From f79888bcc1ebc7c0a16cd2e92f43060f354c8fab Mon Sep 17 00:00:00 2001
From: estevan <echairez@microsoft.com>
Date: Thu, 3 Aug 2023 17:06:19 -0400
Subject: [PATCH] nodeserver, pvc_annotator: readd check to block stage volume
 from re adding annotations

---
 pkg/blob/nodeserver.go                     |  6 +++++-
 pkg/edgecache/cachevolume/pvc_annotator.go | 25 +++++++++++++++++++++-
 2 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/pkg/blob/nodeserver.go b/pkg/blob/nodeserver.go
index 69778547d..05550b69c 100644
--- a/pkg/blob/nodeserver.go
+++ b/pkg/blob/nodeserver.go
@@ -363,7 +363,11 @@ func (d *Driver) NodeStageVolume(ctx context.Context, req *csi.NodeStageVolumeRe
 
 		err = annotator.SendProvisionVolume(pv, d.cloud.Config.AzureAuthConfig, providedAuth)
 		if err != nil {
-			return nil, err
+			if err == cv.ErrVolumeAlreadyBeingProvisioned {
+				klog.V(2).Infof("NodeStageVolume: volume has already been provisioned")
+			} else {
+				return nil, err
+			}
 		}
 
 		if err = d.edgeCacheManager.MountVolume(accountName, containerName, targetPath); err != nil {
diff --git a/pkg/edgecache/cachevolume/pvc_annotator.go b/pkg/edgecache/cachevolume/pvc_annotator.go
index 419ce0d54..39d8222d9 100644
--- a/pkg/edgecache/cachevolume/pvc_annotator.go
+++ b/pkg/edgecache/cachevolume/pvc_annotator.go
@@ -17,6 +17,7 @@ limitations under the License.
 package cachevolume
 
 import (
+	"errors"
 	"fmt"
 
 	"golang.org/x/exp/maps"
@@ -41,7 +42,8 @@ const (
 )
 
 var (
-	validStorageAuthentications = []string{"WorkloadIdentity", "AccountKey"}
+	validStorageAuthentications      = []string{"WorkloadIdentity", "AccountKey"}
+	ErrVolumeAlreadyBeingProvisioned = errors.New("pv is already being provisioned")
 )
 
 type BlobAuth struct {
@@ -122,13 +124,34 @@ func (c *PVCAnnotator) buildAnnotations(pv *v1.PersistentVolume, cfg config.Azur
 	return annotations, nil
 }
 
+func (c *PVCAnnotator) needsToBeProvisioned(pvc *v1.PersistentVolumeClaim) bool {
+	// check if pv connected to the pvc has already been passed to be created
+	pvState, pvStateOk := pvc.ObjectMeta.Annotations[createVolumeAnnotation]
+	if pvStateOk && pvState == "no" {
+		return false
+	}
+
+	return true
+}
+
 func (c *PVCAnnotator) SendProvisionVolume(pv *v1.PersistentVolume, cloudConfig config.AzureAuthConfig, providedAuth BlobAuth) error {
+	pvc, err := blobcsiutil.GetPVCByName(c.client, pv.Spec.ClaimRef.Name, pv.Spec.ClaimRef.Namespace)
+	if err != nil {
+		return err
+	}
+
+	if prepare := c.needsToBeProvisioned(pvc); !prepare {
+		klog.Info("pv is already being provisioned")
+		return ErrVolumeAlreadyBeingProvisioned
+	}
+
 	if valid := c.requestAuthIsValid(providedAuth.authType); !valid {
 		err := fmt.Errorf("requested storage auth %s is not a member of valid auths %+v", providedAuth.authType, validStorageAuthentications)
 		klog.Error(err)
 		return err
 	}
 
+
 	annotations, err := c.buildAnnotations(pv, cloudConfig, providedAuth)
 	if err != nil {
 		return err