mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-23 23:00:19 +00:00
rbd: fail fast in create volume for missmatch encryption
CreateVolume will fail in below cases
* If the snapshot is encrypted and requested volume
is not encrypted
* If the snapshot is not encrypted and requested
volume is encrypted
* If the parent volume is encrypted and requested volume
is not encrypted
* If the parent volume is not encrypted and requested
volume is encrypted
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
(cherry picked from commit 7b5c78ec7c
)
This commit is contained in:
parent
a0ca713d79
commit
f11722a472
@ -210,6 +210,27 @@ func validateRequestedVolumeSize(rbdVol, parentVol *rbdVolume, rbdSnap *rbdSnaps
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func checkValidCreateVolumeRequest(rbdVol, parentVol *rbdVolume, rbdSnap *rbdSnapshot, cr *util.Credentials) error {
|
||||||
|
err := validateRequestedVolumeSize(rbdVol, parentVol, rbdSnap, cr)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
switch {
|
||||||
|
case rbdSnap != nil:
|
||||||
|
err = rbdSnap.isCompatibleEncryption(&rbdVol.rbdImage)
|
||||||
|
if err != nil {
|
||||||
|
return status.Errorf(codes.InvalidArgument, "cannot restore from snapshot %s: %s", rbdSnap, err.Error())
|
||||||
|
}
|
||||||
|
case parentVol != nil:
|
||||||
|
err = parentVol.isCompatibleEncryption(&rbdVol.rbdImage)
|
||||||
|
if err != nil {
|
||||||
|
return status.Errorf(codes.InvalidArgument, "cannot clone from volume %s: %s", parentVol, err.Error())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
// CreateVolume creates the volume in backend.
|
// CreateVolume creates the volume in backend.
|
||||||
func (cs *ControllerServer) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest) (*csi.CreateVolumeResponse, error) {
|
func (cs *ControllerServer) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest) (*csi.CreateVolumeResponse, error) {
|
||||||
if err := cs.validateVolumeReq(ctx, req); err != nil {
|
if err := cs.validateVolumeReq(ctx, req); err != nil {
|
||||||
@ -254,7 +275,7 @@ func (cs *ControllerServer) CreateVolume(ctx context.Context, req *csi.CreateVol
|
|||||||
return cs.repairExistingVolume(ctx, req, cr, rbdVol, rbdSnap)
|
return cs.repairExistingVolume(ctx, req, cr, rbdVol, rbdSnap)
|
||||||
}
|
}
|
||||||
|
|
||||||
err = validateRequestedVolumeSize(rbdVol, parentVol, rbdSnap, cr)
|
err = checkValidCreateVolumeRequest(rbdVol, parentVol, rbdSnap, cr)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -1528,3 +1528,15 @@ func (rv *rbdVolume) getOrigSnapName(snapID uint64) (string, error) {
|
|||||||
|
|
||||||
return origSnapName, nil
|
return origSnapName, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (ri *rbdImage) isCompatibleEncryption(dst *rbdImage) error {
|
||||||
|
switch {
|
||||||
|
case ri.isEncrypted() && !dst.isEncrypted():
|
||||||
|
return fmt.Errorf("encrypted volume %q does not match unencrypted volume %q", ri, dst)
|
||||||
|
|
||||||
|
case !ri.isEncrypted() && dst.isEncrypted():
|
||||||
|
return fmt.Errorf("unencrypted volume %q does not match encrypted volume %q", ri, dst)
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user