set default acces policy for resources without replication

if a user creates a resource without replication, it does not make sense
to access it from anywhere but the local node. So we set the default access
policy accordingly.

Signed-off-by: Moritz Wanzenböck <[email protected]>

CHANGELOG.md

@@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Changed
+
+- Default access policy for resources without replication layer is now "local only".
+
 ### Fixed
 
 - Do not try to create diskless resource if there is no compatible diskless layer (DRBD or NVMe) available.

go.mod

@@ -12,6 +12,7 @@ require (
 	github.com/pborman/uuid v1.2.1
 	github.com/sirupsen/logrus v1.9.3
 	github.com/stretchr/testify v1.8.4
+	golang.org/x/exp v0.0.0-20240119083558-1b970713d09a
 	golang.org/x/sys v0.16.0
 	golang.org/x/time v0.5.0
 	google.golang.org/grpc v1.60.1

go.sum

@@ -122,6 +122,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
 golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
+golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA=
+golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=

pkg/volume/parameter.go

@@ -11,6 +11,7 @@ import (
 	"github.com/LINBIT/golinstor/devicelayerkind"
 	"github.com/pborman/uuid"
 	log "github.com/sirupsen/logrus"
+	"golang.org/x/exp/slices"
 
 	"github.com/piraeusdatastore/linstor-csi/pkg/linstor"
 	"github.com/piraeusdatastore/linstor-csi/pkg/topology"
@@ -100,21 +101,17 @@ type Parameters struct {
 
 const DefaultDisklessStoragePoolName = "DfltDisklessStorPool"
 
-// DefaultRemoteAccessPolicy is the access policy used by default when none is specified.
-var DefaultRemoteAccessPolicy = RemoteAccessPolicyAnywhere
-
 // NewParameters parses out the raw parameters we get and sets appropriate
 // zero values
 func NewParameters(params map[string]string, topologyPrefix string) (Parameters, error) {
 	// set zero values
 	p := Parameters{
-		LayerList:               []devicelayerkind.DeviceLayerKind{devicelayerkind.Drbd, devicelayerkind.Storage},
-		PlacementCount:          1,
-		DisklessStoragePool:     DefaultDisklessStoragePoolName,
-		Encryption:              false,
-		PlacementPolicy:         topology.AutoPlaceTopology,
-		AllowRemoteVolumeAccess: DefaultRemoteAccessPolicy,
-		Properties:              make(map[string]string),
+		LayerList:           []devicelayerkind.DeviceLayerKind{devicelayerkind.Drbd, devicelayerkind.Storage},
+		PlacementCount:      1,
+		DisklessStoragePool: DefaultDisklessStoragePoolName,
+		Encryption:          false,
+		PlacementPolicy:     topology.AutoPlaceTopology,
+		Properties:          make(map[string]string),
 	}
 
 	for k, v := range params {
@@ -260,6 +257,14 @@ func NewParameters(params map[string]string, topologyPrefix string) (Parameters,
 		p.ResourceGroup = "sc-" + uuid.NewSHA1(namespace, encoded).String()
 	}
 
+	if p.AllowRemoteVolumeAccess == nil {
+		if slices.Contains(p.LayerList, devicelayerkind.Drbd) || slices.Contains(p.LayerList, devicelayerkind.Nvme) {
+			p.AllowRemoteVolumeAccess = RemoteAccessPolicyAnywhere
+		} else {
+			p.AllowRemoteVolumeAccess = RemoteAccessPolicyLocalOnly
+		}
+	}
+
 	// User has manually configured deployments, ignore autoplacing options.
 	if len(p.NodeList)+len(p.ClientList) != 0 {
 		p.PlacementCount = 0