Merge pull request #75054 from leakingtapan/ebs-wait

Remove the condition for only wait for KMS key is used

pkg/cloudprovider/providers/aws/aws.go

@@ -2327,20 +2327,18 @@ func (c *Cloud) CreateDisk(volumeOptions *VolumeOptions) (KubernetesVolumeID, er
 	}
 	volumeName := KubernetesVolumeID("aws://" + aws.StringValue(response.AvailabilityZone) + "/" + string(awsID))
 
+	err = c.waitUntilVolumeAvailable(volumeName)
+	if err != nil {
 		// AWS has a bad habbit of reporting success when creating a volume with
 		// encryption keys that either don't exists or have wrong permissions.
 		// Such volume lives for couple of seconds and then it's silently deleted
 		// by AWS. There is no other check to ensure that given KMS key is correct,
 		// because Kubernetes may have limited permissions to the key.
-	if len(volumeOptions.KmsKeyID) > 0 {
-		err := c.waitUntilVolumeAvailable(volumeName)
-		if err != nil {
 		if isAWSErrorVolumeNotFound(err) {
 			err = fmt.Errorf("failed to create encrypted volume: the volume disappeared after creation, most likely due to inaccessible KMS encryption key")
 		}
 		return "", err
 	}
-	}
 
 	return volumeName, nil
 }

pkg/cloudprovider/providers/aws/aws_test.go

@@ -1793,12 +1793,19 @@ func TestCreateDisk(t *testing.T) {
 			}},
 		},
 	}
+
 	volume := &ec2.Volume{
 		AvailabilityZone: aws.String("us-east-1a"),
 		VolumeId:         aws.String("vol-volumeId0"),
+		State:            aws.String("available"),
 	}
 	awsServices.ec2.(*MockedFakeEC2).On("CreateVolume", request).Return(volume, nil)
 
+	describeVolumesRequest := &ec2.DescribeVolumesInput{
+		VolumeIds: []*string{aws.String("vol-volumeId0")},
+	}
+	awsServices.ec2.(*MockedFakeEC2).On("DescribeVolumes", describeVolumesRequest).Return([]*ec2.Volume{volume}, nil)
+
 	volumeID, err := c.CreateDisk(volumeOptions)
 	assert.Nil(t, err, "Error creating disk: %v", err)
 	assert.Equal(t, volumeID, KubernetesVolumeID("aws://us-east-1a/vol-volumeId0"))