Skip to content

Commit

Permalink
API: validate LUKS
Browse files Browse the repository at this point in the history 
When importing from vSphere or OVA and using EL8 virt-v2v (warm
migration), LUKS encryption is not supported.
In case the plan is set with LUKS secret, fail to validate such plan.

Signed-off-by: Liran Rotenberg <lrotenbe@redhat.com>
  • Loading branch information
@liranr23
liranr23 committed Dec 10, 2023
1 parent fa7c28c commit ea54ecd
Showing 1 changed file with 33 additions and 0 deletions.
33 changes: 33 additions & 0 deletions pkg/forklift-api/webhooks/validating-webhook/admitters/plan-admitter.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,34 @@ func (admitter *PlanAdmitter) validateWarmMigrations() error {
return nil
}

func (admitter *PlanAdmitter) validateLuks() error {
providerType := admitter.sourceProvider.Type()
if providerType != api.VSphere && providerType != api.Ova {
log.Info("Provider type (non-VSphere & non-OVA) does not support LUKS, passing")
return nil
}

el9, el9Err := admitter.plan.VSphereUsesEl9VirtV2v()
if el9Err != nil {
log.Error(el9Err, "Could not analyze plan, failing")
return el9Err
}
if el9 {
// LUKS is optional when EL9 virt-v2v image is in use
log.Info("LUKS secret is optional when EL9 virt-v2v image is in use, passing")
return nil
}

luksRef := &admitter.plan.Spec.LUKS
if luksRef != nil {
err := liberr.New("LUKS encryption is forbidden for this type of migration")
log.Error(err, "LUKS encryption is forbidden for this type of migration")
return err
}

return nil
}

func (admitter *PlanAdmitter) Admit(ar *admissionv1.AdmissionReview) *admissionv1.AdmissionResponse {
log.Info("Plan admitter was called")
raw := ar.Request.Object.Raw
Expand Down Expand Up @@ -167,5 +195,10 @@ func (admitter *PlanAdmitter) Admit(ar *admissionv1.AdmissionReview) *admissionv
return util.ToAdmissionResponseError(err)
}

err = admitter.validateLuks()
if err != nil {
return util.ToAdmissionResponseError(err)
}

return util.ToAdmissionResponseAllow()
}

0 comments on commit ea54ecd

Please sign in to comment.