github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-05 02:09:56 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #75054 from leakingtapan/ebs-wait

Browse Source 
Remove the condition for only wait for KMS key is used
This commit is contained in:
Kubernetes Prow Robot 2019-03-19 21:27:14 -07:00 committed by GitHub
commit d7103187a3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
pkg/cloudprovider/providers/aws/aws.go
View File

@ -2327,19 +2327,17 @@ func (c *Cloud) CreateDisk(volumeOptions *VolumeOptions) (KubernetesVolumeID, er
} }
volumeName := KubernetesVolumeID("aws://" + aws.StringValue(response.AvailabilityZone) + "/" + string(awsID)) volumeName := KubernetesVolumeID("aws://" + aws.StringValue(response.AvailabilityZone) + "/" + string(awsID))
// AWS has a bad habbit of reporting success when creating a volume with err = c.waitUntilVolumeAvailable(volumeName)
// encryption keys that either don't exists or have wrong permissions. if err != nil {
// Such volume lives for couple of seconds and then it's silently deleted // AWS has a bad habbit of reporting success when creating a volume with
// by AWS. There is no other check to ensure that given KMS key is correct, // encryption keys that either don't exists or have wrong permissions.
// because Kubernetes may have limited permissions to the key. // Such volume lives for couple of seconds and then it's silently deleted
if len(volumeOptions.KmsKeyID) > 0 { // by AWS. There is no other check to ensure that given KMS key is correct,
err := c.waitUntilVolumeAvailable(volumeName) // because Kubernetes may have limited permissions to the key.
if err != nil { if isAWSErrorVolumeNotFound(err) {
if isAWSErrorVolumeNotFound(err) { err = fmt.Errorf("failed to create encrypted volume: the volume disappeared after creation, most likely due to inaccessible KMS encryption key")
err = fmt.Errorf("failed to create encrypted volume: the volume disappeared after creation, most likely due to inaccessible KMS encryption key")
}
return "", err
} }
return "", err
} }
return volumeName, nil return volumeName, nil

7
pkg/cloudprovider/providers/aws/aws_test.go
View File

@ -1793,12 +1793,19 @@ func TestCreateDisk(t *testing.T) {
}}, }},
}, },
} }
volume := &ec2.Volume{ volume := &ec2.Volume{
AvailabilityZone: aws.String("us-east-1a"), AvailabilityZone: aws.String("us-east-1a"),
VolumeId: aws.String("vol-volumeId0"), VolumeId: aws.String("vol-volumeId0"),
State: aws.String("available"),
} }
awsServices.ec2.(*MockedFakeEC2).On("CreateVolume", request).Return(volume, nil) awsServices.ec2.(*MockedFakeEC2).On("CreateVolume", request).Return(volume, nil)
describeVolumesRequest := &ec2.DescribeVolumesInput{
VolumeIds: []*string{aws.String("vol-volumeId0")},
}
awsServices.ec2.(*MockedFakeEC2).On("DescribeVolumes", describeVolumesRequest).Return([]*ec2.Volume{volume}, nil)
volumeID, err := c.CreateDisk(volumeOptions) volumeID, err := c.CreateDisk(volumeOptions)
assert.Nil(t, err, "Error creating disk: %v", err) assert.Nil(t, err, "Error creating disk: %v", err)
assert.Equal(t, volumeID, KubernetesVolumeID("aws://us-east-1a/vol-volumeId0")) assert.Equal(t, volumeID, KubernetesVolumeID("aws://us-east-1a/vol-volumeId0"))