Ensure cross namespace cloning fails without TVR

emmahardison · web-flow · commit c5234c7d5a8f · 2025-01-21T17:04:53.000-07:00
diff --git a/frontend/csi/controller_helpers/kubernetes/helper.go b/frontend/csi/controller_helpers/kubernetes/helper.go
@@ -336,6 +336,11 @@ func (h *helper) getSnapshotCloneSourceInfo(
 		if !h.matchNamespaceToAnnotation(clonePVC.Namespace, sourceCloneToNamespaces) {
 			return "", "", fmt.Errorf("cloning to namespace %s is not allowed, it is not listed in cloneToNamespace annotation", clonePVC.Namespace)
 		}
+		// Get the volume reference CR
+		_, err = h.getCachedVolumeReference(ctx, clonePVC.Namespace, snapSourcePVC.Name, namespace)
+		if err != nil {
+			return "", "", fmt.Errorf("volume reference not found: %v", err)
+		}
 
 	}
 	// If the clone from PVC annotation is also set, ensure it matches the snapshot
@@ -423,6 +428,11 @@ func (h *helper) getCloneSourceInfo(ctx context.Context, clonePVC *v1.Persistent
 		if !h.matchNamespaceToAnnotation(clonePVC.Namespace, sourceCloneToNamespaces) {
 			return "", fmt.Errorf("cloning to namespace %s is not allowed, it is not listed in cloneToNamespace annotation", clonePVC.Namespace)
 		}
+		// Get the volume reference CR
+		_, err := h.getCachedVolumeReference(ctx, clonePVC.Namespace, sourcePVCName, namespace)
+		if err != nil {
+			return "", fmt.Errorf("volume reference not found: %v", err)
+		}
 	}
 
 	// Check that both source and clone PVCs have the same storage class

Original file line number	Diff line number	Diff line change
`@@ -336,6 +336,11 @@ func (h *helper) getSnapshotCloneSourceInfo(`
`336`	`336`	`if !h.matchNamespaceToAnnotation(clonePVC.Namespace, sourceCloneToNamespaces) {`
`337`	`337`	`return "", "", fmt.Errorf("cloning to namespace %s is not allowed, it is not listed in cloneToNamespace annotation", clonePVC.Namespace)`
`338`	`338`	`}`
	`339`	`+ // Get the volume reference CR`
	`340`	`+ _, err = h.getCachedVolumeReference(ctx, clonePVC.Namespace, snapSourcePVC.Name, namespace)`
	`341`	`+ if err != nil {`
	`342`	`+ return "", "", fmt.Errorf("volume reference not found: %v", err)`
	`343`	`+ }`
`339`	`344`
`340`	`345`	`}`
`341`	`346`	`// If the clone from PVC annotation is also set, ensure it matches the snapshot`
`@@ -423,6 +428,11 @@ func (h helper) getCloneSourceInfo(ctx context.Context, clonePVC v1.Persistent`
`423`	`428`	`if !h.matchNamespaceToAnnotation(clonePVC.Namespace, sourceCloneToNamespaces) {`
`424`	`429`	`return "", fmt.Errorf("cloning to namespace %s is not allowed, it is not listed in cloneToNamespace annotation", clonePVC.Namespace)`
`425`	`430`	`}`
	`431`	`+ // Get the volume reference CR`
	`432`	`+ _, err := h.getCachedVolumeReference(ctx, clonePVC.Namespace, sourcePVCName, namespace)`
	`433`	`+ if err != nil {`
	`434`	`+ return "", fmt.Errorf("volume reference not found: %v", err)`
	`435`	`+ }`
`426`	`436`	`}`
`427`	`437`
`428`	`438`	`// Check that both source and clone PVCs have the same storage class`