From 3fb477a0d3ba366869c1950b761effc515663fac Mon Sep 17 00:00:00 2001 From: Wesley Hershberger Date: Fri, 22 Nov 2024 16:49:13 -0600 Subject: [PATCH] lxd/storage: Refactor security.shared check Will allow us to check when updating `virtual-machine` volumes Signed-off-by: Wesley Hershberger --- lxd/storage/backend_lxd.go | 71 +++++++++++++++++++++----------------- 1 file changed, 40 insertions(+), 31 deletions(-) diff --git a/lxd/storage/backend_lxd.go b/lxd/storage/backend_lxd.go index 06eeafd1cc59..9b171e3e2bc9 100644 --- a/lxd/storage/backend_lxd.go +++ b/lxd/storage/backend_lxd.go @@ -5941,6 +5941,44 @@ func (b *lxdBackend) detectChangedConfig(curConfig, newConfig map[string]string) return changedConfig, userOnly } +func allowRemoveSecurityShared(s *state.State, projectName string, volume *api.StorageVolume) error { + usedByProfile := false + + err := VolumeUsedByProfileDevices(s, volume.Pool, projectName, volume, func(profileID int64, profile api.Profile, project api.Project, usedByDevices []string) error { + usedByProfile = true + + return db.ErrListStop + }) + if err != nil && err != db.ErrListStop { + return err + } + + if usedByProfile { + return fmt.Errorf("Cannot disable security.shared on custom storage block volume as it is attached to profile(s)") + } + + var usedByInstanceDevices []string + + err = VolumeUsedByInstanceDevices(s, volume.Pool, projectName, volume, true, func(inst db.InstanceArgs, project api.Project, usedByDevices []string) error { + usedByInstanceDevices = append(usedByInstanceDevices, inst.Name) + + if len(usedByInstanceDevices) > 1 { + return db.ErrListStop + } + + return nil + }) + if err != nil && err != db.ErrListStop { + return err + } + + if len(usedByInstanceDevices) > 1 { + return fmt.Errorf("Cannot disable security.shared on custom storage block volume as it is attached to more than one instance") + } + + return nil +} + // UpdateCustomVolume applies the supplied config to the custom volume. func (b *lxdBackend) UpdateCustomVolume(projectName string, volName string, newDesc string, newConfig map[string]string, op *operations.Operation) error { l := b.logger.AddContext(logger.Ctx{"project": projectName, "volName": volName, "newDesc": newDesc, "newConfig": newConfig}) @@ -6018,39 +6056,10 @@ func (b *lxdBackend) UpdateCustomVolume(projectName string, volName string, newD sharedVolume, ok := changedConfig["security.shared"] if ok && shared.IsFalseOrEmpty(sharedVolume) && curVol.ContentType == cluster.StoragePoolVolumeContentTypeNameBlock { - usedByProfile := false - - err = VolumeUsedByProfileDevices(b.state, b.name, projectName, &curVol.StorageVolume, func(profileID int64, profile api.Profile, project api.Project, usedByDevices []string) error { - usedByProfile = true - - return db.ErrListStop - }) - if err != nil && err != db.ErrListStop { - return err - } - - if usedByProfile { - return fmt.Errorf("Cannot disable security.shared on custom storage block volume as it is attached to profile(s)") - } - - var usedByInstanceDevices []string - - err = VolumeUsedByInstanceDevices(b.state, b.name, projectName, &curVol.StorageVolume, true, func(inst db.InstanceArgs, project api.Project, usedByDevices []string) error { - usedByInstanceDevices = append(usedByInstanceDevices, inst.Name) - - if len(usedByInstanceDevices) > 1 { - return db.ErrListStop - } - - return nil - }) - if err != nil && err != db.ErrListStop { + err = allowRemoveSecurityShared(b.state, projectName, &curVol.StorageVolume) + if err != nil { return err } - - if len(usedByInstanceDevices) > 1 { - return fmt.Errorf("Cannot disable security.shared on custom storage block volume as it is attached to more than one instance") - } } curVol := b.GetVolume(drivers.VolumeTypeCustom, contentType, volStorageName, curVol.Config)