rbd: do not read pvc namespace from volume attributes

Below are the 3 different cases where we need the PVC namespace for encryption * CreateVolume:- Read the namespace from the createVolume parameters and store it in the omap * NodeStage:- Read the namespace from the omap not from the volumeContext * Regenerate:- Read the pvc namespace from the claimRef not from the volumeAttributes. Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2025-06-14 02:43:36 +00:00 · 2022-03-15 18:28:02 +05:30
parent 77011fbc61
commit 8c5e414d53
6 changed files with 39 additions and 24 deletions
--- a/internal/rbd/encryption.go
+++ b/internal/rbd/encryption.go
@ -265,22 +265,14 @@ func (ri *rbdImage) initKMS(ctx context.Context, volOptions, credentials map[str
 }

 // ParseEncryptionOpts returns kmsID and sets Owner attribute.
-func (ri *rbdImage) ParseEncryptionOpts(ctx context.Context, volOptions map[string]string) (string, error) {
+func (ri *rbdImage) ParseEncryptionOpts(
+	ctx context.Context,
+	volOptions map[string]string) (string, error) {
 	var (
 		err              error
 		ok               bool
 		encrypted, kmsID string
 	)
-
-	// if the KMS is of type VaultToken, additional metadata is needed
-	// depending on the tenant, the KMS can be configured with other
-	// options
-	// FIXME: this works only on Kubernetes, how do other CO supply metadata?
-	ri.Owner, ok = volOptions["csi.storage.k8s.io/pvc/namespace"]
-	if !ok {
-		log.DebugLog(ctx, "could not detect owner for %s", ri)
-	}
-
 	encrypted, ok = volOptions["encrypted"]
 	if !ok {
 		return "", nil