ControllerUnpublish fails to retrieve PV after Upgrade

[hoppea2]

Description

Upgrading from CSM 1.14 to current builds on the main branch and executing CSM Authorization tests with CSI PowerScale failed to delete PV in ControllerUnpublish if the resources were created before upgrade.

--> Pod and PVC are deleted, but PV remains

GitHub Issues

List the GitHub issues impacted by this PR:

| GitHub Issue # |
https://github.com/dell/csm/issues/2017

Checklist:

• I have performed a self-review of my own code to ensure there are no formatting, vetting, linting, or security issues
• I have verified that new and existing unit tests pass locally with my changes
• I have not allowed coverage numbers to degenerate
• I have maintained at least 90% code coverage
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have added tests that prove my fix is effective or that my feature works
• Backward compatibility is not broken

How Has This Been Tested?

• Manual Testing:

1. PV with tenant prefix
2. PVC pointing to that PV
3. Pod using above PVC
4. Delete Pod
5. Delete PVC
6. Validate PV has been removed from cluster and volume removed from backend array

• K8S E2E:
• Ran 48 of 6899 Specs in 2367.629 seconds
  SUCCESS! -- 48 Passed | 0 Failed | 0 Pending | 6851 Skipped
  PASS
  Generating Report:
  TestSuite Name: Kubernetes e2e suite
  Total Tests Executed: 52
  Total Tests Passed: 52
  Total Tests Failed: 0

[satyakonduri]

@hoppea2 Could you please explain why we're changing the severity from Error to Warning? Just trying to understand the rationale behind this change.

[hoppea2]

PV is only needed for lookup the Volume Context for AZNetwork, which is a specific scenario for multi-tenancy on NFS. Unpublish Volume legacy code does not require PV

[satyakonduri]

@hoppea2 Thanks for the comment. Could you please clarify why the PV might not be found during the authorization upgrade scenario?

Specifically, I'm trying to understand how the tenant prefix impacts PV visibility or lookup. Was the PV created under a different identity/namespace and is now inaccessible due to authorization upgrade ?

[hoppea2]

In Authorization, the resource is being looked up be VolumeHandle, which includes the tenant prefix.

So while the persistent volume name in Kubernetes is immutable (example: "vol-12345", the volume handle is updated to "tenant-vol-12345".)

In the authorization upgrade scenario, this lookup will fail of the resources have been created pre upgrade. However we should not exit out of unpublish volume because the pv name is not required to remove the resources.

Resolved

[github-actions]

Merging this branch will not change overall coverage

Impacted Packages	Coverage Δ	🤖
github.com/dell/csi-powerscale/service	0.00% (ø)

---

Coverage by file

Changed files (no unit tests)

Changed File	Coverage Δ	Total	Covered	Missed	🤖
github.com/dell/csi-powerscale/service/controller.go	0.00% (ø)	0	0	0

Please note that the "Total", "Covered", and "Missed" counts above refer to code statements instead of lines of code. The value in brackets refers to the test coverage of that file in the old version of the code.