Skip to content

Commit

Permalink
Merge pull request #980 from kubernetes-sigs/fix-account-creation-issue
Browse files Browse the repository at this point in the history
fix: disable match tags by default in account search when creating file share
  • Loading branch information
andyzhangx authored Apr 15, 2022
2 parents 28c2141 + 311e75e commit d90f466
Show file tree
Hide file tree
Showing 12 changed files with 101 additions and 108 deletions.
3 changes: 2 additions & 1 deletion docs/driver-parameters.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,9 @@ accessTier | [Access tier for file share](https://docs.microsoft.com/en-us/azure
server | specify Azure storage account server address | existing server address, e.g. `accountname.privatelink.file.core.windows.net` | No | if empty, driver will use default `accountname.file.core.windows.net` or other sovereign cloud account address
disableDeleteRetentionPolicy | specify whether disable DeleteRetentionPolicy for storage account created by driver | `true`,`false` | No | `false`
allowBlobPublicAccess | Allow or disallow public access to all blobs or containers for storage account created by driver | `true`,`false` | No | `false`
storageEndpointSuffix | specify Azure storage endpoint suffix | `core.windows.net` | No | if empty, driver will use default storage endpoint suffix according to cloud environment, e.g. `core.windows.net`
storageEndpointSuffix | specify Azure storage endpoint suffix | `core.windows.net`, `core.chinacloudapi.cn`, etc | No | if empty, driver will use default storage endpoint suffix according to cloud environment, e.g. `core.windows.net`
tags | [tags](https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources) would be created in newly created storage account | tag format: 'foo=aaa,bar=bbb' | No | ""
matchTags | specify whether matching tags when driver tries to find a suitable storage account | `true`,`false` | No | `false`
--- | **Following parameters are only for SMB protocol** | --- | --- |
subscriptionID | specify Azure subscription ID in which Azure file share will be created | Azure subscription ID | No | if not empty, `resourceGroup` must be provided
storeAccountKey | whether store account key to k8s secret <br><br> Note: <br> `false` means driver would leverage kubelet identity to get account key | `true`,`false` | No | `true`
Expand Down
4 changes: 2 additions & 2 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ module sigs.k8s.io/azurefile-csi-driver
go 1.17

require (
github.com/Azure/azure-sdk-for-go v63.1.0+incompatible
github.com/Azure/azure-sdk-for-go v63.2.0+incompatible
github.com/Azure/azure-storage-file-go v0.8.0
github.com/Azure/go-autorest/autorest v0.11.25
github.com/Azure/go-autorest/autorest/adal v0.9.18
Expand Down Expand Up @@ -150,5 +150,5 @@ replace (
k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.24.0-alpha.4
k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.24.0-alpha.4
k8s.io/sample-controller => k8s.io/sample-controller v0.24.0-alpha.4
sigs.k8s.io/cloud-provider-azure => sigs.k8s.io/cloud-provider-azure v0.7.1-0.20220406062855-4f3bab6bc8b2
sigs.k8s.io/cloud-provider-azure => sigs.k8s.io/cloud-provider-azure v0.7.1-0.20220415032100-325969906b39
)
8 changes: 4 additions & 4 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,8 @@ dmitri.shuralyov.com/gpu/mtl v0.0.0-20201218220906-28db891af037/go.mod h1:H6x//7
github.com/Azure/azure-pipeline-go v0.2.1 h1:OLBdZJ3yvOn2MezlWvbrBMTEUQC72zAftRZOMdj5HYo=
github.com/Azure/azure-pipeline-go v0.2.1/go.mod h1:UGSo8XybXnIGZ3epmeBw7Jdz+HiUVpqIlpz/HKHylF4=
github.com/Azure/azure-sdk-for-go v55.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
github.com/Azure/azure-sdk-for-go v63.1.0+incompatible h1:yNC7qlSUWVF8p0TzxdmWW1FJ3DdIA+0Pge41IU/2+9U=
github.com/Azure/azure-sdk-for-go v63.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
github.com/Azure/azure-sdk-for-go v63.2.0+incompatible h1:OIqkK/zTGqVUuzpEvY0B1YSYDRAFC/j+y0w2GovCggI=
github.com/Azure/azure-sdk-for-go v63.2.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
github.com/Azure/azure-storage-file-go v0.8.0 h1:OX8DGsleWLUE6Mw4R/OeWEZMvsTIpwN94J59zqKQnTI=
github.com/Azure/azure-storage-file-go v0.8.0/go.mod h1:3w3mufGcMjcOJ3w+4Gs+5wsSgkT7xDwWWqMMIrXtW4c=
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
Expand Down Expand Up @@ -1220,8 +1220,8 @@ rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.27/go.mod h1:tq2nT0Kx7W+/f2JVE+zxYtUhdjuELJkVpNz+x/QN5R4=
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30 h1:dUk62HQ3ZFhD48Qr8MIXCiKA8wInBQCtuE4QGfFW7yA=
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30/go.mod h1:fEO7lRTdivWO2qYVCVG7dEADOMo/MLDCVr8So2g88Uw=
sigs.k8s.io/cloud-provider-azure v0.7.1-0.20220406062855-4f3bab6bc8b2 h1:+gTjgmMhhQ5rpd9jo10ZUiAra+GLAO/5/9Cu5VYHy68=
sigs.k8s.io/cloud-provider-azure v0.7.1-0.20220406062855-4f3bab6bc8b2/go.mod h1:QP8vTdPEAKK2W+sIgCDQIr15Ivc+tYMRMrJS+Clv85I=
sigs.k8s.io/cloud-provider-azure v0.7.1-0.20220415032100-325969906b39 h1:p7amRwo+9wihR5TcHSqMZNdA/VLADopmVyVu7ZDVpCE=
sigs.k8s.io/cloud-provider-azure v0.7.1-0.20220415032100-325969906b39/go.mod h1:k/vjhynZDcDyV8Z1Pfpmel/SfoNC6mKHU9K9Nmf85i4=
sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6/go.mod h1:p4QtZmO4uMYipTQNzagwnNoseA6OxSUutVw05NhYDRs=
sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 h1:kDi4JBNAsJWfz1aEXhO8Jg87JJaPNLh5tIzYHgStQ9Y=
sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY=
Expand Down
1 change: 1 addition & 0 deletions pkg/azurefile/azurefile.go
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,7 @@ const (
serverNameField = "server"
fsTypeField = "fstype"
protocolField = "protocol"
matchTagsField = "matchtags"
tagsField = "tags"
storageAccountField = "storageaccount"
storageAccountTypeField = "storageaccounttype"
Expand Down
9 changes: 8 additions & 1 deletion pkg/azurefile/controllerserver.go
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ func (d *Driver) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest)
}
var sku, subsID, resourceGroup, location, account, fileShareName, diskName, fsType, secretName string
var secretNamespace, pvcNamespace, protocol, customTags, storageEndpointSuffix, networkEndpointType, accessTier, rootSquashType string
var createAccount, useDataPlaneAPI, useSeretCache, disableDeleteRetentionPolicy, enableLFS bool
var createAccount, useDataPlaneAPI, useSeretCache, disableDeleteRetentionPolicy, enableLFS, matchTags bool
var vnetResourceGroup, vnetName, subnetName, shareNamePrefix string
// set allowBlobPublicAccess as false by default
allowBlobPublicAccess := to.BoolPtr(false)
Expand Down Expand Up @@ -149,6 +149,8 @@ func (d *Driver) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest)
secretNamespace = v
case protocolField:
protocol = v
case matchTagsField:
matchTags = strings.EqualFold(v, trueValue)
case tagsField:
customTags = v
case createAccountField:
Expand Down Expand Up @@ -203,6 +205,10 @@ func (d *Driver) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest)
}
}

if matchTags && account != "" {
return nil, status.Errorf(codes.InvalidArgument, fmt.Sprintf("matchTags must set as false when storageAccount(%s) is provided", account))
}

if subsID != "" && subsID != d.cloud.SubscriptionID {
if fsType == nfs || protocol == nfs {
return nil, status.Errorf(codes.InvalidArgument, fmt.Sprintf("NFS protocol is not supported in cross subscription(%s)", subsID))
Expand Down Expand Up @@ -321,6 +327,7 @@ func (d *Driver) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest)
ResourceGroup: resourceGroup,
Location: location,
EnableHTTPSTrafficOnly: enableHTTPSTrafficOnly,
MatchTags: matchTags,
Tags: tags,
VirtualNetworkResourceIDs: vnetResourceIDs,
CreateAccount: createAccount,
Expand Down
151 changes: 60 additions & 91 deletions pkg/azurefile/controllerserver_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -174,19 +174,10 @@ func TestCreateVolume(t *testing.T) {
name: "Volume lock already present",
testFunc: func(t *testing.T) {
req := &csi.CreateVolumeRequest{
Name: "random-vol-name-vol-cap-invalid",
CapacityRange: stdCapRange,
VolumeCapabilities: []*csi.VolumeCapability{
{
AccessType: &csi.VolumeCapability_Block{
Block: nil,
},
AccessMode: &csi.VolumeCapability_AccessMode{
Mode: csi.VolumeCapability_AccessMode_SINGLE_NODE_WRITER,
},
},
},
Parameters: nil,
Name: "random-vol-name-vol-cap-invalid",
CapacityRange: stdCapRange,
VolumeCapabilities: stdVolCap,
Parameters: nil,
}

ctx := context.Background()
Expand Down Expand Up @@ -215,19 +206,10 @@ func TestCreateVolume(t *testing.T) {
}

req := &csi.CreateVolumeRequest{
Name: "random-vol-name-vol-cap-invalid",
CapacityRange: stdCapRange,
VolumeCapabilities: []*csi.VolumeCapability{
{
AccessType: &csi.VolumeCapability_Block{
Block: nil,
},
AccessMode: &csi.VolumeCapability_AccessMode{
Mode: csi.VolumeCapability_AccessMode_SINGLE_NODE_WRITER,
},
},
},
Parameters: allParam,
Name: "random-vol-name-vol-cap-invalid",
CapacityRange: stdCapRange,
VolumeCapabilities: stdVolCap,
Parameters: allParam,
}

ctx := context.Background()
Expand All @@ -253,19 +235,10 @@ func TestCreateVolume(t *testing.T) {
}

req := &csi.CreateVolumeRequest{
Name: "random-vol-name-vol-cap-invalid",
CapacityRange: stdCapRange,
VolumeCapabilities: []*csi.VolumeCapability{
{
AccessType: &csi.VolumeCapability_Block{
Block: nil,
},
AccessMode: &csi.VolumeCapability_AccessMode{
Mode: csi.VolumeCapability_AccessMode_SINGLE_NODE_WRITER,
},
},
},
Parameters: allParam,
Name: "random-vol-name-vol-cap-invalid",
CapacityRange: stdCapRange,
VolumeCapabilities: stdVolCap,
Parameters: allParam,
}

ctx := context.Background()
Expand All @@ -292,19 +265,10 @@ func TestCreateVolume(t *testing.T) {
}

req := &csi.CreateVolumeRequest{
Name: "random-vol-name-vol-cap-invalid",
CapacityRange: stdCapRange,
VolumeCapabilities: []*csi.VolumeCapability{
{
AccessType: &csi.VolumeCapability_Block{
Block: nil,
},
AccessMode: &csi.VolumeCapability_AccessMode{
Mode: csi.VolumeCapability_AccessMode_SINGLE_NODE_WRITER,
},
},
},
Parameters: allParam,
Name: "random-vol-name-vol-cap-invalid",
CapacityRange: stdCapRange,
VolumeCapabilities: stdVolCap,
Parameters: allParam,
}

ctx := context.Background()
Expand All @@ -331,19 +295,10 @@ func TestCreateVolume(t *testing.T) {
}

req := &csi.CreateVolumeRequest{
Name: "random-vol-name-vol-cap-invalid",
CapacityRange: stdCapRange,
VolumeCapabilities: []*csi.VolumeCapability{
{
AccessType: &csi.VolumeCapability_Block{
Block: nil,
},
AccessMode: &csi.VolumeCapability_AccessMode{
Mode: csi.VolumeCapability_AccessMode_SINGLE_NODE_WRITER,
},
},
},
Parameters: allParam,
Name: "random-vol-name-vol-cap-invalid",
CapacityRange: stdCapRange,
VolumeCapabilities: stdVolCap,
Parameters: allParam,
}

d := NewFakeDriver()
Expand Down Expand Up @@ -372,19 +327,10 @@ func TestCreateVolume(t *testing.T) {
}

req := &csi.CreateVolumeRequest{
Name: "random-vol-name-vol-cap-invalid",
CapacityRange: stdCapRange,
VolumeCapabilities: []*csi.VolumeCapability{
{
AccessType: &csi.VolumeCapability_Block{
Block: nil,
},
AccessMode: &csi.VolumeCapability_AccessMode{
Mode: csi.VolumeCapability_AccessMode_SINGLE_NODE_WRITER,
},
},
},
Parameters: allParam,
Name: "random-vol-name-vol-cap-invalid",
CapacityRange: stdCapRange,
VolumeCapabilities: stdVolCap,
Parameters: allParam,
}

d := NewFakeDriver()
Expand All @@ -404,6 +350,38 @@ func TestCreateVolume(t *testing.T) {
}
},
},
{
name: "storageAccount and matchTags conflict",
testFunc: func(t *testing.T) {
allParam := map[string]string{
storageAccountField: "abc",
matchTagsField: "true",
}

req := &csi.CreateVolumeRequest{
Name: "random-vol-name-vol-cap-invalid",
CapacityRange: stdCapRange,
VolumeCapabilities: stdVolCap,
Parameters: allParam,
}

d := NewFakeDriver()
d.cloud = &azure.Cloud{
Config: azure.Config{},
}

d.AddControllerServiceCapabilities(
[]csi.ControllerServiceCapability_RPC_Type{
csi.ControllerServiceCapability_RPC_CREATE_DELETE_VOLUME,
})

expectedErr := status.Errorf(codes.InvalidArgument, "matchTags must set as false when storageAccount(abc) is provided")
_, err := d.CreateVolume(context.Background(), req)
if !reflect.DeepEqual(err, expectedErr) {
t.Errorf("Unexpected error: %v", err)
}
},
},
{
name: "Failed to update subnet service endpoints",
testFunc: func(t *testing.T) {
Expand All @@ -422,19 +400,10 @@ func TestCreateVolume(t *testing.T) {
retErr := retry.NewError(false, fmt.Errorf("the subnet does not exist"))

req := &csi.CreateVolumeRequest{
Name: "random-vol-name-vol-cap-invalid",
CapacityRange: stdCapRange,
VolumeCapabilities: []*csi.VolumeCapability{
{
AccessType: &csi.VolumeCapability_Block{
Block: nil,
},
AccessMode: &csi.VolumeCapability_AccessMode{
Mode: csi.VolumeCapability_AccessMode_SINGLE_NODE_WRITER,
},
},
},
Parameters: allParam,
Name: "random-vol-name-vol-cap-invalid",
CapacityRange: stdCapRange,
VolumeCapabilities: stdVolCap,
Parameters: allParam,
}
ctx := context.Background()
d := NewFakeDriver()
Expand Down
1 change: 1 addition & 0 deletions test/e2e/dynamic_provisioning_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -214,6 +214,7 @@ var _ = ginkgo.Describe("Dynamic Provisioning", func() {
scParameters := map[string]string{
"skuName": "Standard_LRS",
"secretNamespace": "default",
"matchTags": "true",
}
if !isUsingInTreeVolumePlugin {
scParameters["allowBlobPublicAccess"] = "false"
Expand Down

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 3 additions & 3 deletions vendor/modules.txt
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# github.com/Azure/azure-pipeline-go v0.2.1
## explicit
github.com/Azure/azure-pipeline-go/pipeline
# github.com/Azure/azure-sdk-for-go v63.1.0+incompatible
# github.com/Azure/azure-sdk-for-go v63.2.0+incompatible
## explicit
github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2021-07-01/compute
github.com/Azure/azure-sdk-for-go/services/containerservice/mgmt/2020-04-01/containerservice
Expand Down Expand Up @@ -1112,7 +1112,7 @@ k8s.io/utils/trace
## explicit; go 1.17
sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client
sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client
# sigs.k8s.io/cloud-provider-azure v0.7.4 => sigs.k8s.io/cloud-provider-azure v0.7.1-0.20220406062855-4f3bab6bc8b2
# sigs.k8s.io/cloud-provider-azure v0.7.4 => sigs.k8s.io/cloud-provider-azure v0.7.1-0.20220415032100-325969906b39
## explicit; go 1.17
sigs.k8s.io/cloud-provider-azure/pkg/auth
sigs.k8s.io/cloud-provider-azure/pkg/azureclients
Expand Down Expand Up @@ -1207,4 +1207,4 @@ sigs.k8s.io/yaml
# k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.24.0-alpha.4
# k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.24.0-alpha.4
# k8s.io/sample-controller => k8s.io/sample-controller v0.24.0-alpha.4
# sigs.k8s.io/cloud-provider-azure => sigs.k8s.io/cloud-provider-azure v0.7.1-0.20220406062855-4f3bab6bc8b2
# sigs.k8s.io/cloud-provider-azure => sigs.k8s.io/cloud-provider-azure v0.7.1-0.20220415032100-325969906b39

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit d90f466

Please sign in to comment.