Skip to content

Add secret support for Provision and Delete from pvc name and namespace #274

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 17, 2019
Merged

Add secret support for Provision and Delete from pvc name and namespace #274

merged 1 commit into from
May 17, 2019

Conversation

ggriffiths
Copy link
Contributor

@ggriffiths ggriffiths commented May 7, 2019
edited
Loading

Signed-off-by: Grant Griffiths [email protected]

What type of PR is this?
/kind feature

What this PR does / why we need it:

  • This allows Provision to pass the correct PVC object so that the k8s secrets can be pulled and used during provisioning.

Which issue(s) this PR fixes:
Fixes #170
Fixes #233

Special notes for your reviewer:

  • I'm still testing this change on my k8s cluster, which is why I've added the WIP tag.

Does this PR introduce a user-facing change?:

Users can now provide a secret name and namespace during provision by passing the correct storage class parameters: "provisioner-secret-name" and "provisioner-secret-namespace"

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. kind/feature Categorizes issue or PR as related to a new feature. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels May 7, 2019
@k8s-ci-robot k8s-ci-robot requested review from lpabon and msau42 May 7, 2019 23:35
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels May 7, 2019
@k8s-ci-robot
Copy link
Contributor

Hi @ggriffiths. Thanks for your PR.

I'm waiting for a kubernetes-csi or kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@ggriffiths ggriffiths changed the title [WIP] Add support for Provision secrets from pvc name and namespace Add support for Provision secrets from name and namespace May 8, 2019
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label May 8, 2019
@ggriffiths
Copy link
Contributor Author

Verified that this change works on my k8s cluster with our CSI driver. Ready for review.

@ggriffiths
Copy link
Contributor Author

/assign @msau42

@msau42
Copy link
Collaborator

msau42 commented May 10, 2019

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels May 10, 2019
msau42
msau42 reviewed May 10, 2019
View reviewed changes
@ggriffiths ggriffiths changed the title Add support for Provision secrets from name and namespace Add secret support for Provision and Delete from pvc name and namespace May 10, 2019
@ggriffiths ggriffiths force-pushed the provision_pvc_secret_name_namespace branch from 1184530 to 9625615 Compare May 10, 2019 22:41
@j-griffith
Copy link

j-griffith commented May 10, 2019
edited
Loading

/lgtm

msau42
msau42 reviewed May 10, 2019
View reviewed changes
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels May 14, 2019
@ggriffiths ggriffiths force-pushed the provision_pvc_secret_name_namespace branch from e0ab76e to 82727cc Compare May 14, 2019 01:02
msau42
msau42 reviewed May 14, 2019
View reviewed changes
msau42
msau42 reviewed May 15, 2019
View reviewed changes
@ggriffiths ggriffiths force-pushed the provision_pvc_secret_name_namespace branch from 01968e5 to bad6c2d Compare May 15, 2019 07:40
msau42
msau42 reviewed May 15, 2019
View reviewed changes
pkg/controller/controller_test.go Outdated
},
expectErr: true,
},
"simple - valid": deleteTestcase{
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be failing since annotations is not supported?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This wasn't failing because I was using PV Annotations instead of SC Parameters in the test.

pkg/controller/controller_test.go Outdated
},
},
},
expectErr: false,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a way to validate what secret reference we generated? And expect if it got set or ignored?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think easily from testing Delete at a high level. I think getSecretReference tests should cover that.

@ggriffiths ggriffiths force-pushed the provision_pvc_secret_name_namespace branch from 7ba682e to dc795ce Compare May 16, 2019 19:22
msau42
msau42 reviewed May 16, 2019
View reviewed changes
pkg/controller/controller_test.go Outdated
},
"simple - valid, pvc name and namespace": {
secretParams: provisionerSecretParams,
params: map[string]string{provisionerSecretNameKey: "name", provisionerSecretNamespaceKey: "ns"},
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you make the keys used in the params different from the values in the PVC? That way we make sure we're not accidentally using pvc values.

pkg/controller/controller_test.go Outdated
secretParams: nodePublishSecretParams,
params: map[string]string{
nodePublishSecretNameKey: "static-${pv.name}-${pvc.namespace}-${pvc.name}-${pvc.annotations['akey']}",
nodePublishSecretNameKey: "static-${pv.name}-${pvc.namespace}-${pvc.name}",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

annotations are allowed for nodepublish right?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, they are. Just made this into two unit tests - one for nodePublish secrets and one for provisioner secrets

pkg/controller/controller_test.go
},
expectErr: true,
},
"simple - valid case": deleteTestcase{
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also one more test case where claimRef is set

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added this test case.

@ggriffiths ggriffiths force-pushed the provision_pvc_secret_name_namespace branch from dc795ce to 7ab6eeb Compare May 17, 2019 00:31
msau42
msau42 reviewed May 17, 2019
View reviewed changes
Copy link
Collaborator

@msau42 msau42 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just one nit, otherwise lgtm!
/approve

pkg/controller/controller_test.go Outdated
},
expectRef: &v1.SecretReference{Name: "static-provisioner-pvname-pvcnamespace-pvcname", Namespace: "static-provisioner-pvname-pvcnamespace"},
},
"template - invalid provisioner secret, annotations not supported": {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is already at L589?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch, removed this duplicate test.

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ggriffiths, msau42

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@msau42
Copy link
Collaborator

msau42 commented May 17, 2019

Also please squash your commits

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 17, 2019
@ggriffiths ggriffiths force-pushed the provision_pvc_secret_name_namespace branch from a5ef3a8 to 9b9bcc6 Compare May 17, 2019 01:53
@ggriffiths
Copy link
Contributor Author

Squashed into one commit. Thanks for the review!

@msau42
Copy link
Collaborator

msau42 commented May 17, 2019

/lgtm

Thanks!

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 17, 2019
@k8s-ci-robot k8s-ci-robot merged commit 967b7a3 into kubernetes-csi:master May 17, 2019
@ggriffiths ggriffiths deleted the provision_pvc_secret_name_namespace branch May 17, 2019 02:24
oleksiys pushed a commit to oleksiys/external-provisioner that referenced this pull request May 19, 2019
Backport kubernetes-csi#274 to Kubernetes 1.13
9ebbc51 
"Add secret support for Provision and Delete from pvc name and namespace"
@oleksiys oleksiys mentioned this pull request May 19, 2019
Merged
oleksiys pushed a commit to oleksiys/external-provisioner that referenced this pull request Jun 3, 2019
@ggriffiths
Allow PVC name/namespace as template for provisioner-secret
65328d1 
Backport kubernetes-csi#274 from the master
oleksiys pushed a commit to oleksiys/external-provisioner that referenced this pull request Jun 3, 2019
@ggriffiths
Allow PVC name/namespace as template for provisioner-secret
b73abc9 
Signed-off-by: Grant Griffiths <[email protected]>
Backport kubernetes-csi#274 from the master
This was referenced Jun 3, 2019
Merged
Merged
oleksiys pushed a commit to oleksiys/external-provisioner that referenced this pull request Jun 14, 2019
@ggriffiths
Allow PVC name/namespace as template for provisioner-secret
b23ded9 
Backport kubernetes-csi#274 from the master
This was referenced Jun 20, 2019
Closed
Closed
@ggriffiths ggriffiths mentioned this pull request Oct 18, 2019
Closed
6 tasks
@ggriffiths ggriffiths mentioned this pull request Dec 11, 2019
Closed
6 tasks
Aishwarya-Hebbar added a commit to Aishwarya-Hebbar/external-provisioner that referenced this pull request May 2, 2025
@Aishwarya-Hebbar
Squashed 'release-tools/' changes from 049659326..0a435bf98
7b3aab1 
0a435bf98 Merge pull request kubernetes-csi#274 from andyzhangx/patch-5
cd7b4bba3 Bump golang to 1.24.2 to fix CVE-2025-22871
701dc34bc Merge pull request kubernetes-csi#273 from andyzhangx/patch-4
aeebd30e8 Bump golang to 1.24.0
f277d561f Merge pull request kubernetes-csi#270 from carlory/update-kind-version
90efb2ca5 Merge pull request kubernetes-csi#272 from andyzhangx/patch-3
9b616fec4 Bump golang to 1.23.6 to fix CVE-2024-45336, CVE-2025-22866
6dcb96a51 update default kind version to v0.25.0

git-subtree-dir: release-tools
git-subtree-split: 0a435bf987dd41314377818fa26a7bed006c01cd
@Aishwarya-Hebbar Aishwarya-Hebbar mentioned this pull request May 2, 2025
Merged
@dfajmon dfajmon mentioned this pull request Jul 1, 2025
Merged
Aishwarya-Hebbar added a commit to Aishwarya-Hebbar/external-provisioner that referenced this pull request Jul 10, 2025
@Aishwarya-Hebbar
Squashed 'release-tools/' changes from 049659326..74e066a82
561816a 
74e066a82 Merge pull request kubernetes-csi#279 from Aishwarya-Hebbar/update-csi-prow-version
6f236be7d Update CSI prow driver version to v1.17.0
0ee55894b Merge pull request kubernetes-csi#280 from xing-yang/update_go_1.24.4
9af101534 update to go 1.24.4
f5fec3e36 Merge pull request kubernetes-csi#275 from chrishenzie/emeritus
c5d285db8 Remove chrishenzie from kubernetes-csi-reviewers
0a435bf98 Merge pull request kubernetes-csi#274 from andyzhangx/patch-5
cd7b4bba3 Bump golang to 1.24.2 to fix CVE-2025-22871
701dc34bc Merge pull request kubernetes-csi#273 from andyzhangx/patch-4
aeebd30e8 Bump golang to 1.24.0
f277d561f Merge pull request kubernetes-csi#270 from carlory/update-kind-version
90efb2ca5 Merge pull request kubernetes-csi#272 from andyzhangx/patch-3
9b616fec4 Bump golang to 1.23.6 to fix CVE-2024-45336, CVE-2025-22866
6dcb96a51 update default kind version to v0.25.0

git-subtree-dir: release-tools
git-subtree-split: 74e066a82d2ea14a68ff37f0e02ddc34619bbccd
@Aishwarya-Hebbar Aishwarya-Hebbar mentioned this pull request Jul 10, 2025
Open
Aishwarya-Hebbar added a commit to Aishwarya-Hebbar/external-provisioner that referenced this pull request Jul 14, 2025
@Aishwarya-Hebbar
Squashed 'release-tools/' changes from 049659326..74e066a82
9cb41ad 
74e066a82 Merge pull request kubernetes-csi#279 from Aishwarya-Hebbar/update-csi-prow-version
6f236be7d Update CSI prow driver version to v1.17.0
0ee55894b Merge pull request kubernetes-csi#280 from xing-yang/update_go_1.24.4
9af101534 update to go 1.24.4
f5fec3e36 Merge pull request kubernetes-csi#275 from chrishenzie/emeritus
c5d285db8 Remove chrishenzie from kubernetes-csi-reviewers
0a435bf98 Merge pull request kubernetes-csi#274 from andyzhangx/patch-5
cd7b4bba3 Bump golang to 1.24.2 to fix CVE-2025-22871
701dc34bc Merge pull request kubernetes-csi#273 from andyzhangx/patch-4
aeebd30e8 Bump golang to 1.24.0
f277d561f Merge pull request kubernetes-csi#270 from carlory/update-kind-version
90efb2ca5 Merge pull request kubernetes-csi#272 from andyzhangx/patch-3
9b616fec4 Bump golang to 1.23.6 to fix CVE-2024-45336, CVE-2025-22866
6dcb96a51 update default kind version to v0.25.0

git-subtree-dir: release-tools
git-subtree-split: 74e066a82d2ea14a68ff37f0e02ddc34619bbccd
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@msau42 msau42 msau42 left review comments

@lpabon lpabon Awaiting requested review from lpabon

Assignees

@msau42 msau42

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Allow PVC name/namespace as template for provisioner-secret Need pvc namespace passed to CSI driver

4 participants

@ggriffiths @k8s-ci-robot @msau42 @j-griffith