fix nfs backup failure with latest changes for anyuid support

pkg/drivers/utils/common.go

@@ -144,21 +144,24 @@ func SetupRoleBindingForSCC(name, namespace, pvcName string) error {
 		return fmt.Errorf("failed to check if cluster is OCP: %v", err)
 	}
 
-	provisionerName, err := GetProvisionerNameFromPvc(pvcName, namespace)
-	if err != nil {
-		return fmt.Errorf("failed to get provisioner name from pvc: %v", err)
-	}
-
 	provisionersListToUseAnyUid, err := GetArrayConfigValue(KdmpConfigmapName, KdmpConfigmapNamespace, provisionersToUseAnyUid)
 	if err != nil {
 		logrus.Errorf("failed to extract provisioners list from configmap: %v", err)
 		return err
 	}
+
 	if len(provisionersListToUseAnyUid) > 0 {
-		if isOCP && contains(provisionersListToUseAnyUid, provisionerName) {
-			failed, err := addRoleBindingForScc(name, namespace, AnyUidClusterRoleName)
-			if failed {
-				return err
+		// In case of nfs backup, nfs restore job pods when they are invoked for resources backup, we don't send any pvcName
+		if pvcName != "" {
+			provisionerName, err := GetProvisionerNameFromPvc(pvcName, namespace)
+			if err != nil {
+				return fmt.Errorf("failed to get provisioner name from pvc: %v", err)
+			}
+			if isOCP && contains(provisionersListToUseAnyUid, provisionerName) {
+				failed, err := addRoleBindingForScc(name, namespace, AnyUidClusterRoleName)
+				if failed {
+					return err
+				}
 			}
 		}
 	}

pkg/drivers/utils/utils.go

@@ -1054,32 +1054,35 @@ func AddSecurityContextToJob(job *batchv1.Job, podUserId, podGroupId, pvcName, p
 		return nil, err
 	}
 
-	// If PROVISIONERS_TO_USE_ANYUID is set in kdmp-config, then add rolebinding for anyuid SCC
+	// If PROVISIONERS_TO_USE_ANYUID is set in kdmp-config, then add anyuid SCC to the job pod
 	provisionersListToUseAnyUid, err := GetArrayConfigValue(KdmpConfigmapName, KdmpConfigmapNamespace, provisionersToUseAnyUid)
 	if err != nil {
 		errMsg := fmt.Sprintf("failed to extract provisioners list from configmap: %v", err)
 		logrus.Errorf(errMsg)
 		return nil, fmt.Errorf(errMsg)
 	}
 
-	// Get provisioner name from the pvcName, pvcNamespace
-	provisionerName, err := GetProvisionerNameFromPvc(pvcName, pvcNamespace)
-	if err != nil {
-		errMsg := fmt.Sprintf("failed to get provisionerName name for pvc [%s/%s]: %v", pvcNamespace, pvcName, err)
-		logrus.Errorf(errMsg)
-		return nil, fmt.Errorf(errMsg)
-	}
-
 	if len(provisionersListToUseAnyUid) > 0 {
-		if isOcp && contains(provisionersListToUseAnyUid, provisionerName) {
-			logrus.Infof("PROVISIONERS_TO_USE_ANYUID is set to use, running the job %v with anyuid SCC", job.Name)
-			// Add the annotation to force the pod to adopt anyuid scc in OCP
-			// It may not work if the pod's SA doesn't have permission to use anyuid SCC
-			if job.Spec.Template.Annotations == nil {
-				job.Spec.Template.Annotations = make(map[string]string)
+		// In case of nfs backup, nfs restore job pods when they are invoked for resources backup, we don't send any pvcName
+		if pvcName != "" {
+			// Get provisioner name from the pvcName, pvcNamespace
+			provisionerName, err := GetProvisionerNameFromPvc(pvcName, pvcNamespace)
+			if err != nil {
+				errMsg := fmt.Sprintf("failed to get provisionerName name for pvc [%s/%s]: %v", pvcNamespace, pvcName, err)
+				logrus.Errorf(errMsg)
+				return nil, fmt.Errorf(errMsg)
+			}
+
+			if isOcp && contains(provisionersListToUseAnyUid, provisionerName) {
+				logrus.Infof("PROVISIONERS_TO_USE_ANYUID is set to use, running the job %v with anyuid SCC", job.Name)
+				// Add the annotation to force the pod to adopt anyuid scc in OCP
+				// It may not work if the pod's SA doesn't have permission to use anyuid SCC
+				if job.Spec.Template.Annotations == nil {
+					job.Spec.Template.Annotations = make(map[string]string)
+				}
+				job.Spec.Template.Annotations["openshift.io/required-scc"] = "anyuid"
+				return job, nil
 			}
-			job.Spec.Template.Annotations["openshift.io/required-scc"] = "anyuid"
-			return job, nil
 		}
 	}