From 36bf7fb32c65dd2d7284437bc765de55e3430042 Mon Sep 17 00:00:00 2001
From: Madhu Rajanna <madhupr007@gmail.com>
Date: Thu, 9 Nov 2023 11:39:25 +0100
Subject: [PATCH 1/4] replication: make parameters as immutable

mark parameters as immutable once created
which means we are not able to add/delete
or update the parameters once created.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
---
 .../v1alpha1/volumereplicationclass_types.go                   | 1 +
 ...lication.storage.openshift.io_volumereplicationclasses.yaml | 3 +++
 deploy/controller/crds.yaml                                    | 3 +++
 3 files changed, 7 insertions(+)

diff --git a/apis/replication.storage/v1alpha1/volumereplicationclass_types.go b/apis/replication.storage/v1alpha1/volumereplicationclass_types.go
index 274650310..25632a049 100644
--- a/apis/replication.storage/v1alpha1/volumereplicationclass_types.go
+++ b/apis/replication.storage/v1alpha1/volumereplicationclass_types.go
@@ -23,6 +23,7 @@ import (
 // VolumeReplicationClassSpec specifies parameters that an underlying storage system uses
 // when creating a volume replica. A specific VolumeReplicationClass is used by specifying
 // its name in a VolumeReplication object.
+// +kubebuilder:validation:XValidation:rule="has(self.parameters) == has(oldSelf.parameters)",message="parameters are immutable"
 type VolumeReplicationClassSpec struct {
 	// Provisioner is the name of storage provisioner
 	// +kubebuilder:validation:Required
diff --git a/config/crd/bases/replication.storage.openshift.io_volumereplicationclasses.yaml b/config/crd/bases/replication.storage.openshift.io_volumereplicationclasses.yaml
index 8e22bd26c..53dc81c3e 100644
--- a/config/crd/bases/replication.storage.openshift.io_volumereplicationclasses.yaml
+++ b/config/crd/bases/replication.storage.openshift.io_volumereplicationclasses.yaml
@@ -61,6 +61,9 @@ spec:
             required:
             - provisioner
             type: object
+            x-kubernetes-validations:
+            - message: parameters are immutable
+              rule: has(self.parameters) == has(oldSelf.parameters)
           status:
             description: VolumeReplicationClassStatus defines the observed state of
               VolumeReplicationClass.
diff --git a/deploy/controller/crds.yaml b/deploy/controller/crds.yaml
index ccfe94de4..25ff230b0 100644
--- a/deploy/controller/crds.yaml
+++ b/deploy/controller/crds.yaml
@@ -778,6 +778,9 @@ spec:
             required:
             - provisioner
             type: object
+            x-kubernetes-validations:
+            - message: parameters are immutable
+              rule: has(self.parameters) == has(oldSelf.parameters)
           status:
             description: VolumeReplicationClassStatus defines the observed state of
               VolumeReplicationClass.

From f4c65f77f167a657d67c02704774f046d7ce28db Mon Sep 17 00:00:00 2001
From: Madhu Rajanna <madhupr007@gmail.com>
Date: Thu, 9 Nov 2023 11:43:24 +0100
Subject: [PATCH 2/4] networkfence: make parameters as immutable

mark parameters as immutable once created
which means we are not able to add/delete
or update the parameters once created.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
---
 apis/csiaddons/v1alpha1/networkfence_types.go              | 1 +
 config/crd/bases/csiaddons.openshift.io_networkfences.yaml | 3 +++
 deploy/controller/crds.yaml                                | 3 +++
 3 files changed, 7 insertions(+)

diff --git a/apis/csiaddons/v1alpha1/networkfence_types.go b/apis/csiaddons/v1alpha1/networkfence_types.go
index 8c82b692e..2bf9b478c 100644
--- a/apis/csiaddons/v1alpha1/networkfence_types.go
+++ b/apis/csiaddons/v1alpha1/networkfence_types.go
@@ -56,6 +56,7 @@ type SecretSpec struct {
 }
 
 // NetworkFenceSpec defines the desired state of NetworkFence
+// +kubebuilder:validation:XValidation:rule="has(self.parameters) == has(oldSelf.parameters)",message="parameters are immutable"
 type NetworkFenceSpec struct {
 	// Driver contains  the name of CSI driver.
 	// +kubebuilder:validation:Required
diff --git a/config/crd/bases/csiaddons.openshift.io_networkfences.yaml b/config/crd/bases/csiaddons.openshift.io_networkfences.yaml
index 3234ca5fd..32d788a37 100644
--- a/config/crd/bases/csiaddons.openshift.io_networkfences.yaml
+++ b/config/crd/bases/csiaddons.openshift.io_networkfences.yaml
@@ -105,6 +105,9 @@ spec:
             - driver
             - fenceState
             type: object
+            x-kubernetes-validations:
+            - message: parameters are immutable
+              rule: has(self.parameters) == has(oldSelf.parameters)
           status:
             description: NetworkFenceStatus defines the observed state of NetworkFence
             properties:
diff --git a/deploy/controller/crds.yaml b/deploy/controller/crds.yaml
index 25ff230b0..3e3777107 100644
--- a/deploy/controller/crds.yaml
+++ b/deploy/controller/crds.yaml
@@ -213,6 +213,9 @@ spec:
             - driver
             - fenceState
             type: object
+            x-kubernetes-validations:
+            - message: parameters are immutable
+              rule: has(self.parameters) == has(oldSelf.parameters)
           status:
             description: NetworkFenceStatus defines the observed state of NetworkFence
             properties:

From d97f4c36b48a5d88c9db38c2987cb010c2f9b23d Mon Sep 17 00:00:00 2001
From: Madhu Rajanna <madhupr007@gmail.com>
Date: Thu, 9 Nov 2023 11:44:58 +0100
Subject: [PATCH 3/4] networkfence: make secret as immutable

mark secret as immutable once created
which means we are not able to add/delete
or update the secret once created.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
---
 apis/csiaddons/v1alpha1/networkfence_types.go              | 1 +
 config/crd/bases/csiaddons.openshift.io_networkfences.yaml | 2 ++
 deploy/controller/crds.yaml                                | 2 ++
 3 files changed, 5 insertions(+)

diff --git a/apis/csiaddons/v1alpha1/networkfence_types.go b/apis/csiaddons/v1alpha1/networkfence_types.go
index 2bf9b478c..7f0373901 100644
--- a/apis/csiaddons/v1alpha1/networkfence_types.go
+++ b/apis/csiaddons/v1alpha1/networkfence_types.go
@@ -57,6 +57,7 @@ type SecretSpec struct {
 
 // NetworkFenceSpec defines the desired state of NetworkFence
 // +kubebuilder:validation:XValidation:rule="has(self.parameters) == has(oldSelf.parameters)",message="parameters are immutable"
+// +kubebuilder:validation:XValidation:rule="has(self.secret) == has(oldSelf.secret)",message="secret is immutable"
 type NetworkFenceSpec struct {
 	// Driver contains  the name of CSI driver.
 	// +kubebuilder:validation:Required
diff --git a/config/crd/bases/csiaddons.openshift.io_networkfences.yaml b/config/crd/bases/csiaddons.openshift.io_networkfences.yaml
index 32d788a37..5aba29f2f 100644
--- a/config/crd/bases/csiaddons.openshift.io_networkfences.yaml
+++ b/config/crd/bases/csiaddons.openshift.io_networkfences.yaml
@@ -108,6 +108,8 @@ spec:
             x-kubernetes-validations:
             - message: parameters are immutable
               rule: has(self.parameters) == has(oldSelf.parameters)
+            - message: secret is immutable
+              rule: has(self.secret) == has(oldSelf.secret)
           status:
             description: NetworkFenceStatus defines the observed state of NetworkFence
             properties:
diff --git a/deploy/controller/crds.yaml b/deploy/controller/crds.yaml
index 3e3777107..8171c0adb 100644
--- a/deploy/controller/crds.yaml
+++ b/deploy/controller/crds.yaml
@@ -216,6 +216,8 @@ spec:
             x-kubernetes-validations:
             - message: parameters are immutable
               rule: has(self.parameters) == has(oldSelf.parameters)
+            - message: secret is immutable
+              rule: has(self.secret) == has(oldSelf.secret)
           status:
             description: NetworkFenceStatus defines the observed state of NetworkFence
             properties:

From 5ccc76edb93d10019a839d9414aa488bfcd6aca4 Mon Sep 17 00:00:00 2001
From: Niels de Vos <ndevos@ibm.com>
Date: Thu, 9 Nov 2023 16:26:38 +0100
Subject: [PATCH 4/4] Explicitly disable gRPC idle timeout

The idle timeout was disabled, but has been enabled by default in
google.golang.org/grpc v1.59. The kubernetes-csi-addons operator acts
similarly to the Kubernetes external-provisioner, and benefits from
having a functional gRPC connection open to the csi-addons sidecars that
run alongside CSI-drivers.

See-also: kubernetes-csi/external-provisioner#1099
Signed-off-by: Niels de Vos <ndevos@ibm.com>
---
 internal/connection/connection.go | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/internal/connection/connection.go b/internal/connection/connection.go
index 60463df66..d439ce9ec 100644
--- a/internal/connection/connection.go
+++ b/internal/connection/connection.go
@@ -38,8 +38,11 @@ type Connection struct {
 // NewConnection establishes connection with sidecar, fetches capability and returns Connection object
 // filled with required information.
 func NewConnection(ctx context.Context, endpoint, nodeID, driverName string) (*Connection, error) {
-	opts := grpc.WithTransportCredentials(insecure.NewCredentials())
-	cc, err := grpc.Dial(endpoint, opts)
+	opts := []grpc.DialOption{
+		grpc.WithTransportCredentials(insecure.NewCredentials()),
+		grpc.WithIdleTimeout(time.Duration(0)),
+	}
+	cc, err := grpc.Dial(endpoint, opts...)
 	if err != nil {
 		return nil, err
 	}