rbd: modify copyEncryptionConfig to accept copyOnlyPassphrase arg

During PVC snapshot/clone both kms config and passphrase needs to copied,
while for PVC restore only passphrase needs to be copied to dest rbdvol
since destination storageclass may have another kms config.

Signed-off-by: Rakshith R <rar@redhat.com>

internal/rbd/clone.go

@@ -161,7 +161,7 @@ func (rv *rbdVolume) createCloneFromImage(ctx context.Context, parentVol *rbdVol
 	}
 
 	if parentVol.isEncrypted() {
-		err = parentVol.copyEncryptionConfig(&rv.rbdImage)
+		err = parentVol.copyEncryptionConfig(&rv.rbdImage, false)
 		if err != nil {
 			return fmt.Errorf("failed to copy encryption config for %q: %w", rv, err)
 		}

internal/rbd/controllerserver.go

@@ -1105,7 +1105,7 @@ func cloneFromSnapshot(
 	defer vol.Destroy()
 
 	if rbdVol.isEncrypted() {
-		err = rbdVol.copyEncryptionConfig(&vol.rbdImage)
+		err = rbdVol.copyEncryptionConfig(&vol.rbdImage, false)
 		if err != nil {
 			return nil, status.Error(codes.Internal, err.Error())
 		}
@@ -1224,7 +1224,7 @@ func (cs *ControllerServer) doSnapshotClone(
 	}()
 
 	if parentVol.isEncrypted() {
-		cryptErr := parentVol.copyEncryptionConfig(&cloneRbd.rbdImage)
+		cryptErr := parentVol.copyEncryptionConfig(&cloneRbd.rbdImage, false)
 		if cryptErr != nil {
 			log.WarningLog(ctx, "failed copy encryption "+
 				"config for %q: %v", cloneRbd, cryptErr)

internal/rbd/encryption.go

@@ -123,7 +123,11 @@ func (ri *rbdImage) setupEncryption(ctx context.Context) error {
 // rbdImage to the passed argument. This function re-encrypts the passphrase
 // from the original, so that both encrypted passphrases (potentially, depends
 // on the DEKStore) have different contents.
-func (ri *rbdImage) copyEncryptionConfig(cp *rbdImage) error {
+// When copyOnlyPassphrase is set to true, only the passphrase is copied to the
+// destination rbdImage's VolumeEncryption object which needs to be initialized
+// beforehand and is possibly different from the source VolumeEncryption
+// (Usecase: Restoring snapshot into a storageclass with different encryption config).
+func (ri *rbdImage) copyEncryptionConfig(cp *rbdImage, copyOnlyPassphrase bool) error {
 	if ri.VolID == cp.VolID {
 		return fmt.Errorf("BUG: %q and %q have the same VolID (%s) "+
 			"set!? Call stack: %s", ri, cp, ri.VolID, util.CallStack())
@@ -136,9 +140,11 @@ func (ri *rbdImage) copyEncryptionConfig(cp *rbdImage) error {
 			ri, err)
 	}
 
-	cp.encryption, err = util.NewVolumeEncryption(ri.encryption.GetID(), ri.encryption.KMS)
-	if errors.Is(err, util.ErrDEKStoreNeeded) {
-		cp.encryption.SetDEKStore(cp)
+	if !copyOnlyPassphrase {
+		cp.encryption, err = util.NewVolumeEncryption(ri.encryption.GetID(), ri.encryption.KMS)
+		if errors.Is(err, util.ErrDEKStoreNeeded) {
+			cp.encryption.SetDEKStore(cp)
+		}
 	}
 
 	// re-encrypt the plain passphrase for the cloned volume
@@ -178,7 +184,7 @@ func (ri *rbdImage) repairEncryptionConfig(dest *rbdImage) error {
 			dest.conn = ri.conn.Copy()
 		}
 
-		return ri.copyEncryptionConfig(dest)
+		return ri.copyEncryptionConfig(dest, false)
 	}
 
 	return nil

internal/rbd/rbd_journal.go

@@ -334,7 +334,7 @@ func (rv *rbdVolume) Exists(ctx context.Context, parentVol *rbdVolume) (bool, er
 	}
 
 	if parentVol != nil && parentVol.isEncrypted() {
-		err = parentVol.copyEncryptionConfig(&rv.rbdImage)
+		err = parentVol.copyEncryptionConfig(&rv.rbdImage, false)
 		if err != nil {
 			log.ErrorLog(ctx, err.Error())
 

internal/rbd/rbd_util.go

@@ -1400,7 +1400,7 @@ func (rv *rbdVolume) cloneRbdImageFromSnapshot(
 	if pSnapOpts.isEncrypted() {
 		pSnapOpts.conn = rv.conn.Copy()
 
-		err = pSnapOpts.copyEncryptionConfig(&rv.rbdImage)
+		err = pSnapOpts.copyEncryptionConfig(&rv.rbdImage, true)
 		if err != nil {
 			return fmt.Errorf("failed to clone encryption config: %w", err)
 		}