Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rbd: fix encrypted PVC with metadata KMS cannot be deleted (backport #5149) #5176

Merged
merged 1 commit into from
Feb 26, 2025
Merged

rbd: fix encrypted PVC with metadata KMS cannot be deleted (backport #5149) #5176

merged 1 commit into from
Feb 26, 2025
+69 −40

Conversation

mergify[bot]
Copy link
Contributor

@mergify mergify bot commented Feb 25, 2025

Describe what this PR does

Creating an encrypted Persistent Volume Claim with reclaim policy Retain, the Persistent Volume cannot be deleted after the Namespace with the corresponding secret of the encrypted volume was deleted.

CSI DeleteVolume Request -> calls GenVolFromVolID -> calls generateVolumeFromVolumeID -> calls rbdVol.configureBlockEncryption which initiates the metadata kms provider

This fix moves the logic from the kms class initialization to the method where the encryption key is needed.
As the Delete Volume CSI request does not need or call the FetchDEK method, the volume get's deleted successfully.

Is there anything that requires special attention

Do you have any questions?

Is the change backward compatible?

Are there concerns around backward compatibility?

Related issues

Fixes: #5148

Checklist:

  • Commit Message Formatting: Commit titles and messages follow
    guidelines in the developer
    guide    .
  • Reviewed the developer guide on Submitting a Pull
    Request
  • Pending release
    notes
    updated with breaking and/or notable changes for the next major release.
  • Documentation has been updated, if necessary.
  • Unit tests have been added, if necessary.
  • Integration tests have been added, if necessary.
Show available bot commands

These commands are normally not required, but in case of issues, leave any of
the following bot commands in an otherwise empty comment in this PR:

  • /retest ci/centos/<job-name>: retest the <job-name> after unrelated
    failure (please report the failure too!)
This is an automatic backport of pull request #5149 done by [Mergify](https://mergify.com).

@mergify mergify bot added the conflicts label Feb 25, 2025
@mergify Mergify
Copy link
Contributor Author

mergify bot commented Feb 25, 2025

Cherry-pick of 5b587c9 has failed:

On branch mergify/bp/release-v3.13/pr-5149
Your branch is up to date with 'origin/release-v3.13'.

You are currently cherry-picking commit 5b587c94.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	modified:   internal/kms/dummy.go
	modified:   internal/kms/secretskms.go
	modified:   internal/kms/secretskms_test.go

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   PendingReleaseNotes.md

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

@mergify mergify bot added component/rbd Issues related to RBD bug Something isn't working labels Feb 25, 2025
@zerotens @Rakshith-R
rbd: fix encrypted PVC with metadata KMS cannot be deleted
0863c1b 
Signed-off-by: Zerotens <[email protected]>
(cherry picked from commit 5b587c9)

# Conflicts:
#	PendingReleaseNotes.md
@Rakshith-R Rakshith-R force-pushed the mergify/bp/release-v3.13/pr-5149 branch from 5a6aa04 to 0863c1b Compare February 25, 2025 14:52
@Rakshith-R Rakshith-R requested a review from a team February 25, 2025 14:53
@mergify mergify bot added the ok-to-test Label to trigger E2E tests label Feb 25, 2025
@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/upgrade-tests-cephfs

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/upgrade-tests-rbd

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/k8s-e2e-external-storage/1.29

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/k8s-e2e-external-storage/1.31

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/k8s-e2e-external-storage/1.30

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e-helm/k8s-1.29

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e-helm/k8s-1.31

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e/k8s-1.31

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e-helm/k8s-1.30

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e/k8s-1.29

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e/k8s-1.30

@ceph-csi-bot ceph-csi-bot removed the ok-to-test Label to trigger E2E tests label Feb 25, 2025
@nixpanic nixpanic requested a review from a team February 25, 2025 16:40
@mergify mergify bot merged commit 60d9401 into release-v3.13 Feb 26, 2025
37 checks passed
@mergify mergify bot deleted the mergify/bp/release-v3.13/pr-5149 branch February 26, 2025 08:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nixpanic nixpanic nixpanic approved these changes

@Rakshith-R Rakshith-R Rakshith-R approved these changes

Assignees
No one assigned
Labels
bug Something isn't working component/rbd Issues related to RBD
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ceph-csi-bot @nixpanic @Rakshith-R @zerotens