Skip to content

Commit

Permalink
rbd: Allow user to disable key rotation
Browse files Browse the repository at this point in the history
This patch allows user to disable automatic
key rotation by annotating StorageCluster
with `keyrotation.csiaddons.openshift.io/enable=false`

Signed-off-by: Niraj Yadav <[email protected]>
  • Loading branch information
black-dragon74 committed Oct 7, 2024
1 parent f80f43b commit 59c091c
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 2 deletions.
13 changes: 12 additions & 1 deletion controllers/storagecluster/storageclasses.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ const (

//storage class driver name prefix
storageclassDriverNamePrefix = "openshift-storage"

keyRotationEnableAnnotation = "keyrotation.csiaddons.openshift.io/enable"
)

var (
Expand Down Expand Up @@ -280,6 +282,7 @@ func newCephBlockPoolStorageClassConfiguration(initData *ocsv1.StorageCluster) S
persistentVolumeReclaimDelete := corev1.PersistentVolumeReclaimDelete
allowVolumeExpansion := true
managementSpec := initData.Spec.ManagedResources.CephBlockPools
disableKeyRotation := !util.IsAnnotationTruthy(initData, keyRotationEnableAnnotation)
scc := StorageClassConfiguration{
storageClass: &storagev1.StorageClass{
ObjectMeta: metav1.ObjectMeta{
Expand Down Expand Up @@ -314,6 +317,9 @@ func newCephBlockPoolStorageClassConfiguration(initData *ocsv1.StorageCluster) S
if initData.Spec.ManagedResources.CephBlockPools.DefaultStorageClass {
scc.storageClass.Annotations[defaultStorageClassAnnotation] = "true"
}
if disableKeyRotation {
util.AddAnnotation(scc.storageClass, keyRotationEnableAnnotation, "false")
}
return scc
}

Expand All @@ -336,7 +342,8 @@ func newNonResilientCephBlockPoolStorageClassConfiguration(initData *ocsv1.Stora
persistentVolumeReclaimDelete := corev1.PersistentVolumeReclaimDelete
allowVolumeExpansion := true
volumeBindingWaitForFirstConsumer := storagev1.VolumeBindingWaitForFirstConsumer
return StorageClassConfiguration{
disableKeyRotation := !util.IsAnnotationTruthy(initData, keyRotationEnableAnnotation)
scc := StorageClassConfiguration{
storageClass: &storagev1.StorageClass{
ObjectMeta: metav1.ObjectMeta{
Name: util.GenerateNameForNonResilientCephBlockPoolSC(initData),
Expand Down Expand Up @@ -366,6 +373,10 @@ func newNonResilientCephBlockPoolStorageClassConfiguration(initData *ocsv1.Stora
},
isClusterExternal: initData.Spec.ExternalStorage.Enable,
}
if disableKeyRotation {
util.AddAnnotation(scc.storageClass, keyRotationEnableAnnotation, "false")
}
return scc
}

// newCephNFSStorageClassConfiguration generates configuration options for a Ceph NFS StorageClass.
Expand Down
15 changes: 14 additions & 1 deletion controllers/util/util.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,10 @@ import (
"encoding/hex"
"encoding/json"
"fmt"
ocsv1 "github.com/red-hat-storage/ocs-operator/api/v4/v1"
"os"
"strings"

ocsv1 "github.com/red-hat-storage/ocs-operator/api/v4/v1"

metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
Expand Down Expand Up @@ -103,3 +105,14 @@ func AssertEqual[T comparable](actual T, expected T, exitCode int) {
os.Exit(exitCode)
}
}

// IsAnnotationTruthy returns true if the annotation is present
// and has a truthy value
func IsAnnotationTruthy(obj metav1.Object, key string) bool {
annotations := obj.GetAnnotations()

if val, found := annotations[key]; found {
return strings.ToLower(val) == "true"
}
return false
}

0 comments on commit 59c091c

Please sign in to comment.