Skip to content

Commit

Permalink
rbd: Allow user to disable key rotation
Browse files Browse the repository at this point in the history 
This patch allows user to disable automatic
key rotation by annotating StorageCluster
with `keyrotation.csiaddons.openshift.io/enable=false`

Signed-off-by: Niraj Yadav <[email protected]>
  • Loading branch information
@black-dragon74
black-dragon74 committed Nov 8, 2024
1 parent 23d63eb commit 576727f
Showing 1 changed file with 26 additions and 1 deletion.
27 changes: 26 additions & 1 deletion controllers/storagecluster/storageclasses.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ const (

//storage class driver name prefix
storageclassDriverNamePrefix = "openshift-storage"
keyRotationEnableAnnotation = "keyrotation.csiaddons.openshift.io/enable"
)

var (
Expand Down Expand Up @@ -198,6 +199,7 @@ func (r *StorageClusterReconciler) createStorageClasses(sccs []StorageClassConfi
}
}

scRecreated := false
existing := &storagev1.StorageClass{}
err := r.Client.Get(context.TODO(), types.NamespacedName{Name: sc.Name, Namespace: sc.Namespace}, existing)

Expand Down Expand Up @@ -232,6 +234,22 @@ func (r *StorageClusterReconciler) createStorageClasses(sccs []StorageClassConfi
r.Log.Info("Failed to create StorageClass.", "StorageClass", klog.KRef(sc.Namespace, sc.Name))
return err
}
scRecreated = true
}
if !scRecreated {
if existing.Annotations == nil {
existing.Annotations = map[string]string{}
}
delete(existing.Annotations, keyRotationEnableAnnotation)
if val, ok := sc.GetAnnotations()[keyRotationEnableAnnotation]; ok {
existing.Annotations[keyRotationEnableAnnotation] = val
}

err = r.Client.Update(context.TODO(), existing)
if err != nil {
r.Log.Error(err, "Failed to update annotations on the StorageClass.", "StorageClass", klog.KRef(sc.Namespace, existing.Name))
return err
}
}
}
}
Expand Down Expand Up @@ -314,6 +332,9 @@ func newCephBlockPoolStorageClassConfiguration(initData *ocsv1.StorageCluster) S
if initData.Spec.ManagedResources.CephBlockPools.DefaultStorageClass {
scc.storageClass.Annotations[defaultStorageClassAnnotation] = "true"
}
if initData.GetAnnotations()[keyRotationEnableAnnotation] == "false" {
util.AddAnnotation(scc.storageClass, keyRotationEnableAnnotation, "false")
}
return scc
}

Expand All @@ -336,7 +357,7 @@ func newNonResilientCephBlockPoolStorageClassConfiguration(initData *ocsv1.Stora
persistentVolumeReclaimDelete := corev1.PersistentVolumeReclaimDelete
allowVolumeExpansion := true
volumeBindingWaitForFirstConsumer := storagev1.VolumeBindingWaitForFirstConsumer
return StorageClassConfiguration{
scc := StorageClassConfiguration{
storageClass: &storagev1.StorageClass{
ObjectMeta: metav1.ObjectMeta{
Name: util.GenerateNameForNonResilientCephBlockPoolSC(initData),
Expand Down Expand Up @@ -366,6 +387,10 @@ func newNonResilientCephBlockPoolStorageClassConfiguration(initData *ocsv1.Stora
},
isClusterExternal: initData.Spec.ExternalStorage.Enable,
}
if initData.GetAnnotations()[keyRotationEnableAnnotation] == "false" {
util.AddAnnotation(scc.storageClass, keyRotationEnableAnnotation, "false")
}
return scc
}

// newCephNFSStorageClassConfiguration generates configuration options for a Ceph NFS StorageClass.
Expand Down

0 comments on commit 576727f

Please sign in to comment.