Skip to content

Commit 95d3c17

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request #1440 from nixpanic/credentials/modify
Add secret reference in PV annotations for ControllerModifyVolume
2 parents eb6149c + a81a21c commit 95d3c17

File tree

2 files changed

+51
-3
lines changed

2 files changed

+51
-3
lines changed

pkg/controller/controller.go

Lines changed: 41 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -105,6 +105,9 @@ const (
105105
prefixedNodeExpandSecretNameKey = csiParameterPrefix + "node-expand-secret-name"
106106
prefixedNodeExpandSecretNamespaceKey = csiParameterPrefix + "node-expand-secret-namespace"
107107

108+
prefixedControllerModifySecretNameKey = csiParameterPrefix + "controller-modify-secret-name"
109+
prefixedControllerModifySecretNamespaceKey = csiParameterPrefix + "controller-modify-secret-namespace"
110+
108111
// [Deprecated] CSI Parameters that are put into fields but
109112
// NOT stripped from the parameters passed to CreateVolume
110113
provisionerSecretNameKey = "csiProvisionerSecretName"
@@ -148,6 +151,11 @@ const (
148151
annDeletionProvisionerSecretRefName = "volume.kubernetes.io/provisioner-deletion-secret-name"
149152
annDeletionProvisionerSecretRefNamespace = "volume.kubernetes.io/provisioner-deletion-secret-namespace"
150153

154+
// Annotation for secret name and namespace will be added to the pv object
155+
// and used for ControllerModifyVolume procedures by the external-resizer
156+
annModifyControllerSecretRefName = "volume.kubernetes.io/controller-modify-secret-name"
157+
annModifyControllerSecretRefNamespace = "volume.kubernetes.io/controller-modify-secret-namespace"
158+
151159
snapshotNotBound = "snapshot %s not bound"
152160

153161
pvcCloneFinalizer = "provisioner.storage.kubernetes.io/cloning-protection"
@@ -206,6 +214,12 @@ var (
206214
secretNameKey: prefixedNodeExpandSecretNameKey,
207215
secretNamespaceKey: prefixedNodeExpandSecretNamespaceKey,
208216
}
217+
218+
controllerModifySecretParams = secretParamsMap{
219+
name: "ControllerModify",
220+
secretNameKey: prefixedControllerModifySecretNameKey,
221+
secretNamespaceKey: prefixedControllerModifySecretNamespaceKey,
222+
}
209223
)
210224

211225
// ProvisionerCSITranslator contains the set of CSI Translation functionality
@@ -541,7 +555,7 @@ func (p *csiProvisioner) getVolumeCapabilities(
541555
return volumeCaps, nil
542556
}
543557

544-
type deletionSecretParams struct {
558+
type annotatedSecretParams struct {
545559
name string
546560
namespace string
547561
}
@@ -551,7 +565,8 @@ type prepareProvisionResult struct {
551565
migratedVolume bool
552566
req *csi.CreateVolumeRequest
553567
csiPVSource *v1.CSIPersistentVolumeSource
554-
provDeletionSecrets *deletionSecretParams
568+
provDeletionSecrets *annotatedSecretParams
569+
provModifySecrets *annotatedSecretParams
555570
}
556571

557572
// prepareProvision does non-destructive parameter checking and preparations for provisioning a volume.
@@ -743,6 +758,10 @@ func (p *csiProvisioner) prepareProvision(ctx context.Context, claim *v1.Persist
743758
if err != nil {
744759
return nil, controller.ProvisioningNoChange, err
745760
}
761+
controllerModifySecretRef, err := getSecretReference(controllerModifySecretParams, sc.Parameters, pvName, claim)
762+
if err != nil {
763+
return nil, controller.ProvisioningNoChange, err
764+
}
746765
csiPVSource := &v1.CSIPersistentVolumeSource{
747766
Driver: p.driverName,
748767
// VolumeHandle and VolumeAttributes will be added after provisioning.
@@ -764,13 +783,21 @@ func (p *csiProvisioner) prepareProvision(ctx context.Context, claim *v1.Persist
764783
req.Parameters[pvcNamespaceKey] = claim.GetNamespace()
765784
req.Parameters[pvNameKey] = pvName
766785
}
767-
deletionAnnSecrets := new(deletionSecretParams)
768786

787+
deletionAnnSecrets := new(annotatedSecretParams)
769788
if provisionerSecretRef != nil {
770789
deletionAnnSecrets.name = provisionerSecretRef.Name
771790
deletionAnnSecrets.namespace = provisionerSecretRef.Namespace
772791
}
773792

793+
var modifyAnnSecrets *annotatedSecretParams
794+
if controllerModifySecretRef != nil {
795+
modifyAnnSecrets = &annotatedSecretParams{
796+
name: controllerModifySecretRef.Name,
797+
namespace: controllerModifySecretRef.Namespace,
798+
}
799+
}
800+
774801
if vacName != "" {
775802
vac, err := p.client.StorageV1().VolumeAttributesClasses().Get(ctx, vacName, metav1.GetOptions{})
776803
if err != nil {
@@ -790,6 +817,7 @@ func (p *csiProvisioner) prepareProvision(ctx context.Context, claim *v1.Persist
790817
req: &req,
791818
csiPVSource: csiPVSource,
792819
provDeletionSecrets: deletionAnnSecrets,
820+
provModifySecrets: modifyAnnSecrets,
793821
}, controller.ProvisioningNoChange, nil
794822

795823
}
@@ -872,6 +900,7 @@ func (p *csiProvisioner) Provision(ctx context.Context, options controller.Provi
872900
klog.V(3).Infof("create volume rep: %+v", rep.Volume)
873901
}
874902
volumeAttributes := map[string]string{provisionerIDKey: p.identity}
903+
875904
maps.Copy(volumeAttributes, rep.Volume.VolumeContext)
876905
respCap := rep.GetVolume().GetCapacityBytes()
877906

@@ -947,6 +976,13 @@ func (p *csiProvisioner) Provision(ctx context.Context, options controller.Provi
947976
metav1.SetMetaDataAnnotation(&pv.ObjectMeta, annDeletionProvisionerSecretRefNamespace, "")
948977
}
949978

979+
// Set annModifyControllerSecretRefName and namespace in PV object when modify secrets are configured.
980+
if result.provModifySecrets != nil {
981+
klog.V(5).Infof("createVolumeOperation: set annotation [%s/%s] on pv [%s].", annModifyControllerSecretRefNamespace, annModifyControllerSecretRefName, pv.Name)
982+
metav1.SetMetaDataAnnotation(&pv.ObjectMeta, annModifyControllerSecretRefName, result.provModifySecrets.name)
983+
metav1.SetMetaDataAnnotation(&pv.ObjectMeta, annModifyControllerSecretRefNamespace, result.provModifySecrets.namespace)
984+
}
985+
950986
if options.StorageClass.ReclaimPolicy != nil {
951987
pv.Spec.PersistentVolumeReclaimPolicy = *options.StorageClass.ReclaimPolicy
952988
}
@@ -1034,6 +1070,8 @@ func removePrefixedParameters(param map[string]string) (map[string]string, error
10341070
case prefixedDefaultSecretNamespaceKey:
10351071
case prefixedNodeExpandSecretNameKey:
10361072
case prefixedNodeExpandSecretNamespaceKey:
1073+
case prefixedControllerModifySecretNameKey:
1074+
case prefixedControllerModifySecretNamespaceKey:
10371075
default:
10381076
return map[string]string{}, fmt.Errorf("found unknown parameter key \"%s\" with reserved namespace %s", k, csiParameterPrefix)
10391077
}

pkg/controller/controller_test.go

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -237,6 +237,8 @@ func TestStripPrefixedCSIParams(t *testing.T) {
237237
prefixedDefaultSecretNamespaceKey: "csiBar",
238238
prefixedNodeExpandSecretNameKey: "csiBar",
239239
prefixedNodeExpandSecretNamespaceKey: "csiBar",
240+
prefixedControllerModifySecretNameKey: "csiBar",
241+
prefixedControllerModifySecretNamespaceKey: "csiBar",
240242
},
241243
expectedParams: map[string]string{},
242244
},
@@ -926,6 +928,8 @@ func getDefaultStorageClassSecretParameters() map[string]string {
926928
prefixedProvisionerSecretNamespaceKey: defaultSecretNsName,
927929
prefixedNodeExpandSecretNameKey: "nodeexpandsecret",
928930
prefixedNodeExpandSecretNamespaceKey: defaultSecretNsName,
931+
prefixedControllerModifySecretNameKey: "ctrlmodifysecret",
932+
prefixedControllerModifySecretNamespaceKey: defaultSecretNsName,
929933
}
930934
}
931935

@@ -1623,6 +1627,8 @@ func provisionTestcases() (int64, map[string]provisioningTestcase) {
16231627
expectedPVSpec: &pvSpec{
16241628
Name: "test-testi",
16251629
Annotations: map[string]string{
1630+
annModifyControllerSecretRefName: "ctrlmodifysecret",
1631+
annModifyControllerSecretRefNamespace: defaultSecretNsName,
16261632
annDeletionProvisionerSecretRefName: "provisionersecret",
16271633
annDeletionProvisionerSecretRefNamespace: defaultSecretNsName,
16281634
},
@@ -1682,6 +1688,8 @@ func provisionTestcases() (int64, map[string]provisioningTestcase) {
16821688
expectedPVSpec: &pvSpec{
16831689
Name: "test-testi",
16841690
Annotations: map[string]string{
1691+
annModifyControllerSecretRefName: "default-secret",
1692+
annModifyControllerSecretRefNamespace: "default-ns",
16851693
annDeletionProvisionerSecretRefName: "default-secret",
16861694
annDeletionProvisionerSecretRefNamespace: "default-ns",
16871695
},
@@ -1741,6 +1749,8 @@ func provisionTestcases() (int64, map[string]provisioningTestcase) {
17411749
expectedPVSpec: &pvSpec{
17421750
Name: "test-testi",
17431751
Annotations: map[string]string{
1752+
annModifyControllerSecretRefName: "my-pvc",
1753+
annModifyControllerSecretRefNamespace: "default-ns",
17441754
annDeletionProvisionerSecretRefName: "my-pvc",
17451755
annDeletionProvisionerSecretRefNamespace: "default-ns",
17461756
},

0 commit comments

Comments
 (0)