rbd: Allow user to disable key rotation

This patch allows user to disable automatic key rotation by annotating StorageCluster with `keyrotation.csiaddons.openshift.io/enable=false` Signed-off-by: Niraj Yadav <[email protected]>
red-hat-storage · Sep 24, 2024 · e1b9a4c · e1b9a4c
1 parent cfe597a
commit e1b9a4c
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 1 deletion.
diff --git a/controllers/storagecluster/storageclasses.go b/controllers/storagecluster/storageclasses.go
@@ -28,6 +28,8 @@ const (
 
 	//storage class driver name prefix
 	storageclassDriverNamePrefix = "openshift-storage"
+
+	keyRotationEnableAnnotation = "keyrotation.csiaddons.openshift.io/enable"
 )
 
 var (
@@ -281,6 +283,7 @@ func newCephBlockPoolStorageClassConfiguration(initData *ocsv1.StorageCluster) S
 	persistentVolumeReclaimDelete := corev1.PersistentVolumeReclaimDelete
 	allowVolumeExpansion := true
 	managementSpec := initData.Spec.ManagedResources.CephBlockPools
+	disableKeyRotation := !util.IsAnnotationTruthy(initData, keyRotationEnableAnnotation)
 	scc := StorageClassConfiguration{
 		storageClass: &storagev1.StorageClass{
 			ObjectMeta: metav1.ObjectMeta{
@@ -315,6 +318,9 @@ func newCephBlockPoolStorageClassConfiguration(initData *ocsv1.StorageCluster) S
 	if initData.Spec.ManagedResources.CephBlockPools.DefaultStorageClass {
 		scc.storageClass.Annotations[defaultStorageClassAnnotation] = "true"
 	}
+	if disableKeyRotation {
+		util.AddAnnotation(scc.storageClass, keyRotationEnableAnnotation, "false")
+	}
 	return scc
 }
 
@@ -337,7 +343,8 @@ func newNonResilientCephBlockPoolStorageClassConfiguration(initData *ocsv1.Stora
 	persistentVolumeReclaimDelete := corev1.PersistentVolumeReclaimDelete
 	allowVolumeExpansion := true
 	volumeBindingWaitForFirstConsumer := storagev1.VolumeBindingWaitForFirstConsumer
-	return StorageClassConfiguration{
+	disableKeyRotation := !util.IsAnnotationTruthy(initData, keyRotationEnableAnnotation)
+	scc := StorageClassConfiguration{
 		storageClass: &storagev1.StorageClass{
 			ObjectMeta: metav1.ObjectMeta{
 				Name: util.GenerateNameForNonResilientCephBlockPoolSC(initData),
@@ -367,6 +374,10 @@ func newNonResilientCephBlockPoolStorageClassConfiguration(initData *ocsv1.Stora
 		},
 		isClusterExternal: initData.Spec.ExternalStorage.Enable,
 	}
+	if disableKeyRotation {
+		util.AddAnnotation(scc.storageClass, keyRotationEnableAnnotation, "false")
+	}
+	return scc
 }
 
 // newCephNFSStorageClassConfiguration generates configuration options for a Ceph NFS StorageClass.

diff --git a/controllers/util/util.go b/controllers/util/util.go
@@ -5,6 +5,7 @@ import (
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
+	"strings"
 
 	ocsv1 "github.com/red-hat-storage/ocs-operator/api/v4/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -96,3 +97,14 @@ func CalculateMD5Hash(value any) string {
 	hash := md5.Sum(data)
 	return hex.EncodeToString(hash[:])
 }
+
+// IsAnnotationTruthy returns true if the annotation is present
+// and has a truthy value i.e. not "false" or empty
+func IsAnnotationTruthy(obj metav1.Object, key string) bool {
+	annotations := obj.GetAnnotations()
+
+	if val, found := annotations[key]; found {
+		return val != "" && strings.ToLower(val) != "false"
+	}
+	return false
+}