Skip to content

Commit

Permalink
lxd/storage: Refactor security.shared check
Browse files Browse the repository at this point in the history
Will allow us to check when updating `virtual-machine` volumes

Signed-off-by: Wesley Hershberger <[email protected]>
  • Loading branch information
MggMuggins committed Dec 9, 2024
1 parent d6c4ea0 commit 7764774
Showing 1 changed file with 40 additions and 31 deletions.
71 changes: 40 additions & 31 deletions lxd/storage/backend_lxd.go
Original file line number Diff line number Diff line change
Expand Up @@ -5941,6 +5941,44 @@ func (b *lxdBackend) detectChangedConfig(curConfig, newConfig map[string]string)
return changedConfig, userOnly
}

func allowRemoveSecurityShared(s *state.State, projectName string, volume *api.StorageVolume) error {
usedByProfile := false

err := VolumeUsedByProfileDevices(s, volume.Pool, projectName, volume, func(profileID int64, profile api.Profile, project api.Project, usedByDevices []string) error {
usedByProfile = true

return db.ErrListStop
})
if err != nil && err != db.ErrListStop {
return err
}

if usedByProfile {
return fmt.Errorf("Cannot disable security.shared on custom storage block volume as it is attached to profile(s)")
}

var usedByInstanceDevices []string

err = VolumeUsedByInstanceDevices(s, volume.Pool, projectName, volume, true, func(inst db.InstanceArgs, project api.Project, usedByDevices []string) error {
usedByInstanceDevices = append(usedByInstanceDevices, inst.Name)

if len(usedByInstanceDevices) > 1 {
return db.ErrListStop
}

return nil
})
if err != nil && err != db.ErrListStop {
return err
}

if len(usedByInstanceDevices) > 1 {
return fmt.Errorf("Cannot disable security.shared on custom storage block volume as it is attached to more than one instance")
}

return nil
}

// UpdateCustomVolume applies the supplied config to the custom volume.
func (b *lxdBackend) UpdateCustomVolume(projectName string, volName string, newDesc string, newConfig map[string]string, op *operations.Operation) error {
l := b.logger.AddContext(logger.Ctx{"project": projectName, "volName": volName, "newDesc": newDesc, "newConfig": newConfig})
Expand Down Expand Up @@ -6018,39 +6056,10 @@ func (b *lxdBackend) UpdateCustomVolume(projectName string, volName string, newD

sharedVolume, ok := changedConfig["security.shared"]
if ok && shared.IsFalseOrEmpty(sharedVolume) && curVol.ContentType == cluster.StoragePoolVolumeContentTypeNameBlock {
usedByProfile := false

err = VolumeUsedByProfileDevices(b.state, b.name, projectName, &curVol.StorageVolume, func(profileID int64, profile api.Profile, project api.Project, usedByDevices []string) error {
usedByProfile = true

return db.ErrListStop
})
if err != nil && err != db.ErrListStop {
return err
}

if usedByProfile {
return fmt.Errorf("Cannot disable security.shared on custom storage block volume as it is attached to profile(s)")
}

var usedByInstanceDevices []string

err = VolumeUsedByInstanceDevices(b.state, b.name, projectName, &curVol.StorageVolume, true, func(inst db.InstanceArgs, project api.Project, usedByDevices []string) error {
usedByInstanceDevices = append(usedByInstanceDevices, inst.Name)

if len(usedByInstanceDevices) > 1 {
return db.ErrListStop
}

return nil
})
if err != nil && err != db.ErrListStop {
err = allowRemoveSecurityShared(b.state, projectName, &curVol.StorageVolume)
if err != nil {
return err
}

if len(usedByInstanceDevices) > 1 {
return fmt.Errorf("Cannot disable security.shared on custom storage block volume as it is attached to more than one instance")
}
}

curVol := b.GetVolume(drivers.VolumeTypeCustom, contentType, volStorageName, curVol.Config)
Expand Down

0 comments on commit 7764774

Please sign in to comment.