Squashed commit of the following:

commit 0162f0e5af55c034f40b83ab292fa39f2f759028 Merge: 7355e07 188ebdf Author: weizhichen <weizhichen@microsoft.com> Date: Wed Jan 18 02:54:11 2023 +0000 Merge branch 'master' of github.com:kubernetes-sigs/cloud-provider-azure into support-data-protection-for-blob-csi-driver commit 7355e07 Author: weizhichen <weizhichen@microsoft.com> Date: Tue Jan 17 09:17:27 2023 +0000 delete useless mockblobclient commit 54bd7e6 Author: weizhichen <weizhichen@microsoft.com> Date: Tue Jan 17 08:57:40 2023 +0000 do not search for storage accounts if data protection field not set commit 1f26083 Author: weizhichen <weizhichen@microsoft.com> Date: Tue Jan 17 08:26:31 2023 +0000 Revert "fix ut" This reverts commit 8b2e6b2. commit f9a6092 Author: weizhichen <weizhichen@microsoft.com> Date: Tue Jan 17 08:24:05 2023 +0000 revert delete storage account commit ad83771 Author: weizhichen <weizhichen@microsoft.com> Date: Fri Jan 13 12:20:36 2023 +0000 fix commit 8b2e6b2 Author: weizhichen <weizhichen@microsoft.com> Date: Fri Jan 13 11:40:56 2023 +0000 fix ut commit 790ba4a Author: weizhichen <weizhichen@microsoft.com> Date: Fri Jan 13 11:28:43 2023 +0000 typo commit ecc8b67 Author: weizhichen <weizhichen@microsoft.com> Date: Fri Jan 13 11:24:35 2023 +0000 fix by code review commit dce5594 Author: weizhichen <weizhichen@microsoft.com> Date: Fri Jan 13 10:43:15 2023 +0000 Squashed commit of the following: commit 21369ab Author: weizhichen <weizhichen@microsoft.com> Date: Fri Jan 13 10:41:42 2023 +0000 fix ut commit bec648e Author: weizhichen <weizhichen@microsoft.com> Date: Fri Jan 13 10:33:49 2023 +0000 fix lint commit 1acc7f0 Author: weizhichen <weizhichen@microsoft.com> Date: Fri Jan 13 10:06:55 2023 +0000 change IsEnableBlobVersioning from bool to *bool commit 8aa7c2d Merge: d66726a 4448927 Author: weizhichen <weizhichen@microsoft.com> Date: Fri Jan 13 08:45:53 2023 +0000 Merge branch 'account-search-fix2' of github.com:andyzhangx/cloud-provider-azure into support-data-protection-for-blob-csi-driver commit 4448927 Author: andyzhangx <xiazhang@microsoft.com> Date: Fri Jan 13 05:19:54 2023 +0000 fix: make account search backward compatible commit d66726a Author: weizhichen <weizhichen@microsoft.com> Date: Fri Jan 13 03:24:35 2023 +0000 use %w to wrap error commit 388ee70 Author: weizhichen <weizhichen@microsoft.com> Date: Fri Jan 13 03:14:42 2023 +0000 add mock commit e0a6674 Author: weizhichen <weizhichen@microsoft.com> Date: Fri Jan 13 03:07:38 2023 +0000 feat: support data protection for blob csi driver
kubernetes-sigs · Jan 18, 2023 · c877240 · c877240
1 parent 188ebdf
commit c877240
Show file tree

Hide file tree

Showing 6 changed files with 373 additions and 9 deletions.
diff --git a/pkg/azureclients/blobclient/azure_blobclient.go b/pkg/azureclients/blobclient/azure_blobclient.go
@@ -38,9 +38,12 @@ var _ Interface = &Client{}
 
 // Client implements the blobclient interface
 type Client struct {
-	armClient      armclient.Interface
-	subscriptionID string
-	cloudName      string
+	blobServicesClient storage.BlobServicesClient
+	armClient          armclient.Interface
+	subscriptionID     string
+	cloudName          string
+	baseURI            string
+	authorizer         autorest.Authorizer
 
 	// Rate limiting configures.
 	rateLimiterReader flowcontrol.RateLimiter
@@ -60,6 +63,9 @@ func New(config *azclients.ClientConfig) *Client {
 	authorizer := config.Authorizer
 	apiVersion := APIVersion
 
+	blobServicesClient := storage.NewBlobServicesClientWithBaseURI(baseURI, config.SubscriptionID)
+	blobServicesClient.Authorizer = authorizer
+
 	if strings.EqualFold(config.CloudName, AzureStackCloudName) && !config.DisableAzureStackCloud {
 		apiVersion = AzureStackCloudAPIVersion
 	}
@@ -78,12 +84,15 @@ func New(config *azclients.ClientConfig) *Client {
 	}
 
 	client := &Client{
-		armClient:         armClient,
-		rateLimiterReader: rateLimiterReader,
-		rateLimiterWriter: rateLimiterWriter,
-		subscriptionID:    config.SubscriptionID,
-		cloudName:         config.CloudName,
-		now:               time.Now,
+		blobServicesClient: blobServicesClient,
+		armClient:          armClient,
+		rateLimiterReader:  rateLimiterReader,
+		rateLimiterWriter:  rateLimiterWriter,
+		subscriptionID:     config.SubscriptionID,
+		cloudName:          config.CloudName,
+		now:                time.Now,
+		baseURI:            baseURI,
+		authorizer:         authorizer,
 	}
 
 	return client
@@ -268,3 +277,21 @@ func (c *Client) getContainer(ctx context.Context, subsID, resourceGroupName, ac
 	container.Response = autorest.Response{Response: response}
 	return container, nil
 }
+
+func (c *Client) GetServiceProperties(ctx context.Context, subsID, resourceGroupName, accountName string) (storage.BlobServiceProperties, error) {
+	blobServicesClient := c.blobServicesClient
+	if subsID != c.subscriptionID {
+		blobServicesClient = storage.NewBlobServicesClientWithBaseURI(c.baseURI, c.subscriptionID)
+		blobServicesClient.Authorizer = c.authorizer
+	}
+	return blobServicesClient.GetServiceProperties(ctx, resourceGroupName, accountName)
+}
+
+func (c *Client) SetServiceProperties(ctx context.Context, subsID, resourceGroupName, accountName string, parameters storage.BlobServiceProperties) (storage.BlobServiceProperties, error) {
+	blobServicesClient := c.blobServicesClient
+	if subsID != c.subscriptionID {
+		blobServicesClient = storage.NewBlobServicesClientWithBaseURI(c.baseURI, c.subscriptionID)
+		blobServicesClient.Authorizer = c.authorizer
+	}
+	return blobServicesClient.SetServiceProperties(ctx, resourceGroupName, accountName, parameters)
+}
diff --git a/pkg/azureclients/blobclient/interface.go b/pkg/azureclients/blobclient/interface.go
@@ -39,4 +39,6 @@ type Interface interface {
 	CreateContainer(ctx context.Context, subsID, resourceGroupName, accountName, containerName string, parameters storage.BlobContainer) *retry.Error
 	DeleteContainer(ctx context.Context, subsID, resourceGroupName, accountName, containerName string) *retry.Error
 	GetContainer(ctx context.Context, subsID, resourceGroupName, accountName, containerName string) (storage.BlobContainer, *retry.Error)
+	GetServiceProperties(ctx context.Context, subsID, resourceGroupName, accountName string) (storage.BlobServiceProperties, error)
+	SetServiceProperties(ctx context.Context, subsID, resourceGroupName, accountName string, parameters storage.BlobServiceProperties) (storage.BlobServiceProperties, error)
 }
diff --git a/pkg/azureclients/blobclient/mockblobclient/interface.go b/pkg/azureclients/blobclient/mockblobclient/interface.go
diff --git a/pkg/provider/azure_storage_test.go b/pkg/provider/azure_storage_test.go
@@ -24,6 +24,7 @@ import (
 	"github.com/Azure/go-autorest/autorest/azure"
 	"github.com/golang/mock/gomock"
 
+	"sigs.k8s.io/cloud-provider-azure/pkg/azureclients/blobclient/mockblobclient"
 	"sigs.k8s.io/cloud-provider-azure/pkg/azureclients/fileclient"
 	"sigs.k8s.io/cloud-provider-azure/pkg/azureclients/fileclient/mockfileclient"
 	"sigs.k8s.io/cloud-provider-azure/pkg/azureclients/storageaccountclient/mockstorageaccountclient"
@@ -168,6 +169,12 @@ func TestCreateFileShare(t *testing.T) {
 		mockStorageAccountsClient.EXPECT().ListByResourceGroup(gomock.Any(), gomock.Any(), "rg").Return(test.accounts, nil).AnyTimes()
 		mockStorageAccountsClient.EXPECT().Create(gomock.Any(), "", "rg", gomock.Any(), gomock.Any()).Return(nil).AnyTimes()
 
+		mockBlobClient := mockblobclient.NewMockInterface(ctrl)
+		cloud.BlobClient = mockBlobClient
+		mockBlobClient.EXPECT().GetServiceProperties(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(storage.BlobServiceProperties{
+			BlobServicePropertiesProperties: &storage.BlobServicePropertiesProperties{}}, nil).AnyTimes()
+		mockBlobClient.EXPECT().SetServiceProperties(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(storage.BlobServiceProperties{}, nil).AnyTimes()
+
 		mockAccount := &AccountOptions{
 			Name:          test.acct,
 			Type:          test.acctType,

diff --git a/pkg/provider/azure_storageaccount.go b/pkg/provider/azure_storageaccount.go
@@ -72,6 +72,9 @@ type AccountOptions struct {
 	SubnetName                              string
 	AccessTier                              string
 	MatchTags                               bool
+	EnableBlobVersioning                    *bool
+	SoftDeleteBlobs                         int32
+	SoftDeleteContainers                    int32
 }
 
 type accountWithLocation struct {
@@ -106,9 +109,11 @@ func (az *Cloud) getStorageAccounts(ctx context.Context, accountOptions *Account
 				isAccessTierEqual(acct, accountOptions) &&
 				az.isMultichannelEnabledEqual(ctx, acct, accountOptions) &&
 				az.isDisableFileServiceDeleteRetentionPolicyEqual(ctx, acct, accountOptions) &&
+				az.isEnableBlobDataProtectionEqual(ctx, acct, accountOptions) &&
 				isPrivateEndpointAsExpected(acct, accountOptions)) {
 				continue
 			}
+
 			accounts = append(accounts, accountWithLocation{Name: *acct.Name, StorageType: string((*acct.Sku).Name), Location: *acct.Location})
 		}
 	}
@@ -355,6 +360,34 @@ func (az *Cloud) EnsureStorageAccount(ctx context.Context, accountOptions *Accou
 			return "", "", fmt.Errorf("failed to create storage account %s, error: %v", accountName, rerr)
 		}
 
+		if pointer.BoolDeref(accountOptions.EnableBlobVersioning, false) || accountOptions.SoftDeleteBlobs > 0 || accountOptions.SoftDeleteContainers > 0 {
+			var blobPolicy, containerPolicy *storage.DeleteRetentionPolicy
+			if accountOptions.SoftDeleteContainers > 0 {
+				containerPolicy = &storage.DeleteRetentionPolicy{
+					Enabled: pointer.Bool(accountOptions.SoftDeleteContainers > 0),
+					Days:    pointer.Int32(accountOptions.SoftDeleteContainers),
+				}
+			}
+			if accountOptions.SoftDeleteBlobs > 0 {
+				blobPolicy = &storage.DeleteRetentionPolicy{
+					Enabled: pointer.Bool(accountOptions.SoftDeleteBlobs > 0),
+					Days:    pointer.Int32(accountOptions.SoftDeleteBlobs),
+				}
+			}
+
+			property := storage.BlobServiceProperties{
+				BlobServicePropertiesProperties: &storage.BlobServicePropertiesProperties{
+					IsVersioningEnabled:            accountOptions.EnableBlobVersioning,
+					ContainerDeleteRetentionPolicy: containerPolicy,
+					DeleteRetentionPolicy:          blobPolicy,
+				},
+			}
+
+			if _, err := az.BlobClient.SetServiceProperties(ctx, subsID, resourceGroup, accountName, property); err != nil {
+				return "", "", fmt.Errorf("failed to set blob service properties for storage account %s, error: %w", accountName, err)
+			}
+		}
+
 		if accountOptions.DisableFileServiceDeleteRetentionPolicy != nil || accountOptions.IsMultichannelEnabled != nil {
 			prop, err := az.FileClient.WithSubscriptionID(subsID).GetServiceProperties(ctx, resourceGroup, accountName)
 			if err != nil {
@@ -733,3 +766,53 @@ func (az *Cloud) isDisableFileServiceDeleteRetentionPolicyEqual(ctx context.Cont
 
 	return *accountOptions.DisableFileServiceDeleteRetentionPolicy != *prop.FileServicePropertiesProperties.ShareDeleteRetentionPolicy.Enabled
 }
+
+func (az *Cloud) isEnableBlobDataProtectionEqual(ctx context.Context, account storage.Account, accountOptions *AccountOptions) bool {
+	if accountOptions.SoftDeleteBlobs == 0 &&
+		accountOptions.SoftDeleteContainers == 0 &&
+		accountOptions.EnableBlobVersioning == nil {
+		return true
+	}
+
+	property, err := az.BlobClient.GetServiceProperties(ctx, accountOptions.SubscriptionID, accountOptions.ResourceGroup, *account.Name)
+	if err != nil {
+		klog.Warningf("GetServiceProperties failed for account %s, err: %v", *account.Name, err)
+		return false
+	}
+
+	return isSoftDeleteBlobsEqual(property, accountOptions) &&
+		isSoftDeleteContainersEqual(property, accountOptions) &&
+		isEnableBlobVersioningEqual(property, accountOptions)
+}
+
+func isSoftDeleteBlobsEqual(property storage.BlobServiceProperties, accountOptions *AccountOptions) bool {
+	wantEnable := accountOptions.SoftDeleteBlobs > 0
+	actualEnable := property.DeleteRetentionPolicy != nil &&
+		pointer.BoolDeref(property.DeleteRetentionPolicy.Enabled, false)
+	if wantEnable != actualEnable {
+		return false
+	}
+	if !actualEnable {
+		return true
+	}
+
+	return accountOptions.SoftDeleteBlobs == pointer.Int32Deref(property.DeleteRetentionPolicy.Days, 0)
+}
+
+func isSoftDeleteContainersEqual(property storage.BlobServiceProperties, accountOptions *AccountOptions) bool {
+	wantEnable := accountOptions.SoftDeleteContainers > 0
+	actualEnable := property.ContainerDeleteRetentionPolicy != nil &&
+		pointer.BoolDeref(property.ContainerDeleteRetentionPolicy.Enabled, false)
+	if wantEnable != actualEnable {
+		return false
+	}
+	if !actualEnable {
+		return true
+	}
+
+	return accountOptions.SoftDeleteContainers == pointer.Int32Deref(property.ContainerDeleteRetentionPolicy.Days, 0)
+}
+
+func isEnableBlobVersioningEqual(property storage.BlobServiceProperties, accountOptions *AccountOptions) bool {
+	return pointer.BoolDeref(accountOptions.EnableBlobVersioning, false) == pointer.BoolDeref(property.IsVersioningEnabled, false)
+}