Include EiT state is part of the desired state hash sent to clients

When in-transit encryption is enabled/disabled the kernel mount option for cephFS needs to be updated between prefer-crc/secure. So the desired state hash needs to include the EiT state, so that if the EiT state is changed the desired state hash will change and the client will reconcile to get the updated mount option. Signed-off-by: Malay Kumar Parida <[email protected]>
red-hat-storage · Oct 3, 2024 · a29a835 · a29a835
1 parent cfe597a
commit a29a835
Showing 1 changed file with 53 additions and 10 deletions.
diff --git a/services/provider/server/server.go b/services/provider/server/server.go
@@ -185,7 +185,18 @@ func (s *OCSProviderServer) GetStorageConfig(ctx context.Context, req *pb.Storag
 		if err != nil {
 			return nil, status.Errorf(codes.Internal, "Failed to construct status response: %v", err)
 		}
-		desiredClientConfigHash := getDesiredClientConfigHash(channelName, consumerObj)
+
+		storageCluster, err := s.getStorageCluster(ctx)
+		if err != nil {
+			return nil, err
+		}
+
+		inTransitEncryptionEnabled := false
+		if storageCluster.Spec.Network != nil && storageCluster.Spec.Network.Connections != nil &&
+			storageCluster.Spec.Network.Connections.Encryption != nil && storageCluster.Spec.Network.Connections.Encryption.Enabled {
+			inTransitEncryptionEnabled = true
+		}
+		desiredClientConfigHash := getDesiredClientConfigHash(channelName, inTransitEncryptionEnabled, consumerObj)
 
 		klog.Infof("successfully returned the config details to the consumer.")
 		return &pb.StorageConfigResponse{
@@ -774,15 +785,13 @@ func (s *OCSProviderServer) GetStorageClaimConfig(ctx context.Context, req *pb.S
 				"csi.storage.k8s.io/controller-expand-secret-name": provisionerSecretName,
 			}
 
-			storageClusters := &ocsv1.StorageClusterList{}
-			if err := s.client.List(ctx, storageClusters, client.InNamespace(s.namespace), client.Limit(2)); err != nil {
-				return nil, status.Errorf(codes.Internal, "failed to get storage cluster: %v", err)
-			}
-			if len(storageClusters.Items) != 1 {
-				return nil, status.Errorf(codes.Internal, "expecting one single storagecluster to exist")
+			storageCluster, err := s.getStorageCluster(ctx)
+			if err != nil {
+				return nil, err
 			}
+
 			var kernelMountOptions map[string]string
-			for _, option := range strings.Split(util.GetCephFSKernelMountOptions(&storageClusters.Items[0]), ",") {
+			for _, option := range strings.Split(util.GetCephFSKernelMountOptions(storageCluster), ",") {
 				if kernelMountOptions == nil {
 					kernelMountOptions = map[string]string{}
 				}
@@ -870,17 +879,29 @@ func (s *OCSProviderServer) ReportStatus(ctx context.Context, req *pb.ReportStat
 		return nil, status.Errorf(codes.Internal, "Failed to construct status response: %v", err)
 	}
 
-	desiredClientConfigHash := getDesiredClientConfigHash(channelName, storageConsumer)
+	storageCluster, err := s.getStorageCluster(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	inTransitEncryptionEnabled := false
+	if storageCluster.Spec.Network != nil && storageCluster.Spec.Network.Connections != nil &&
+		storageCluster.Spec.Network.Connections.Encryption != nil && storageCluster.Spec.Network.Connections.Encryption.Enabled {
+		inTransitEncryptionEnabled = true
+	}
+
+	desiredClientConfigHash := getDesiredClientConfigHash(channelName, inTransitEncryptionEnabled, storageConsumer)
 
 	return &pb.ReportStatusResponse{
 		DesiredClientOperatorChannel: channelName,
 		DesiredConfigHash:            desiredClientConfigHash,
 	}, nil
 }
 
-func getDesiredClientConfigHash(channelName string, storageConsumer *ocsv1alpha1.StorageConsumer) string {
+func getDesiredClientConfigHash(channelName string, inTransitEncryptionEnabled bool, storageConsumer *ocsv1alpha1.StorageConsumer) string {
 	var arr = []any{
 		channelName,
+		inTransitEncryptionEnabled,
 		storageConsumer.Spec.StorageQuotaInGiB,
 	}
 	return util.CalculateMD5Hash(arr)
@@ -901,6 +922,28 @@ func (s *OCSProviderServer) getOCSSubscriptionChannel(ctx context.Context) (stri
 	return subscription.Spec.Channel, nil
 }
 
+func (s *OCSProviderServer) getStorageCluster(ctx context.Context) (*ocsv1.StorageCluster, error) {
+	storageClusterList := &ocsv1.StorageClusterList{}
+	if err := s.client.List(ctx, storageClusterList, client.InNamespace(s.namespace)); err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to list storage clusters: %v", err)
+	}
+	// Filter out external storage clusters if any
+	var storageClusters []ocsv1.StorageCluster
+	for _, cluster := range storageClusterList.Items {
+		if cluster.Spec.ExternalStorage.Enable != true {
+			storageClusters = append(storageClusters, cluster)
+		}
+	}
+
+	if len(storageClusters) > 1 {
+		return nil, status.Errorf(codes.Internal, "found more than one storage cluster")
+	}
+	if len(storageClusters) == 0 {
+		return nil, status.Errorf(codes.NotFound, "no storage cluster found")
+	}
+	return &storageClusters[0], nil
+}
+
 func extractMonitorIps(data string) ([]string, error) {
 	var ips []string
 	mons := strings.Split(data, ",")