mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-09 16:00:22 +00:00
rbd: fail fast in create volume for missmatch encryption
CreateVolume will fail in below cases
* If the snapshot is encrypted and requested volume
is not encrypted
* If the snapshot is not encrypted and requested
volume is encrypted
* If the parent volume is encrypted and requested volume
is not encrypted
* If the parent volume is not encrypted and requested
volume is encrypted
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
(cherry picked from commit 7b5c78ec7c
)
This commit is contained in:
parent
a0ca713d79
commit
f11722a472
@ -210,6 +210,27 @@ func validateRequestedVolumeSize(rbdVol, parentVol *rbdVolume, rbdSnap *rbdSnaps
|
||||
return nil
|
||||
}
|
||||
|
||||
func checkValidCreateVolumeRequest(rbdVol, parentVol *rbdVolume, rbdSnap *rbdSnapshot, cr *util.Credentials) error {
|
||||
err := validateRequestedVolumeSize(rbdVol, parentVol, rbdSnap, cr)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
switch {
|
||||
case rbdSnap != nil:
|
||||
err = rbdSnap.isCompatibleEncryption(&rbdVol.rbdImage)
|
||||
if err != nil {
|
||||
return status.Errorf(codes.InvalidArgument, "cannot restore from snapshot %s: %s", rbdSnap, err.Error())
|
||||
}
|
||||
case parentVol != nil:
|
||||
err = parentVol.isCompatibleEncryption(&rbdVol.rbdImage)
|
||||
if err != nil {
|
||||
return status.Errorf(codes.InvalidArgument, "cannot clone from volume %s: %s", parentVol, err.Error())
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// CreateVolume creates the volume in backend.
|
||||
func (cs *ControllerServer) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest) (*csi.CreateVolumeResponse, error) {
|
||||
if err := cs.validateVolumeReq(ctx, req); err != nil {
|
||||
@ -254,7 +275,7 @@ func (cs *ControllerServer) CreateVolume(ctx context.Context, req *csi.CreateVol
|
||||
return cs.repairExistingVolume(ctx, req, cr, rbdVol, rbdSnap)
|
||||
}
|
||||
|
||||
err = validateRequestedVolumeSize(rbdVol, parentVol, rbdSnap, cr)
|
||||
err = checkValidCreateVolumeRequest(rbdVol, parentVol, rbdSnap, cr)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -1528,3 +1528,15 @@ func (rv *rbdVolume) getOrigSnapName(snapID uint64) (string, error) {
|
||||
|
||||
return origSnapName, nil
|
||||
}
|
||||
|
||||
func (ri *rbdImage) isCompatibleEncryption(dst *rbdImage) error {
|
||||
switch {
|
||||
case ri.isEncrypted() && !dst.isEncrypted():
|
||||
return fmt.Errorf("encrypted volume %q does not match unencrypted volume %q", ri, dst)
|
||||
|
||||
case !ri.isEncrypted() && dst.isEncrypted():
|
||||
return fmt.Errorf("unencrypted volume %q does not match encrypted volume %q", ri, dst)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user