feat: fetch secret params in existing tokio runtime

dsharma-dc · dsharma-dc · commit 7a418d7012f5 · 2025-03-17T05:14:38.000Z
Signed-off-by: Diwakar Sharma &lt;diwakar.sharma@datacore.com&gt;
diff --git a/io-engine/src/grpc/v1/pool.rs b/io-engine/src/grpc/v1/pool.rs
@@ -1,10 +1,7 @@
 pub use crate::pool_backend::FindPoolArgs as PoolIdProbe;
 use crate::{
     bdev::crypto::{Cipher, EncryptionKey as PoolEncKey},
-    core::{
-        runtime, NvmfShareProps, ProtectedSubsystems, Protocol, Reactor, ResourceLockGuard,
-        ResourceLockManager,
-    },
+    core::{NvmfShareProps, ProtectedSubsystems, Protocol, ResourceLockGuard, ResourceLockManager},
     grpc::{acquire_subsystem_lock, GrpcClientContext, GrpcResult, RWLock, RWSerializer},
     lvs::{BsError, LvsError},
     pool_backend::{
@@ -13,7 +10,7 @@ use crate::{
     },
 };
 use ::function_name::named;
-use futures::{channel::oneshot, FutureExt};
+use futures::FutureExt;
 use io_engine_api::v1::{
     common::{create_pool_request, import_pool_request, Cipher as GrpcCipher, EncryptionData},
     pool::*,
@@ -77,41 +74,21 @@ async fn _params_get_from_secret_source(secret_source_name: &str) -> Result<Pool
         PlatformType::K8s => {
             let client = kube::Client::try_default()
                 .await
-                .expect("Should be able to create kube client");
-            // todo: Add cli arg for namespace as well
+                .map_err(|e| Status::failed_precondition(e.to_string()))?;
+            // todo: Add cli arg for namespace as well?
             let ns = client.default_namespace().to_string();
             let secret_provider = K8sSecretProvider::new(client, &ns);
             trace!(
                 "Platform: K8S. read secret params from 'Secret' {:?}",
                 secret_source_name
             );
-            let src = secret_source_name.to_string();
-            let (tx, rx) = oneshot::channel::<Option<PoolEncKey>>();
-            runtime::spawn(async move {
-                let secret_params: Option<PoolEncKey> =
-                    match secret_provider.secret_data(src.as_str()).await {
-                        Ok(d) => d,
-                        Err(e) => {
-                            // Make some noise about what went wrong during parsing.
-                            error!("Failed to parse secret data {e:?}");
-                            None
-                        }
-                    };
-                let fut = Reactor::spawn_at_primary(async move {
-                    if tx.send(secret_params).is_err() {
-                        error!("Failed to send completion for fetch secret request.");
-                    }
-                })
-                .unwrap();
-                let _ = fut.await;
-            });
 
-            let s = rx
+            let secret_params: Option<PoolEncKey> = secret_provider
+                .secret_data(secret_source_name)
                 .await
-                .map_err(|e| Status::failed_precondition(e.to_string()))?
-                .ok_or(Status::failed_precondition("Failed to get secret data"))?;
+                .map_err(|e| Status::failed_precondition(e.to_string()))?;
 
-            Some(s)
+            secret_params
         }
         // XXX: Assuming this base path for now. Need to implement capturing
         // a base path via cli or env.
@@ -121,48 +98,27 @@ async fn _params_get_from_secret_source(secret_source_name: &str) -> Result<Pool
                 "Platform: Deployer. read secret params from file {:?}",
                 secret_source_name
             );
-            let (tx, rx) = oneshot::channel::<Option<PoolEncKey>>();
-            let src = secret_source_name.to_string();
-            runtime::spawn(async move {
-                let secret_params: Option<PoolEncKey> =
-                    match file_provider.secret_data(src.as_str()).await {
-                        Ok(d) => d,
-                        Err(e) => {
-                            // Make some noise about what went wrong during parsing.
-                            error!("Failed to parse secret data {e:?}");
-                            None
-                        }
-                    };
-
-                let fut = Reactor::spawn_at_primary(async move {
-                    if tx.send(secret_params).is_err() {
-                        error!("Failed to send completion for fetch secret request.");
-                    }
-                })
-                .unwrap();
-                let _ = fut.await;
-            });
 
-            let s = rx
+            let secret_params: Option<PoolEncKey> = file_provider
+                .secret_data(secret_source_name)
                 .await
-                .map_err(|e| Status::failed_precondition(e.to_string()))?
-                .ok_or(Status::failed_precondition("Failed to get secret data"))?;
+                .map_err(|e| Status::failed_precondition(e.to_string()))?;
 
-            Some(s)
+            secret_params
         }
         PlatformType::None => unreachable!(),
     };
+
+    // Be very sure that we get the params otherwise always return error.
     secret_params.ok_or(Status::failed_precondition(
-        "failed to parse secret params from source",
+        "failed to parse secret params from source: None",
     ))
 }
 
-/// Helper routine to extract Encryption params from the
-/// Create or Import pool request.
+/// Helper routine to extract Encryption params from the Create or Import pool request.
 async fn util_fetch_secret_params(
     params: &PoolEncryptionParams,
-    pool_args: &mut PoolArgs,
-) -> Result<(), Status> {
+) -> Result<Option<PoolEncKey>, Status> {
     let enc_key = match params {
         PoolEncryptionParams::Create(enc_arg) => {
             match enc_arg.clone() {
@@ -188,12 +144,7 @@ async fn util_fetch_secret_params(
         PoolEncryptionParams::NoEncryptionParams => None,
     };
 
-    pool_args.crypto_vbdev_name = enc_key
-        .as_ref()
-        .map(|_| format!("crypto_{}", pool_args.name));
-    pool_args.enc_key = enc_key;
-
-    Ok(())
+    Ok(enc_key)
 }
 
 /// RPC service for mayastor pool operations
@@ -655,21 +606,27 @@ impl GrpcPoolFactory {
 impl PoolRpc for PoolService {
     #[named]
     async fn create_pool(&self, request: Request<CreatePoolRequest>) -> GrpcResult<Pool> {
+        // Check if the pool is required to be encrypted, and fetch the required
+        // encryption parameters from specified source.
+        let enc_arg = match request.get_ref().encryption {
+            Some(ref e) => PoolEncryptionParams::Create(e.clone()),
+            _ => PoolEncryptionParams::NoEncryptionParams,
+        };
+        let enc_key = util_fetch_secret_params(&enc_arg).await?;
+
         self.locked(
             GrpcClientContext::new(&request, function_name!()),
             async move {
                 crate::spdk_submit!(async move {
                     info!("{:?}", request.get_ref());
-
-                    let req = request.into_inner();
-                    let enc_arg = match req.encryption {
-                        Some(ref e) => PoolEncryptionParams::Create(e.clone()),
-                        _ => PoolEncryptionParams::NoEncryptionParams,
-                    };
-                    let factory = GrpcPoolFactory::new(PoolBackend::try_from(&req.pooltype)?)?;
-                    let mut pool_args = PoolArgs::try_from(req)?;
-                    // This performs async operations hence calling from outside try_from.
-                    util_fetch_secret_params(&enc_arg, &mut pool_args).await?;
+                    let factory =
+                        GrpcPoolFactory::new(PoolBackend::try_from(request.get_ref().pooltype)?)?;
+                    let mut pool_args = PoolArgs::try_from(request.into_inner())?;
+
+                    pool_args.crypto_vbdev_name = enc_key
+                        .as_ref()
+                        .map(|_| format!("crypto_{}", pool_args.name));
+                    pool_args.enc_key = enc_key;
                     factory.create(pool_args).await
                 })
             },
@@ -711,21 +668,28 @@ impl PoolRpc for PoolService {
 
     #[named]
     async fn import_pool(&self, request: Request<ImportPoolRequest>) -> GrpcResult<Pool> {
+        // If the pool to be imported is encrypted, fetch the required
+        // encryption parameters from specified source.
+        let enc_arg = match request.get_ref().encryption {
+            Some(ref e) => PoolEncryptionParams::Import(e.clone()),
+            _ => PoolEncryptionParams::NoEncryptionParams,
+        };
+        let enc_key = util_fetch_secret_params(&enc_arg).await?;
+
         self.locked(
             GrpcClientContext::new(&request, function_name!()),
             async move {
                 crate::spdk_submit!(async move {
                     info!("{:?}", request.get_ref());
+                    let factory =
+                        GrpcPoolFactory::new(PoolBackend::try_from(request.get_ref().pooltype)?)?;
+                    let mut pool_args = PoolArgs::try_from(request.into_inner())?;
+
+                    pool_args.crypto_vbdev_name = enc_key
+                        .as_ref()
+                        .map(|_| format!("crypto_{}", pool_args.name));
+                    pool_args.enc_key = enc_key;
 
-                    let req = request.into_inner();
-                    let enc_arg = match req.encryption {
-                        Some(ref e) => PoolEncryptionParams::Import(e.clone()),
-                        _ => PoolEncryptionParams::NoEncryptionParams,
-                    };
-                    let factory = GrpcPoolFactory::new(PoolBackend::try_from(&req.pooltype)?)?;
-                    let mut pool_args = PoolArgs::try_from(req)?;
-                    // This performs async operations hence calling from outside try_from.
-                    util_fetch_secret_params(&enc_arg, &mut pool_args).await?;
                     factory.import(pool_args).await
                 })
             },
