Explicitly reject encrypted and backing image for v2 volumes

Longhorn 7404 Signed-off-by: Derek Su <derek.su@suse.com>
longhorn · Dec 26, 2023 · 8cfda3e · 8cfda3e
1 parent b9e6569
commit 8cfda3e
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 8 deletions.
diff --git a/webhook/resources/volume/mutator.go b/webhook/resources/volume/mutator.go
@@ -182,13 +182,6 @@ func (v *volumeMutator) Create(request *admission.Request, newObj runtime.Object
 
 	// TODO: Remove the mutations below after they are implemented for SPDK volumes
 	if datastore.IsBackendStoreDriverV2(volume.Spec.BackendStoreDriver) {
-		if volume.Spec.Encrypted {
-			patchOps = append(patchOps, `{"op": "replace", "path": "/spec/encrypted", "value": false}`)
-		}
-
-		if volume.Spec.BackingImage != "" {
-			patchOps = append(patchOps, `{"op": "replace", "path": "/spec/backingImage", "value": ""}`)
-		}
 		if volume.Spec.DataLocality != longhorn.DataLocalityDisabled {
 			patchOps = append(patchOps, fmt.Sprintf(`{"op": "replace", "path": "/spec/dataLocality", "value": "%s"}`, longhorn.DataLocalityDisabled))
 		}

diff --git a/webhook/resources/volume/validator.go b/webhook/resources/volume/validator.go
@@ -141,10 +141,14 @@ func (v *volumeValidator) Create(request *admission.Request, newObj runtime.Obje
 		}
 	}
 
-	if volume.Spec.BackendStoreDriver == longhorn.BackendStoreDriverTypeV2 {
+	// TODO: remove this check when we support the following features for SPDK volumes
+	if datastore.IsBackendStoreDriverV2(volume.Spec.BackendStoreDriver) {
 		if volume.Spec.Encrypted {
 			return werror.NewInvalidError("encrypted volume is not supported for backend store driver v2", "")
 		}
+		if volume.Spec.BackingImage != "" {
+			return werror.NewInvalidError("backing image is not supported for backend store driver v2", "")
+		}
 	}
 
 	return nil