rbd: Allow user to disable key rotation

This patch allows user to disable automatic key rotation by annotating StorageCluster with `keyrotation.csiaddons.openshift.io/enable=false` Signed-off-by: Niraj Yadav <[email protected]>
red-hat-storage · Nov 4, 2024 · 1485170 · 1485170
1 parent 23d63eb
commit 1485170
Showing 1 changed file with 11 additions and 2 deletions.
diff --git a/controllers/storagecluster/storageclasses.go b/controllers/storagecluster/storageclasses.go
@@ -27,6 +27,7 @@ const (
 
 	//storage class driver name prefix
 	storageclassDriverNamePrefix = "openshift-storage"
+	keyRotationEnableAnnotation  = "keyrotation.csiaddons.openshift.io/enable"
 )
 
 var (
@@ -217,7 +218,8 @@ func (r *StorageClusterReconciler) createStorageClasses(sccs []StorageClassConfi
 			if existing.DeletionTimestamp != nil {
 				return fmt.Errorf("failed to restore StorageClass  %s because it is marked for deletion", existing.Name)
 			}
-			if !reflect.DeepEqual(sc.Parameters, existing.Parameters) {
+			if !reflect.DeepEqual(sc.Parameters, existing.Parameters) ||
+				!reflect.DeepEqual(sc.Annotations, existing.Annotations) {
 				// Since we have to update the existing StorageClass
 				// So, we will delete the existing storageclass and create a new one
 				r.Log.Info("StorageClass needs to be updated, deleting it.", "StorageClass", klog.KRef(sc.Namespace, existing.Name))
@@ -314,6 +316,9 @@ func newCephBlockPoolStorageClassConfiguration(initData *ocsv1.StorageCluster) S
 	if initData.Spec.ManagedResources.CephBlockPools.DefaultStorageClass {
 		scc.storageClass.Annotations[defaultStorageClassAnnotation] = "true"
 	}
+	if initData.GetAnnotations()[keyRotationEnableAnnotation] == "false" {
+		util.AddAnnotation(scc.storageClass, keyRotationEnableAnnotation, "false")
+	}
 	return scc
 }
 
@@ -336,7 +341,7 @@ func newNonResilientCephBlockPoolStorageClassConfiguration(initData *ocsv1.Stora
 	persistentVolumeReclaimDelete := corev1.PersistentVolumeReclaimDelete
 	allowVolumeExpansion := true
 	volumeBindingWaitForFirstConsumer := storagev1.VolumeBindingWaitForFirstConsumer
-	return StorageClassConfiguration{
+	scc := StorageClassConfiguration{
 		storageClass: &storagev1.StorageClass{
 			ObjectMeta: metav1.ObjectMeta{
 				Name: util.GenerateNameForNonResilientCephBlockPoolSC(initData),
@@ -366,6 +371,10 @@ func newNonResilientCephBlockPoolStorageClassConfiguration(initData *ocsv1.Stora
 		},
 		isClusterExternal: initData.Spec.ExternalStorage.Enable,
 	}
+	if initData.GetAnnotations()[keyRotationEnableAnnotation] == "false" {
+		util.AddAnnotation(scc.storageClass, keyRotationEnableAnnotation, "false")
+	}
+	return scc
 }
 
 // newCephNFSStorageClassConfiguration generates configuration options for a Ceph NFS StorageClass.