From c084fa6049896c61210626fad5a14da4d516a692 Mon Sep 17 00:00:00 2001
From: andyzhangx <xiazhang@microsoft.com>
Date: Mon, 9 Dec 2024 03:40:29 +0000
Subject: [PATCH] feat: match source account as first priority in volume
 restore

---
 pkg/blob/controllerserver.go | 35 ++++++++++++++++++++++-------------
 1 file changed, 22 insertions(+), 13 deletions(-)

diff --git a/pkg/blob/controllerserver.go b/pkg/blob/controllerserver.go
index 6a5c7252e..bf4187c27 100644
--- a/pkg/blob/controllerserver.go
+++ b/pkg/blob/controllerserver.go
@@ -92,7 +92,7 @@ func (d *Driver) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest)
 	}
 	var storageAccountType, subsID, resourceGroup, location, account, containerName, containerNamePrefix, protocol, customTags, secretName, secretNamespace, pvcNamespace, tagValueDelimiter string
 	var isHnsEnabled, requireInfraEncryption, enableBlobVersioning, createPrivateEndpoint, enableNfsV3, allowSharedKeyAccess *bool
-	var vnetResourceGroup, vnetName, subnetName, accessTier, networkEndpointType, storageEndpointSuffix, fsGroupChangePolicy string
+	var vnetResourceGroup, vnetName, subnetName, accessTier, networkEndpointType, storageEndpointSuffix, fsGroupChangePolicy, srcAccountName string
 	var matchTags, useDataPlaneAPI, getLatestAccountKey bool
 	var softDeleteBlobs, softDeleteContainers int32
 	var vnetResourceIDs []string
@@ -308,6 +308,25 @@ func (d *Driver) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest)
 		return nil, status.Errorf(codes.InvalidArgument, "storeAccountKey is not supported for account with shared access key disabled")
 	}
 
+	requestName := "controller_create_volume"
+	if volContentSource != nil {
+		switch volContentSource.Type.(type) {
+		case *csi.VolumeContentSource_Snapshot:
+			return nil, status.Errorf(codes.InvalidArgument, "VolumeContentSource Snapshot is not yet implemented")
+		case *csi.VolumeContentSource_Volume:
+			requestName = "controller_create_volume_from_volume"
+			if volContentSource.GetVolume() != nil {
+				sourceID := volContentSource.GetVolume().VolumeId
+				_, srcAccountName, _, _, _, err = GetContainerInfo(sourceID) //nolint:dogsled
+				if err != nil {
+					klog.Errorf("failed to get source volume info from sourceID(%s), error: %v", sourceID, err)
+				} else {
+					klog.V(2).Infof("source volume account name: %s, sourceID: %s", srcAccountName, sourceID)
+				}
+			}
+		}
+	}
+
 	accountOptions := &azure.AccountOptions{
 		Name:                            account,
 		Type:                            storageAccountType,
@@ -335,6 +354,7 @@ func (d *Driver) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest)
 		SoftDeleteBlobs:                 softDeleteBlobs,
 		SoftDeleteContainers:            softDeleteContainers,
 		GetLatestAccountKey:             getLatestAccountKey,
+		SourceAccountName:               srcAccountName,
 	}
 
 	containerName = replaceWithMap(containerName, containerNameReplaceMap)
@@ -358,16 +378,6 @@ func (d *Driver) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest)
 	}
 	defer d.volumeLocks.Release(volName)
 
-	requestName := "controller_create_volume"
-	if volContentSource != nil {
-		switch volContentSource.Type.(type) {
-		case *csi.VolumeContentSource_Snapshot:
-			return nil, status.Errorf(codes.InvalidArgument, "VolumeContentSource Snapshot is not yet implemented")
-		case *csi.VolumeContentSource_Volume:
-			requestName = "controller_create_volume_from_volume"
-		}
-	}
-
 	var volumeID string
 	mc := metrics.NewMetricContext(blobCSIDriverName, requestName, d.cloud.ResourceGroup, d.cloud.SubscriptionID, d.Name)
 	isOperationSucceeded := false
@@ -439,8 +449,7 @@ func (d *Driver) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest)
 		if err != nil {
 			return nil, status.Errorf(codes.Internal, "failed to getAzcopyAuth on account(%s) rg(%s), error: %v", accountOptions.Name, accountOptions.ResourceGroup, err)
 		}
-		var copyErr error
-		copyErr = d.copyVolume(ctx, req, accountName, accountSASToken, authAzcopyEnv, validContainerName, secretNamespace, accountOptions, storageEndpointSuffix)
+		copyErr := d.copyVolume(ctx, req, accountName, accountSASToken, authAzcopyEnv, validContainerName, secretNamespace, accountOptions, storageEndpointSuffix)
 		if accountSASToken == "" && copyErr != nil && strings.Contains(copyErr.Error(), authorizationPermissionMismatch) {
 			klog.Warningf("azcopy copy failed with AuthorizationPermissionMismatch error, should assign \"Storage Blob Data Contributor\" role to controller identity, fall back to use sas token, original error: %v", copyErr)
 			accountSASToken, authAzcopyEnv, err := d.getAzcopyAuth(ctx, accountName, accountKey, storageEndpointSuffix, accountOptions, secrets, secretName, secretNamespace, true)