rbd: Allow user to disable key rotation

This patch allows user to disable automatic key rotation by annotating StorageCluster with `keyrotation.csiaddons.openshift.io/enable=false` Signed-off-by: Niraj Yadav <niryadav@redhat.com>
red-hat-storage · Oct 7, 2024 · 288a026 · 288a026
1 parent f80f43b
commit 288a026
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 2 deletions.
diff --git a/controllers/storagecluster/storageclasses.go b/controllers/storagecluster/storageclasses.go
@@ -27,6 +27,8 @@ const (
 
  //storage class driver name prefix
  storageclassDriverNamePrefix = "openshift-storage"
+
+ keyRotationEnableAnnotation = "keyrotation.csiaddons.openshift.io/enable"
 )
 
 var (
@@ -314,6 +316,9 @@ func newCephBlockPoolStorageClassConfiguration(initData *ocsv1.StorageCluster) S
  if initData.Spec.ManagedResources.CephBlockPools.DefaultStorageClass {
  scc.storageClass.Annotations[defaultStorageClassAnnotation] = "true"
  }
+ util.If(!util.IsAnnotationTruthy(initData, keyRotationEnableAnnotation), func() {
+ util.AddAnnotation(scc.storageClass, keyRotationEnableAnnotation, "false")
+ })
  return scc
 }
 
@@ -336,7 +341,7 @@ func newNonResilientCephBlockPoolStorageClassConfiguration(initData *ocsv1.Stora
  persistentVolumeReclaimDelete := corev1.PersistentVolumeReclaimDelete
  allowVolumeExpansion := true
  volumeBindingWaitForFirstConsumer := storagev1.VolumeBindingWaitForFirstConsumer
- return StorageClassConfiguration{
+ scc := StorageClassConfiguration{
  storageClass: &storagev1.StorageClass{
  ObjectMeta: metav1.ObjectMeta{
  Name: util.GenerateNameForNonResilientCephBlockPoolSC(initData),
@@ -366,6 +371,10 @@ func newNonResilientCephBlockPoolStorageClassConfiguration(initData *ocsv1.Stora
  },
  isClusterExternal: initData.Spec.ExternalStorage.Enable,
  }
+ util.If(!util.IsAnnotationTruthy(initData, keyRotationEnableAnnotation), func() {
+ util.AddAnnotation(scc.storageClass, keyRotationEnableAnnotation, "false")
+ })
+ return scc
 }
 
 // newCephNFSStorageClassConfiguration generates configuration options for a Ceph NFS StorageClass.

diff --git a/controllers/util/util.go b/controllers/util/util.go
@@ -5,8 +5,10 @@ import (
  "encoding/hex"
  "encoding/json"
  "fmt"
- ocsv1 "github.com/red-hat-storage/ocs-operator/api/v4/v1"
  "os"
+ "strings"
+
+ ocsv1 "github.com/red-hat-storage/ocs-operator/api/v4/v1"
 
  metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
@@ -103,3 +105,21 @@ func AssertEqual[T comparable](actual T, expected T, exitCode int) {
  os.Exit(exitCode)
  }
 }
+
+// IsAnnotationTruthy returns true if the annotation is present
+// and has a truthy value
+func IsAnnotationTruthy(obj metav1.Object, key string) bool {
+ annotations := obj.GetAnnotations()
+
+ if val, found := annotations[key]; found {
+ return strings.ToLower(val) == "true"
+ }
+ return false
+}
+
+// Execute the provided function if the condition is true.
+func If(cond bool, fn func()) {
+ if cond {
+ fn()
+ }
+}