mirror of
https://github.com/ceph/ceph-csi.git
synced 2025-06-13 02:33:34 +00:00
cleanup: refactor functions to accept a context parameter
Signed-off-by: Praveen M <m.praveen@ibm.com>
This commit is contained in:
Praveen M
mergify[bot]
@ -155,7 +155,7 @@ func (rv *rbdVolume) createCloneFromImage(ctx context.Context, parentVol *rbdVol
|
||||
return err
|
||||
}
|
||||
|
||||
err = parentVol.copyEncryptionConfig(&rv.rbdImage, true)
|
||||
err = parentVol.copyEncryptionConfig(ctx, &rv.rbdImage, true)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to copy encryption config for %q: %w", rv, err)
|
||||
}
|
||||
@ -232,7 +232,7 @@ func (rv *rbdVolume) doSnapClone(ctx context.Context, parentVol *rbdVolume) erro
|
||||
return errClone
|
||||
}
|
||||
|
||||
err = parentVol.copyEncryptionConfig(&rv.rbdImage, true)
|
||||
err = parentVol.copyEncryptionConfig(ctx, &rv.rbdImage, true)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to copy encryption config for %q: %w", rv, err)
|
||||
}
|
||||
|
||||
@ -191,7 +191,7 @@ func (cs *ControllerServer) parseVolCreateRequest(
|
||||
// get the owner of the PVC which is required for few encryption related operations
|
||||
rbdVol.Owner = k8s.GetOwner(req.GetParameters())
|
||||
|
||||
err = rbdVol.initKMS(req.GetParameters(), req.GetSecrets())
|
||||
err = rbdVol.initKMS(ctx, req.GetParameters(), req.GetSecrets())
|
||||
if err != nil {
|
||||
return nil, status.Error(codes.InvalidArgument, err.Error())
|
||||
}
|
||||
@ -486,7 +486,7 @@ func (cs *ControllerServer) repairExistingVolume(ctx context.Context, req *csi.C
|
||||
return nil, err
|
||||
}
|
||||
|
||||
err = rbdSnap.repairEncryptionConfig(&rbdVol.rbdImage)
|
||||
err = rbdSnap.repairEncryptionConfig(ctx, &rbdVol.rbdImage)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -677,7 +677,7 @@ func (cs *ControllerServer) createVolumeFromSnapshot(
|
||||
|
||||
log.DebugLog(ctx, "create volume %s from snapshot %s", rbdVol, rbdSnap)
|
||||
|
||||
err = parentVol.copyEncryptionConfig(&rbdVol.rbdImage, true)
|
||||
err = parentVol.copyEncryptionConfig(ctx, &rbdVol.rbdImage, true)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to copy encryption config for %q: %w", rbdVol, err)
|
||||
}
|
||||
@ -1229,7 +1229,7 @@ func cloneFromSnapshot(
|
||||
}
|
||||
defer vol.Destroy()
|
||||
|
||||
err = rbdVol.copyEncryptionConfig(&vol.rbdImage, false)
|
||||
err = rbdVol.copyEncryptionConfig(ctx, &vol.rbdImage, false)
|
||||
if err != nil {
|
||||
return nil, status.Error(codes.Internal, err.Error())
|
||||
}
|
||||
@ -1332,7 +1332,7 @@ func (cs *ControllerServer) doSnapshotClone(
|
||||
}
|
||||
}()
|
||||
|
||||
err = parentVol.copyEncryptionConfig(&cloneRbd.rbdImage, false)
|
||||
err = parentVol.copyEncryptionConfig(ctx, &cloneRbd.rbdImage, false)
|
||||
if err != nil {
|
||||
log.ErrorLog(ctx, "failed to copy encryption "+
|
||||
"config for %q: %v", cloneRbd, err)
|
||||
|
||||
@ -116,7 +116,7 @@ func IsFileEncrypted(ctx context.Context, volOptions map[string]string) (bool, e
|
||||
// - the Data-Encryption-Key (DEK) will be generated stored for use by the KMS;
|
||||
// - the RBD image will be marked to support encryption in its metadata.
|
||||
func (ri *rbdImage) setupBlockEncryption(ctx context.Context) error {
|
||||
err := ri.blockEncryption.StoreNewCryptoPassphrase(ri.VolID, encryptionPassphraseSize)
|
||||
err := ri.blockEncryption.StoreNewCryptoPassphrase(ctx, ri.VolID, encryptionPassphraseSize)
|
||||
if err != nil {
|
||||
log.ErrorLog(ctx, "failed to save encryption passphrase for "+
|
||||
"image %s: %s", ri, err)
|
||||
@ -144,7 +144,7 @@ func (ri *rbdImage) setupBlockEncryption(ctx context.Context) error {
|
||||
// destination rbdImage's VolumeEncryption object which needs to be initialized
|
||||
// beforehand and is possibly different from the source VolumeEncryption
|
||||
// (Usecase: Restoring snapshot into a storageclass with different encryption config).
|
||||
func (ri *rbdImage) copyEncryptionConfig(cp *rbdImage, copyOnlyPassphrase bool) error {
|
||||
func (ri *rbdImage) copyEncryptionConfig(ctx context.Context, cp *rbdImage, copyOnlyPassphrase bool) error {
|
||||
// nothing to do if parent image is not encrypted.
|
||||
if !ri.isBlockEncrypted() && !ri.isFileEncrypted() {
|
||||
return nil
|
||||
@ -157,7 +157,7 @@ func (ri *rbdImage) copyEncryptionConfig(cp *rbdImage, copyOnlyPassphrase bool)
|
||||
|
||||
if ri.isBlockEncrypted() {
|
||||
// get the unencrypted passphrase
|
||||
passphrase, err := ri.blockEncryption.GetCryptoPassphrase(ri.VolID)
|
||||
passphrase, err := ri.blockEncryption.GetCryptoPassphrase(ctx, ri.VolID)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to fetch passphrase for %q: %w",
|
||||
ri, err)
|
||||
@ -171,7 +171,7 @@ func (ri *rbdImage) copyEncryptionConfig(cp *rbdImage, copyOnlyPassphrase bool)
|
||||
}
|
||||
|
||||
// re-encrypt the plain passphrase for the cloned volume
|
||||
err = cp.blockEncryption.StoreCryptoPassphrase(cp.VolID, passphrase)
|
||||
err = cp.blockEncryption.StoreCryptoPassphrase(ctx, cp.VolID, passphrase)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to store passphrase for %q: %w",
|
||||
cp, err)
|
||||
@ -182,7 +182,7 @@ func (ri *rbdImage) copyEncryptionConfig(cp *rbdImage, copyOnlyPassphrase bool)
|
||||
var err error
|
||||
cp.fileEncryption, err = util.NewVolumeEncryption(ri.fileEncryption.GetID(), ri.fileEncryption.KMS)
|
||||
if errors.Is(err, util.ErrDEKStoreNeeded) {
|
||||
_, err := ri.fileEncryption.KMS.GetSecret("")
|
||||
_, err := ri.fileEncryption.KMS.GetSecret(ctx, "")
|
||||
if errors.Is(err, kmsapi.ErrGetSecretUnsupported) {
|
||||
return err
|
||||
}
|
||||
@ -191,14 +191,14 @@ func (ri *rbdImage) copyEncryptionConfig(cp *rbdImage, copyOnlyPassphrase bool)
|
||||
|
||||
if ri.isFileEncrypted() && ri.fileEncryption.KMS.RequiresDEKStore() == kmsapi.DEKStoreIntegrated {
|
||||
// get the unencrypted passphrase
|
||||
passphrase, err := ri.fileEncryption.GetCryptoPassphrase(ri.VolID)
|
||||
passphrase, err := ri.fileEncryption.GetCryptoPassphrase(ctx, ri.VolID)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to fetch passphrase for %q: %w",
|
||||
ri, err)
|
||||
}
|
||||
|
||||
// re-encrypt the plain passphrase for the cloned volume
|
||||
err = cp.fileEncryption.StoreCryptoPassphrase(cp.VolID, passphrase)
|
||||
err = cp.fileEncryption.StoreCryptoPassphrase(ctx, cp.VolID, passphrase)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to store passphrase for %q: %w",
|
||||
cp, err)
|
||||
@ -223,7 +223,7 @@ func (ri *rbdImage) copyEncryptionConfig(cp *rbdImage, copyOnlyPassphrase bool)
|
||||
|
||||
// repairEncryptionConfig checks the encryption state of the current rbdImage,
|
||||
// and makes sure that the destination rbdImage has the same configuration.
|
||||
func (ri *rbdImage) repairEncryptionConfig(dest *rbdImage) error {
|
||||
func (ri *rbdImage) repairEncryptionConfig(ctx context.Context, dest *rbdImage) error {
|
||||
if !ri.isBlockEncrypted() && !ri.isFileEncrypted() {
|
||||
return nil
|
||||
}
|
||||
@ -236,14 +236,14 @@ func (ri *rbdImage) repairEncryptionConfig(dest *rbdImage) error {
|
||||
dest.conn = ri.conn.Copy()
|
||||
}
|
||||
|
||||
return ri.copyEncryptionConfig(dest, true)
|
||||
return ri.copyEncryptionConfig(ctx, dest, true)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (ri *rbdImage) encryptDevice(ctx context.Context, devicePath string) error {
|
||||
passphrase, err := ri.blockEncryption.GetCryptoPassphrase(ri.VolID)
|
||||
passphrase, err := ri.blockEncryption.GetCryptoPassphrase(ctx, ri.VolID)
|
||||
if err != nil {
|
||||
log.ErrorLog(ctx, "failed to get crypto passphrase for %s: %v",
|
||||
ri, err)
|
||||
@ -269,7 +269,7 @@ func (ri *rbdImage) encryptDevice(ctx context.Context, devicePath string) error
|
||||
}
|
||||
|
||||
func (rv *rbdVolume) openEncryptedDevice(ctx context.Context, devicePath string) (string, error) {
|
||||
passphrase, err := rv.blockEncryption.GetCryptoPassphrase(rv.VolID)
|
||||
passphrase, err := rv.blockEncryption.GetCryptoPassphrase(ctx, rv.VolID)
|
||||
if err != nil {
|
||||
log.ErrorLog(ctx, "failed to get passphrase for encrypted device %s: %v",
|
||||
rv, err)
|
||||
@ -300,7 +300,7 @@ func (rv *rbdVolume) openEncryptedDevice(ctx context.Context, devicePath string)
|
||||
return mapperFilePath, nil
|
||||
}
|
||||
|
||||
func (ri *rbdImage) initKMS(volOptions, credentials map[string]string) error {
|
||||
func (ri *rbdImage) initKMS(ctx context.Context, volOptions, credentials map[string]string) error {
|
||||
kmsID, encType, err := ParseEncryptionOpts(volOptions, rbdDefaultEncryptionType)
|
||||
if err != nil {
|
||||
return err
|
||||
@ -310,7 +310,7 @@ func (ri *rbdImage) initKMS(volOptions, credentials map[string]string) error {
|
||||
case util.EncryptionTypeBlock:
|
||||
err = ri.configureBlockEncryption(kmsID, credentials)
|
||||
case util.EncryptionTypeFile:
|
||||
err = ri.configureFileEncryption(kmsID, credentials)
|
||||
err = ri.configureFileEncryption(ctx, kmsID, credentials)
|
||||
case util.EncryptionTypeInvalid:
|
||||
return fmt.Errorf("invalid encryption type")
|
||||
case util.EncryptionTypeNone:
|
||||
@ -376,7 +376,7 @@ func (ri *rbdImage) configureBlockEncryption(kmsID string, credentials map[strin
|
||||
|
||||
// configureBlockDeviceEncryption sets up the VolumeEncryption for this rbdImage. Once
|
||||
// configured, use isEncrypted() to see if the volume supports encryption.
|
||||
func (ri *rbdImage) configureFileEncryption(kmsID string, credentials map[string]string) error {
|
||||
func (ri *rbdImage) configureFileEncryption(ctx context.Context, kmsID string, credentials map[string]string) error {
|
||||
kms, err := kmsapi.GetKMS(ri.Owner, kmsID, credentials)
|
||||
if err != nil {
|
||||
return err
|
||||
@ -390,7 +390,7 @@ func (ri *rbdImage) configureFileEncryption(kmsID string, credentials map[string
|
||||
// store. Since not all "metadata" KMS support
|
||||
// GetSecret, test for support here. Postpone any
|
||||
// other error handling
|
||||
_, err := ri.fileEncryption.KMS.GetSecret("")
|
||||
_, err := ri.fileEncryption.KMS.GetSecret(ctx, "")
|
||||
if errors.Is(err, kmsapi.ErrGetSecretUnsupported) {
|
||||
return err
|
||||
}
|
||||
@ -400,7 +400,7 @@ func (ri *rbdImage) configureFileEncryption(kmsID string, credentials map[string
|
||||
}
|
||||
|
||||
// StoreDEK saves the DEK in the metadata, overwrites any existing contents.
|
||||
func (ri *rbdImage) StoreDEK(volumeID, dek string) error {
|
||||
func (ri *rbdImage) StoreDEK(ctx context.Context, volumeID, dek string) error {
|
||||
if ri.VolID == "" {
|
||||
return fmt.Errorf("BUG: %q does not have VolID set, call "+
|
||||
"stack: %s", ri, util.CallStack())
|
||||
@ -413,7 +413,7 @@ func (ri *rbdImage) StoreDEK(volumeID, dek string) error {
|
||||
}
|
||||
|
||||
// FetchDEK reads the DEK from the image metadata.
|
||||
func (ri *rbdImage) FetchDEK(volumeID string) (string, error) {
|
||||
func (ri *rbdImage) FetchDEK(ctx context.Context, volumeID string) (string, error) {
|
||||
if ri.VolID == "" {
|
||||
return "", fmt.Errorf("BUG: %q does not have VolID set, call "+
|
||||
"stack: %s", ri, util.CallStack())
|
||||
@ -426,7 +426,7 @@ func (ri *rbdImage) FetchDEK(volumeID string) (string, error) {
|
||||
|
||||
// RemoveDEK does not need to remove the DEK from the metadata, the image is
|
||||
// most likely getting removed.
|
||||
func (ri *rbdImage) RemoveDEK(volumeID string) error {
|
||||
func (ri *rbdImage) RemoveDEK(ctx context.Context, volumeID string) error {
|
||||
if ri.VolID == "" {
|
||||
return fmt.Errorf("BUG: %q does not have VolID set, call "+
|
||||
"stack: %s", ri, util.CallStack())
|
||||
|
||||
@ -232,7 +232,7 @@ func (ns *NodeServer) populateRbdVol(
|
||||
return nil, status.Error(codes.Internal, err.Error())
|
||||
}
|
||||
|
||||
err = rv.initKMS(req.GetVolumeContext(), req.GetSecrets())
|
||||
err = rv.initKMS(ctx, req.GetVolumeContext(), req.GetSecrets())
|
||||
if err != nil {
|
||||
return nil, status.Error(codes.Internal, err.Error())
|
||||
}
|
||||
|
||||
@ -334,7 +334,7 @@ func (rv *rbdVolume) Exists(ctx context.Context, parentVol *rbdVolume) (bool, er
|
||||
}
|
||||
|
||||
if parentVol != nil {
|
||||
err = parentVol.copyEncryptionConfig(&rv.rbdImage, true)
|
||||
err = parentVol.copyEncryptionConfig(ctx, &rv.rbdImage, true)
|
||||
if err != nil {
|
||||
log.ErrorLog(ctx, err.Error())
|
||||
|
||||
|
||||
@ -635,14 +635,14 @@ func (ri *rbdImage) deleteImage(ctx context.Context) error {
|
||||
|
||||
if ri.isBlockEncrypted() {
|
||||
log.DebugLog(ctx, "rbd: going to remove DEK for %q (block encryption)", ri)
|
||||
if err = ri.blockEncryption.RemoveDEK(ri.VolID); err != nil {
|
||||
if err = ri.blockEncryption.RemoveDEK(ctx, ri.VolID); err != nil {
|
||||
log.WarningLog(ctx, "failed to clean the passphrase for volume %s (block encryption): %s", ri.VolID, err)
|
||||
}
|
||||
}
|
||||
|
||||
if ri.isFileEncrypted() {
|
||||
log.DebugLog(ctx, "rbd: going to remove DEK for %q (file encryption)", ri)
|
||||
if err = ri.fileEncryption.RemoveDEK(ri.VolID); err != nil {
|
||||
if err = ri.fileEncryption.RemoveDEK(ctx, ri.VolID); err != nil {
|
||||
log.WarningLog(ctx, "failed to clean the passphrase for volume %s (file encryption): %s", ri.VolID, err)
|
||||
}
|
||||
}
|
||||
@ -1032,7 +1032,7 @@ func genSnapFromSnapID(
|
||||
}
|
||||
}
|
||||
if imageAttributes.KmsID != "" && imageAttributes.EncryptionType == util.EncryptionTypeFile {
|
||||
err = rbdSnap.configureFileEncryption(imageAttributes.KmsID, secrets)
|
||||
err = rbdSnap.configureFileEncryption(ctx, imageAttributes.KmsID, secrets)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to configure file encryption for "+
|
||||
"%q: %w", rbdSnap, err)
|
||||
@ -1133,7 +1133,7 @@ func generateVolumeFromVolumeID(
|
||||
}
|
||||
}
|
||||
if imageAttributes.KmsID != "" && imageAttributes.EncryptionType == util.EncryptionTypeFile {
|
||||
err = rbdVol.configureFileEncryption(imageAttributes.KmsID, secrets)
|
||||
err = rbdVol.configureFileEncryption(ctx, imageAttributes.KmsID, secrets)
|
||||
if err != nil {
|
||||
return rbdVol, err
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user