rbd: support pvc-pvc clone with different sc & encryption

This commit makes modification so as to allow pvc-pvc clone with different storageclass having different encryption configs. This commit also modifies `copyEncryptionConfig()` to include a `isEncrypted()` check within the function. Signed-off-by: Rakshith R <rar@redhat.com>
2024-11-10 00:10:20 +00:00 · 2022-04-25 15:45:08 +05:30 · 2022-04-25 15:45:08 +05:30 · f1ccc4eced
commit f1ccc4eced
parent 2672fad90a
5 changed files with 34 additions and 32 deletions
--- a/internal/rbd/clone.go
+++ b/internal/rbd/clone.go
@ -144,11 +144,9 @@ func (rv *rbdVolume) createCloneFromImage(ctx context.Context, parentVol *rbdVol
 		return err
 	}
-	if parentVol.isEncrypted() {
+	err = parentVol.copyEncryptionConfig(&rv.rbdImage, true)
-		err = parentVol.copyEncryptionConfig(&rv.rbdImage, false)
+	if err != nil {
-		if err != nil {
+		return fmt.Errorf("failed to copy encryption config for %q: %w", rv, err)
 			return fmt.Errorf("failed to copy encryption config for %q: %w", rv, err)
 		}
 	}
 	err = j.StoreImageID(ctx, rv.JournalPool, rv.ReservedID, rv.ImageID)
@ -216,5 +214,10 @@ func (rv *rbdVolume) doSnapClone(ctx context.Context, parentVol *rbdVolume) erro
 		return errClone
 	}
 	err = parentVol.copyEncryptionConfig(&rv.rbdImage, true)
 	if err != nil {
 		return fmt.Errorf("failed to copy encryption config for %q: %w", rv, err)
 	}
 	return nil
 }
--- a/internal/rbd/controllerserver.go
+++ b/internal/rbd/controllerserver.go
@ -19,6 +19,7 @@ package rbd
 import (
 	"context"
 	"errors"
 	"fmt"
 	csicommon "github.com/ceph/ceph-csi/internal/csi-common"
 	"github.com/ceph/ceph-csi/internal/util"
@ -591,6 +592,11 @@ func (cs *ControllerServer) createVolumeFromSnapshot(
 	log.DebugLog(ctx, "create volume %s from snapshot %s", rbdVol, rbdSnap)
 	err = parentVol.copyEncryptionConfig(&rbdVol.rbdImage, true)
 	if err != nil {
 		return fmt.Errorf("failed to copy encryption config for %q: %w", rbdVol, err)
 	}
 	// resize the volume if the size is different
 	// expand the image if the requested size is greater than the current size
 	err = rbdVol.expand()
@ -1104,11 +1110,9 @@ func cloneFromSnapshot(
 	}
 	defer vol.Destroy()
-	if rbdVol.isEncrypted() {
+	err = rbdVol.copyEncryptionConfig(&vol.rbdImage, false)
-		err = rbdVol.copyEncryptionConfig(&vol.rbdImage, false)
+	if err != nil {
-		if err != nil {
+		return nil, status.Error(codes.Internal, err.Error())
 			return nil, status.Error(codes.Internal, err.Error())
 		}
 	}
 	err = vol.flattenRbdImage(ctx, false, rbdHardMaxCloneDepth, rbdSoftMaxCloneDepth)
@ -1207,14 +1211,12 @@ func (cs *ControllerServer) doSnapshotClone(
 		}
 	}()
-	if parentVol.isEncrypted() {
+	err = parentVol.copyEncryptionConfig(&cloneRbd.rbdImage, false)
-		cryptErr := parentVol.copyEncryptionConfig(&cloneRbd.rbdImage, false)
+	if err != nil {
-		if cryptErr != nil {
+		log.ErrorLog(ctx, "failed to copy encryption "+
-			log.WarningLog(ctx, "failed copy encryption "+
+			"config for %q: %v", cloneRbd, err)
 				"config for %q: %v", cloneRbd, cryptErr)
-			return nil, err
+		return nil, err
 		}
 	}
 	err = cloneRbd.createSnapshot(ctx, rbdSnap)
--- a/internal/rbd/encryption.go
+++ b/internal/rbd/encryption.go
@ -120,14 +120,20 @@ func (ri *rbdImage) setupEncryption(ctx context.Context) error {
 }
 // copyEncryptionConfig copies the VolumeEncryption object from the source
-// rbdImage to the passed argument. This function re-encrypts the passphrase
+// rbdImage to the passed argument if the source rbdImage is encrypted.
-// from the original, so that both encrypted passphrases (potentially, depends
+// This function re-encrypts the passphrase  from the original, so that
-// on the DEKStore) have different contents.
+// both encrypted passphrases (potentially, depends on the DEKStore) have
 // different contents.
 // When copyOnlyPassphrase is set to true, only the passphrase is copied to the
 // destination rbdImage's VolumeEncryption object which needs to be initialized
 // beforehand and is possibly different from the source VolumeEncryption
 // (Usecase: Restoring snapshot into a storageclass with different encryption config).
 func (ri *rbdImage) copyEncryptionConfig(cp *rbdImage, copyOnlyPassphrase bool) error {
 	// nothing to do if parent image is not encrypted.
 	if !ri.isEncrypted() {
 		return nil
 	}
 	if ri.VolID == cp.VolID {
 		return fmt.Errorf("BUG: %q and %q have the same VolID (%s) "+
 			"set!? Call stack: %s", ri, cp, ri.VolID, util.CallStack())
@ -184,7 +190,7 @@ func (ri *rbdImage) repairEncryptionConfig(dest *rbdImage) error {
 			dest.conn = ri.conn.Copy()
 		}
-		return ri.copyEncryptionConfig(dest, false)
+		return ri.copyEncryptionConfig(dest, true)
 	}
 	return nil
--- a/internal/rbd/rbd_journal.go
+++ b/internal/rbd/rbd_journal.go
@ -324,8 +324,8 @@ func (rv *rbdVolume) Exists(ctx context.Context, parentVol *rbdVolume) (bool, er
 		return false, err
 	}
-	if parentVol != nil && parentVol.isEncrypted() {
+	if parentVol != nil {
-		err = parentVol.copyEncryptionConfig(&rv.rbdImage, false)
+		err = parentVol.copyEncryptionConfig(&rv.rbdImage, true)
 		if err != nil {
 			log.ErrorLog(ctx, err.Error())
--- a/internal/rbd/rbd_util.go
+++ b/internal/rbd/rbd_util.go
@ -1366,15 +1366,6 @@ func (rv *rbdVolume) cloneRbdImageFromSnapshot(
 		}
 	}()
 	if pSnapOpts.isEncrypted() {
 		pSnapOpts.conn = rv.conn.Copy()
 		err = pSnapOpts.copyEncryptionConfig(&rv.rbdImage, true)
 		if err != nil {
 			return fmt.Errorf("failed to clone encryption config: %w", err)
 		}
 	}
 	// get image latest information
 	err = rv.getImageInfo()
 	if err != nil {