add support for enabling clusterwide encryption as day-2 operation

Signed-off-by: Santosh Pillai <[email protected]>

controllers/storagecluster/cephcluster.go

@@ -271,6 +271,11 @@ func (obj *ocsCephCluster) ensureCreated(r *StorageClusterReconciler, sc *ocsv1.
 	// Update OSD store to `bluestore`
 	cephCluster.Spec.Storage.Store = updateOSDStore(found.Spec.Storage.Store)
 
+	// confirm OSD migration if encryption is enbled as day-2 operation
+	if isEncrptionSettingUpdated(cephCluster.Spec.Storage.StorageClassDeviceSets, found.Spec.Storage.StorageClassDeviceSets) {
+		cephCluster.Spec.Storage.Migration.Confirmation = "yes-really-migrate-osds"
+	}
+
 	// Add it to the list of RelatedObjects if found
 	objectRef, err := reference.GetReference(r.Scheme, found)
 	if err != nil {
@@ -1399,3 +1404,17 @@ func determineDefaultCephDeviceClass(foundDeviceClasses []rookCephv1.DeviceClass
 	// if no device classes are found in status return empty string
 	return ""
 }
+
+// isEncrptionSettingUpdated checks whether ecryption was enabled or disabled for the storageClassDeviceSet.
+func isEncrptionSettingUpdated(newDeviceSet, existingDeviceSet []rookCephv1.StorageClassDeviceSet) bool {
+	if len(newDeviceSet) != len(existingDeviceSet) {
+		return false
+	}
+
+	for i := range newDeviceSet {
+		if newDeviceSet[i].Encrypted != existingDeviceSet[i].Encrypted {
+			return true
+		}
+	}
+	return false
+}