions(
 		ctx,
 		req.GetParameters(),
-		req.GetSecrets(),
 		isMultiWriter && isBlock,
 		false)
 	if err != nil {
 		return nil, status.Error(codes.InvalidArgument, err.Error())
 	}

+	// if the KMS is of type VaultToken, additional metadata is needed
+	// depending on the tenant, the KMS can be configured with other
+	// options
+	// FIXME: this works only on Kubernetes, how do other CO supply metadata?
+	// namespace is derived from the `csi.storage.k8s.io/pvc/namespace`
+	// parameter.
+
+	// get the owner of the PVC which is required for few encryption related operations
+	rbdVol.Owner = k8s.GetOwner(req.GetParameters())
+
+	err = rbdVol.initKMS(ctx, req.GetParameters(), req.GetSecrets())
+	if err != nil {
+		return nil, status.Error(codes.InvalidArgument, err.Error())
+	}
+
 	rbdVol.RequestName = req.GetName()

 	// Volume Size - Default is 1 GiB