rbd: support pvc-pvc clone with different sc & encryption

This commit makes modification so as to allow pvc-pvc clone with different storageclass having different encryption configs. This commit also modifies `copyEncryptionConfig()` to include a `isEncrypted()` check within the function. Signed-off-by: Rakshith R <rar@redhat.com>
2024-11-09 16:00:22 +00:00 · 2022-04-25 15:45:08 +05:30 · 2022-04-25 15:45:08 +05:30 · f1ccc4eced
commit f1ccc4eced
parent 2672fad90a
5 changed files with 34 additions and 32 deletions
--- a/internal/rbd/clone.go
+++ b/internal/rbd/clone.go
@ -144,12 +144,10 @@ func (rv *rbdVolume) createCloneFromImage(ctx context.Context, parentVol *rbdVol
 		return err
 	}

-	if parentVol.isEncrypted() {
-		err = parentVol.copyEncryptionConfig(&rv.rbdImage, false)
+	err = parentVol.copyEncryptionConfig(&rv.rbdImage, true)
 	if err != nil {
 		return fmt.Errorf("failed to copy encryption config for %q: %w", rv, err)
 	}
-	}

 	err = j.StoreImageID(ctx, rv.JournalPool, rv.ReservedID, rv.ImageID)
 	if err != nil {
@ -216,5 +214,10 @@ func (rv *rbdVolume) doSnapClone(ctx context.Context, parentVol *rbdVolume) erro
 		return errClone
 	}

+	err = parentVol.copyEncryptionConfig(&rv.rbdImage, true)
+	if err != nil {
+		return fmt.Errorf("failed to copy encryption config for %q: %w", rv, err)
+	}
+
 	return nil
 }
--- a/internal/rbd/controllerserver.go
+++ b/internal/rbd/controllerserver.go
@ -19,6 +19,7 @@ package rbd
 import (
 	"context"
 	"errors"
+	"fmt"

 	csicommon "github.com/ceph/ceph-csi/internal/csi-common"
 	"github.com/ceph/ceph-csi/internal/util"
@ -591,6 +592,11 @@ func (cs *ControllerServer) createVolumeFromSnapshot(

 	log.DebugLog(ctx, "create volume %s from snapshot %s", rbdVol, rbdSnap)

+	err = parentVol.copyEncryptionConfig(&rbdVol.rbdImage, true)
+	if err != nil {
+		return fmt.Errorf("failed to copy encryption config for %q: %w", rbdVol, err)
+	}
+
 	// resize the volume if the size is different
 	// expand the image if the requested size is greater than the current size
 	err = rbdVol.expand()
@ -1104,12 +1110,10 @@ func cloneFromSnapshot(
 	}
 	defer vol.Destroy()

-	if rbdVol.isEncrypted() {
 	err = rbdVol.copyEncryptionConfig(&vol.rbdImage, false)
 	if err != nil {
 		return nil, status.Error(codes.Internal, err.Error())
 	}
-	}

 	err = vol.flattenRbdImage(ctx, false, rbdHardMaxCloneDepth, rbdSoftMaxCloneDepth)
 	if errors.Is(err, ErrFlattenInProgress) {
@ -1207,15 +1211,13 @@ func (cs *ControllerServer) doSnapshotClone(
 		}
 	}()

-	if parentVol.isEncrypted() {
-		cryptErr := parentVol.copyEncryptionConfig(&cloneRbd.rbdImage, false)
-		if cryptErr != nil {
-			log.WarningLog(ctx, "failed copy encryption "+
-				"config for %q: %v", cloneRbd, cryptErr)
+	err = parentVol.copyEncryptionConfig(&cloneRbd.rbdImage, false)
+	if err != nil {
+		log.ErrorLog(ctx, "failed to copy encryption "+
+			"config for %q: %v", cloneRbd, err)

 		return nil, err
 	}
-	}

 	err = cloneRbd.createSnapshot(ctx, rbdSnap)
 	if err != nil {
--- a/internal/rbd/encryption.go
+++ b/internal/rbd/encryption.go
@ -120,14 +120,20 @@ func (ri *rbdImage) setupEncryption(ctx context.Context) error {
 }

 // copyEncryptionConfig copies the VolumeEncryption object from the source
-// rbdImage to the passed argument. This function re-encrypts the passphrase
-// from the original, so that both encrypted passphrases (potentially, depends
-// on the DEKStore) have different contents.
+// rbdImage to the passed argument if the source rbdImage is encrypted.
+// This function re-encrypts the passphrase  from the original, so that
+// both encrypted passphrases (potentially, depends on the DEKStore) have
+// different contents.
 // When copyOnlyPassphrase is set to true, only the passphrase is copied to the
 // destination rbdImage's VolumeEncryption object which needs to be initialized
 // beforehand and is possibly different from the source VolumeEncryption
 // (Usecase: Restoring snapshot into a storageclass with different encryption config).
 func (ri *rbdImage) copyEncryptionConfig(cp *rbdImage, copyOnlyPassphrase bool) error {
+	// nothing to do if parent image is not encrypted.
+	if !ri.isEncrypted() {
+		return nil
+	}
+
 	if ri.VolID == cp.VolID {
 		return fmt.Errorf("BUG: %q and %q have the same VolID (%s) "+
 			"set!? Call stack: %s", ri, cp, ri.VolID, util.CallStack())
@ -184,7 +190,7 @@ func (ri *rbdImage) repairEncryptionConfig(dest *rbdImage) error {
 			dest.conn = ri.conn.Copy()
 		}

-		return ri.copyEncryptionConfig(dest, false)
+		return ri.copyEncryptionConfig(dest, true)
 	}

 	return nil
--- a/internal/rbd/rbd_journal.go
+++ b/internal/rbd/rbd_journal.go
@ -324,8 +324,8 @@ func (rv *rbdVolume) Exists(ctx context.Context, parentVol *rbdVolume) (bool, er
 		return false, err
 	}

-	if parentVol != nil && parentVol.isEncrypted() {
-		err = parentVol.copyEncryptionConfig(&rv.rbdImage, false)
+	if parentVol != nil {
+		err = parentVol.copyEncryptionConfig(&rv.rbdImage, true)
 		if err != nil {
 			log.ErrorLog(ctx, err.Error())

--- a/internal/rbd/rbd_util.go
+++ b/internal/rbd/rbd_util.go
@ -1366,15 +1366,6 @@ func (rv *rbdVolume) cloneRbdImageFromSnapshot(
 		}
 	}()

-	if pSnapOpts.isEncrypted() {
-		pSnapOpts.conn = rv.conn.Copy()
-
-		err = pSnapOpts.copyEncryptionConfig(&rv.rbdImage, true)
-		if err != nil {
-			return fmt.Errorf("failed to clone encryption config: %w", err)
-		}
-	}
-
 	// get image latest information
 	err = rv.getImageInfo()
 	if err != nil {