Skip to content

Commit

Permalink
API: validate LUKS
Browse files Browse the repository at this point in the history
When importing from vSphere or OVA and using EL8 virt-v2v (warm
migration), LUKS encryption is not supported.
In case the plan is set with LUKS secret, fail to validate such plan.

Signed-off-by: Liran Rotenberg <[email protected]>
  • Loading branch information
liranr23 authored and ahadas committed Jun 9, 2024
1 parent 5b83355 commit e32541b
Showing 1 changed file with 37 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,38 @@ func (admitter *PlanAdmitter) validateWarmMigrations() error {
return nil
}

func (admitter *PlanAdmitter) validateLUKS() error {
hasLUKS := false
for _, vm := range admitter.plan.Spec.VMs {
if vm.LUKS.Name != "" {
hasLUKS = true
break
}
}
if !hasLUKS {
return nil
}

providerType := admitter.sourceProvider.Type()
if providerType != api.VSphere && providerType != api.Ova {
err := liberr.New(fmt.Sprintf("migration of encrypted disks from source provider of type %s is not supported", providerType))
log.Error(err, "Provider type (non-VSphere & non-OVA) does not support LUKS")
return err
}

el9, el9Err := admitter.plan.VSphereUsesEl9VirtV2v()
if el9Err != nil {
log.Error(el9Err, "Could not analyze plan, failing")
return el9Err
}
if !el9 {
err := liberr.New("migration of encrypted disks is not supported for warm migrations or migrations to remote providers")
log.Error(err, "Warm migration does not support LUKS")
return err
}
return nil
}

func (admitter *PlanAdmitter) Admit(ar *admissionv1.AdmissionReview) *admissionv1.AdmissionResponse {
log.Info("Plan admitter was called")
raw := ar.Request.Object.Raw
Expand Down Expand Up @@ -167,5 +199,10 @@ func (admitter *PlanAdmitter) Admit(ar *admissionv1.AdmissionReview) *admissionv
return util.ToAdmissionResponseError(err)
}

err = admitter.validateLUKS()
if err != nil {
return util.ToAdmissionResponseError(err)
}

return util.ToAdmissionResponseAllow()
}

0 comments on commit e32541b

Please sign in to comment.