Supply credentials using volume secrets instead of cli config (4e8bbf01) · Commits · Docker / Yandex Cloud S3 CSI Controller

cmd/s3driver/main.go

+3 −18

Original line number	Diff line number	Diff line
		@@ -31,27 +31,12 @@ func init() {
		var (
		endpoint = flag.String("endpoint", "unix://tmp/csi.sock", "CSI endpoint")
		nodeID = flag.String("nodeid", "", "node id")
		accessKeyID = flag.String("access-key-id", "", "S3 Access Key ID to use")
		secretAccessKey = flag.String("secret-access-key", "", "S3 Secret Access Key to use")
		s3endpoint = flag.String("s3-endpoint", "", "S3 Endpoint URL to use")
		region = flag.String("region", "", "S3 Region to use")
		mounter = flag.String("mounter", "s3fs", "Specify which Mounter to use")
		encryptionKey = flag.String("encryption-key", "", "Encryption key for file system (only used with s3ql)")
		)

		func main() {
		flag.Parse()

		cfg := &s3.Config{
		AccessKeyID: *accessKeyID,
		SecretAccessKey: *secretAccessKey,
		Endpoint: *s3endpoint,
		Region: *region,
		Mounter: *mounter,
		EncryptionKey: *encryptionKey,
		}

		driver, err := s3.NewS3(nodeID, endpoint, cfg)
		driver, err := s3.NewS3(nodeID, endpoint)
		if err != nil {
		log.Fatal(err)
		}

go.mod

+2 −0

Original line number	Diff line number	Diff line
		@@ -42,3 +42,5 @@ require (
		k8s.io/kubernetes v1.13.4
		k8s.io/utils v0.0.0-20180703210027-ab9069044f32 // indirect
		)

		replace github.com/kubernetes-csi/csi-test => github.com/ctrox/csi-test v1.1.1-0.20190310103436-e50382dcb47f

go.sum

+10 −0

Original line number	Diff line number	Diff line
		@@ -4,6 +4,14 @@ github.com/aws/aws-sdk-go v1.14.27 h1:fRVME5X3sxZnctdCcabNTWZq7ZGrpVgUAYk4OA5EG0
		github.com/aws/aws-sdk-go v1.14.27/go.mod h1:ZRmQr0FajVIyZ4ZzBYKG5P3ZqPz9IHG41ZoMu1ADI3k=
		github.com/container-storage-interface/spec v1.0.0 h1:3DyXuJgf9MU6kyULESegQUmozsSxhpyrrv9u5bfwA3E=
		github.com/container-storage-interface/spec v1.0.0/go.mod h1:6URME8mwIBbpVyZV93Ce5St17xBiQJQY67NDsuohiy4=
		github.com/ctrox/csi-test v1.1.0 h1:YwOvPrlZw6/qgG+G8EQMkMniPt2HJmTOYVBiawgfiQ8=
		github.com/ctrox/csi-test v1.1.0/go.mod h1:Sdb3sQ5DaEikqpKZNzj+abr8x/OCMXB0KTaxIAXP1RI=
		github.com/ctrox/csi-test v1.1.1-0.20190310103436-e50382dcb47f h1:FLD1xv7Vwv7+JZizABfim+tR8Ctj68B2mnS529kHBPg=
		github.com/ctrox/csi-test v1.1.1-0.20190310103436-e50382dcb47f/go.mod h1:Sdb3sQ5DaEikqpKZNzj+abr8x/OCMXB0KTaxIAXP1RI=
		github.com/ctrox/csi-test v1.1.2-0.20190310094942-e965dacfef26 h1:KbZ3qIvoWP0CD7ZnUULipd5QGg0gmNLCfxikgAYnKwQ=
		github.com/ctrox/csi-test v1.1.2-0.20190310094942-e965dacfef26/go.mod h1:Sdb3sQ5DaEikqpKZNzj+abr8x/OCMXB0KTaxIAXP1RI=
		github.com/ctrox/csi-test v1.1.2-0.20190310103005-3f3cc7817699 h1:bQ82DNERrJuin7/+sRCoeBz7FV8/HNS6LpIe48XUWCo=
		github.com/ctrox/csi-test v1.1.2-0.20190310103005-3f3cc7817699/go.mod h1:Sdb3sQ5DaEikqpKZNzj+abr8x/OCMXB0KTaxIAXP1RI=
		github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
		github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
		github.com/go-ini/ini v1.38.1 h1:hbtfM8emWUVo9GnXSloXYyFbXxZ+tG6sbepSStoe1FY=
		@@ -30,6 +38,8 @@ github.com/kahing/goofys v0.19.0 h1:jcuffrnpvZq+LjXtRODo0pvNOglw32ClzBZ1XLShFnk=
		github.com/kahing/goofys v0.19.0/go.mod h1:erC9E45nY5m8v6FE+tYIGRVjIC2N8viMlJrgrsXB2Q4=
		github.com/kubernetes-csi/csi-test v1.1.0 h1:a7CfGqhGDs0h7AZt1f6LTIUzBazcRf6eBdTUBXB4xE4=
		github.com/kubernetes-csi/csi-test v1.1.0/go.mod h1:YxJ4UiuPWIhMBkxUKY5c267DyA0uDZ/MtAimhx/2TA0=
		github.com/kubernetes-csi/csi-test v1.1.1 h1:L4RPre34ICeoQW7ez4X5t0PnFKaKs8K5q0c1XOrvXEM=
		github.com/kubernetes-csi/csi-test v1.1.1/go.mod h1:YxJ4UiuPWIhMBkxUKY5c267DyA0uDZ/MtAimhx/2TA0=
		github.com/kubernetes-csi/drivers v0.0.0-20181207022357-c1e71bdcce6e h1:BkkRJIF329ps8digiMWthYzDPl9KB8PwkDwvVWDwM4A=
		github.com/kubernetes-csi/drivers v0.0.0-20181207022357-c1e71bdcce6e/go.mod h1:V6rHbbSLCZGaQoIZ8MkyDtoXtcKXZM0F7N3bkloDCOY=
		github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348 h1:MtvEpTB6LX3vkb4ax0b5D2DHbNAUsen0Gx5wZoq3lV4=

pkg/s3/controllerserver.go

+21 −10

Original line number	Diff line number	Diff line
		@@ -29,12 +29,11 @@ import (
		"google.golang.org/grpc/status"

		"github.com/container-storage-interface/spec/lib/go/csi"
		"github.com/kubernetes-csi/drivers/pkg/csi-common"
		csicommon "github.com/kubernetes-csi/drivers/pkg/csi-common"
		)

		type controllerServer struct {
		*csicommon.DefaultControllerServer
		*s3
		}

		func (cs controllerServer) CreateVolume(ctx context.Context, req csi.CreateVolumeRequest) (*csi.CreateVolumeResponse, error) {
		@@ -59,13 +58,17 @@ func (cs controllerServer) CreateVolume(ctx context.Context, req csi.CreateVol

		glog.V(4).Infof("Got a request to create volume %s", volumeID)

		exists, err := cs.s3.client.bucketExists(volumeID)
		s3, err := newS3ClientFromSecrets(req.GetSecrets())
		if err != nil {
		return nil, fmt.Errorf("failed to initialize S3 client: %s", err)
		}
		exists, err := s3.bucketExists(volumeID)
		if err != nil {
		return nil, fmt.Errorf("failed to check if bucket %s exists: %v", volumeID, err)
		}
		if exists {
		var b *bucket
		b, err = cs.s3.client.getBucket(volumeID)
		b, err = s3.getBucket(volumeID)
		if err != nil {
		return nil, fmt.Errorf("failed to get bucket metadata of bucket %s: %v", volumeID, err)
		}
		@@ -74,10 +77,10 @@ func (cs controllerServer) CreateVolume(ctx context.Context, req csi.CreateVol
		return nil, status.Error(codes.AlreadyExists, fmt.Sprintf("Volume with the same name: %s but with smaller size already exist", volumeID))
		}
		} else {
		if err = cs.s3.client.createBucket(volumeID); err != nil {
		if err = s3.createBucket(volumeID); err != nil {
		return nil, fmt.Errorf("failed to create volume %s: %v", volumeID, err)
		}
		if err = cs.s3.client.createPrefix(volumeID, fsPrefix); err != nil {
		if err = s3.createPrefix(volumeID, fsPrefix); err != nil {
		return nil, fmt.Errorf("failed to create prefix %s: %v", fsPrefix, err)
		}
		}
		@@ -87,7 +90,7 @@ func (cs controllerServer) CreateVolume(ctx context.Context, req csi.CreateVol
		CapacityBytes: capacityBytes,
		FSPath: fsPrefix,
		}
		if err := cs.s3.client.setBucket(b); err != nil {
		if err := s3.setBucket(b); err != nil {
		return nil, fmt.Errorf("Error setting bucket metadata: %v", err)
		}

		@@ -118,12 +121,16 @@ func (cs controllerServer) DeleteVolume(ctx context.Context, req csi.DeleteVol
		}
		glog.V(4).Infof("Deleting volume %s", volumeID)

		exists, err := cs.s3.client.bucketExists(volumeID)
		s3, err := newS3ClientFromSecrets(req.GetSecrets())
		if err != nil {
		return nil, fmt.Errorf("failed to initialize S3 client: %s", err)
		}
		exists, err := s3.bucketExists(volumeID)
		if err != nil {
		return nil, err
		}
		if exists {
		if err := cs.s3.client.removeBucket(volumeID); err != nil {
		if err := s3.removeBucket(volumeID); err != nil {
		glog.V(3).Infof("Failed to remove volume: %v", err)
		return nil, err
		}
		@@ -144,7 +151,11 @@ func (cs *controllerServer) ValidateVolumeCapabilities(ctx context.Context, req
		return nil, status.Error(codes.InvalidArgument, "Volume capabilities missing in request")
		}

		exists, err := cs.s3.client.bucketExists(req.GetVolumeId())
		s3, err := newS3ClientFromSecrets(req.GetSecrets())
		if err != nil {
		return nil, fmt.Errorf("failed to initialize S3 client: %s", err)
		}
		exists, err := s3.bucketExists(req.GetVolumeId())
		if err != nil {
		return nil, err
		}

pkg/s3/identityserver.go

+1 −2

Original line number	Diff line number	Diff line
		@@ -17,10 +17,9 @@ limitations under the License.
		package s3

		import (
		"github.com/kubernetes-csi/drivers/pkg/csi-common"
		csicommon "github.com/kubernetes-csi/drivers/pkg/csi-common"
		)

		type identityServer struct {
		*csicommon.DefaultIdentityServer
		*s3
		}