rbd: setup encryption if rbdVol exits during CreateVol

This commit adds code to setup encryption on a rbdVol being repaired in a followup CreateVolume request. This is fixes a bug wherein encryption metadata may not have been set in previous request due to container restart. Fixes: ceph#3402 Signed-off-by: Rakshith R <rar@redhat.com>
Rakshith-R · Nov 4, 2022 · 4bda0a5 · 4bda0a5
1 parent 07e9ded
commit 4bda0a5
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/internal/rbd/controllerserver.go b/internal/rbd/controllerserver.go
@@ -508,6 +508,15 @@ func (cs *ControllerServer) repairExistingVolume(ctx context.Context, req *csi.C
 
 			return nil, err
 		}
+
+	default:
+		// setup encryption again to make sure everything is in place.
+		if rbdVol.isBlockEncrypted() {
+			err := rbdVol.setupBlockEncryption(ctx)
+			if err != nil {
+				return nil, fmt.Errorf("failed to setup encryption for image %s: %w", rbdVol, err)
+			}
+		}
 	}
 
 	// Set metadata on restart of provisioner pod when image exist