Merge pull request oracle#173 in OKE/oci-cloud-controller-manager from task/OKE-16774 to internal

arindam-bandyopadhyay · arindam-bandyopadhyay · commit 21eca806c434 · 2021-09-14T11:33:11.000Z
* commit 'b53bb3c4abc113be229c65b17e0567109a0c8972':
  OKE-16774: Adding error condition when in transit is on and attachment type is iscsi
diff --git a/pkg/csi/driver/controller.go b/pkg/csi/driver/controller.go
@@ -315,6 +315,13 @@ func (d *ControllerDriver) ControllerPublishVolume(ctx context.Context, req *csi
 		metrics.SendMetricData(d.metricPusher, metrics.PVAttach, time.Since(startTime).Seconds(), csiMetricDimension, req.VolumeId)
 		return nil, status.Errorf(codes.Unknown, "failed to get the attachment options. error : %s", err)
 	}
+	//in transit encryption is not supported for other attachment type than paravirtualized
+	if volumeAttachmentOptions.enableInTransitEncryption && !volumeAttachmentOptions.useParavirtualizedAttachment {
+		log.Error("node %s has in transit encryption enabled, but attachment type is not paravirtualized. invalid input", id)
+		csiMetricDimension = util.GetMetricDimensionForComponent(util.ErrValidation, util.CSIStorageType)
+		metrics.SendMetricData(d.metricPusher, metrics.PVAttach, time.Since(startTime).Seconds(), csiMetricDimension, req.VolumeId)
+		return nil, status.Errorf(codes.InvalidArgument, "node %s has in transit encryption enabled, but attachment type is not paravirtualized. invalid input", id)
+	}
 
 	compartmentID, err := util.LookupNodeCompartment(d.KubeClient, req.NodeId)
 	if err != nil {
@@ -737,7 +744,6 @@ func getAttachmentOptions(ctx context.Context, client client.ComputeInterface, a
 	}
 	if *instance.LaunchOptions.IsPvEncryptionInTransitEnabled {
 		volumeAttachmentOption.enableInTransitEncryption = true
-		volumeAttachmentOption.useParavirtualizedAttachment = true
 	}
 	return volumeAttachmentOption, nil
 }
diff --git a/pkg/csi/driver/controller_test.go b/pkg/csi/driver/controller_test.go
@@ -774,7 +774,7 @@ func TestGetAttachmentOptions(t *testing.T) {
 			instanceID:     "inTransitEnabled",
 			volumeAttachmentOption: VolumeAttachmentOption{
 				enableInTransitEncryption:    true,
-				useParavirtualizedAttachment: true,
+				useParavirtualizedAttachment: false,
 			},
 			wantErr: false,
 		},

Original file line number	Diff line number	Diff line change
`@@ -315,6 +315,13 @@ func (d ControllerDriver) ControllerPublishVolume(ctx context.Context, req csi`
`315`	`315`	`metrics.SendMetricData(d.metricPusher, metrics.PVAttach, time.Since(startTime).Seconds(), csiMetricDimension, req.VolumeId)`
`316`	`316`	`return nil, status.Errorf(codes.Unknown, "failed to get the attachment options. error : %s", err)`
`317`	`317`	`}`
	`318`	`+ //in transit encryption is not supported for other attachment type than paravirtualized`
	`319`	`+ if volumeAttachmentOptions.enableInTransitEncryption && !volumeAttachmentOptions.useParavirtualizedAttachment {`
	`320`	`+ log.Error("node %s has in transit encryption enabled, but attachment type is not paravirtualized. invalid input", id)`
	`321`	`+ csiMetricDimension = util.GetMetricDimensionForComponent(util.ErrValidation, util.CSIStorageType)`
	`322`	`+ metrics.SendMetricData(d.metricPusher, metrics.PVAttach, time.Since(startTime).Seconds(), csiMetricDimension, req.VolumeId)`
	`323`	`+ return nil, status.Errorf(codes.InvalidArgument, "node %s has in transit encryption enabled, but attachment type is not paravirtualized. invalid input", id)`
	`324`	`+ }`
`318`	`325`
`319`	`326`	`compartmentID, err := util.LookupNodeCompartment(d.KubeClient, req.NodeId)`
`320`	`327`	`if err != nil {`
`@@ -737,7 +744,6 @@ func getAttachmentOptions(ctx context.Context, client client.ComputeInterface, a`
`737`	`744`	`}`
`738`	`745`	`if *instance.LaunchOptions.IsPvEncryptionInTransitEnabled {`
`739`	`746`	`volumeAttachmentOption.enableInTransitEncryption = true`
`740`		`- volumeAttachmentOption.useParavirtualizedAttachment = true`
`741`	`747`	`}`
`742`	`748`	`return volumeAttachmentOption, nil`
`743`	`749`	`}`