From 3e165cc973ad6b620ea86c4c7e852035856aff4f Mon Sep 17 00:00:00 2001 From: Rohan Gupta Date: Sun, 21 Jul 2024 01:39:48 +0530 Subject: [PATCH] provider-server: send info of kernelMountOptions for cephfs to client add kernel mount option ms_mode=secure to cephfs storageclass data when encryption in transit is enabled Signed-off-by: Rohan Gupta --- services/provider/server/server.go | 33 +++++++++++++++++++++++-- services/provider/server/server_test.go | 9 +++++++ 2 files changed, 40 insertions(+), 2 deletions(-) diff --git a/services/provider/server/server.go b/services/provider/server/server.go index 74287e5064..bbcb884f52 100644 --- a/services/provider/server/server.go +++ b/services/provider/server/server.go @@ -52,8 +52,9 @@ const ( ) const ( - monConfigMap = "rook-ceph-mon-endpoints" - monSecret = "rook-ceph-mon" + monConfigMap = "rook-ceph-mon-endpoints" + monSecret = "rook-ceph-mon" + kernelMountOptionSecure = "ms_mode=secure" ) type OCSProviderServer struct { @@ -655,6 +656,12 @@ func (s *OCSProviderServer) GetStorageClaimConfig(ctx context.Context, req *pb.S "csi.storage.k8s.io/controller-expand-secret-name": provisionerSecretName, } + if kernelMountOptions, err := s.getCephfsKernelMountOptions(ctx); err != nil { + return nil, status.Errorf(codes.Internal, "failed to get kernel mount options. %v", err) + } else if kernelMountOptions != "" { + cephfsStorageClassData["kernelmountoptions"] = kernelMountOptions + } + extR = append(extR, &pb.ExternalResource{ Name: "cephfs", @@ -737,3 +744,25 @@ func (s *OCSProviderServer) getOCSSubscriptionChannel(ctx context.Context) (stri } return subscription.Spec.Channel, nil } + +func (s *OCSProviderServer) getCephfsKernelMountOptions(ctx context.Context) (string, error) { + + clusters, err := util.GetClusters(ctx, s.client) + if err != nil { + return "", fmt.Errorf("failed to get clusters: %v", err) + } + + storageClusters := clusters.GetStorageClustersInNamespace(s.namespace) + if len(storageClusters) == 0 { + return "", fmt.Errorf("no storage clusters found in namespace %s", s.namespace) + } + + if storageClusters[0].Spec.Network != nil && + storageClusters[0].Spec.Network.Connections != nil && + storageClusters[0].Spec.Network.Connections.Encryption != nil && + storageClusters[0].Spec.Network.Connections.Encryption.Enabled { + return kernelMountOptionSecure, nil + } + + return "", nil +} diff --git a/services/provider/server/server_test.go b/services/provider/server/server_test.go index 979a8d995a..67841b3cfa 100644 --- a/services/provider/server/server_test.go +++ b/services/provider/server/server_test.go @@ -7,6 +7,7 @@ import ( "strconv" "testing" + ocsv1 "github.com/red-hat-storage/ocs-operator/api/v4/v1" ocsv1alpha1 "github.com/red-hat-storage/ocs-operator/api/v4/v1alpha1" controllers "github.com/red-hat-storage/ocs-operator/v4/controllers/storageconsumer" pb "github.com/red-hat-storage/ocs-operator/v4/services/provider/pb" @@ -680,6 +681,13 @@ func TestOCSProviderServerGetStorageClaimConfig(t *testing.T) { Phase: ocsv1alpha1.StorageRequestFailed, }, } + storageClusterResourceName = "mock-storage-cluster" + storageClustersResource = &ocsv1.StorageCluster{ + ObjectMeta: metav1.ObjectMeta{ + Name: storageClusterResourceName, + Namespace: serverNamespace, + }, + } ) ctx := context.TODO() @@ -690,6 +698,7 @@ func TestOCSProviderServerGetStorageClaimConfig(t *testing.T) { claimResourceInitializing, claimResourceCreating, claimResourceFailed, + storageClustersResource, } // Create a fake client to mock API calls.