Add secrets to ValidateVolumeCapabilitiesRequest

kubernetes-csi · Mar 20, 2019 · d72dc2f · d72dc2f
1 parent 1562dd3
commit d72dc2f
Show file tree

Hide file tree

Showing 5 changed files with 43 additions and 25 deletions.
diff --git a/cmd/csi-sanity/README.md b/cmd/csi-sanity/README.md
@@ -33,6 +33,8 @@ NodeStageVolumeSecret:
   secretKey: secretval5
 NodePublishVolumeSecret:
   secretKey: secretval6
+ControllerValidateVolumeCapabilitiesSecret:
+  secretKey: secretval7
 ```
 
 Pass the file path to csi-sanity as:

diff --git a/driver/driver.go b/driver/driver.go
@@ -56,14 +56,15 @@ const secretField = "secretKey"
 // secrets. This mock driver has a single string secret with secretField as the
 // key.
 type CSICreds struct {
-	CreateVolumeSecret              string
-	DeleteVolumeSecret              string
-	ControllerPublishVolumeSecret   string
-	ControllerUnpublishVolumeSecret string
-	NodeStageVolumeSecret           string
-	NodePublishVolumeSecret         string
-	CreateSnapshotSecret            string
-	DeleteSnapshotSecret            string
+	CreateVolumeSecret                         string
+	DeleteVolumeSecret                         string
+	ControllerPublishVolumeSecret              string
+	ControllerUnpublishVolumeSecret            string
+	NodeStageVolumeSecret                      string
+	NodePublishVolumeSecret                    string
+	CreateSnapshotSecret                       string
+	DeleteSnapshotSecret                       string
+	ControllerValidateVolumeCapabilitiesSecret string
 }
 
 type CSIDriver struct {
@@ -174,14 +175,15 @@ func stop(lock *sync.Mutex, wg *sync.WaitGroup, server *grpc.Server, running boo
 // setDefaultCreds sets the default credentials, given a CSICreds instance.
 func setDefaultCreds(creds *CSICreds) {
 	creds = &CSICreds{
-		CreateVolumeSecret:              "secretval1",
-		DeleteVolumeSecret:              "secretval2",
-		ControllerPublishVolumeSecret:   "secretval3",
-		ControllerUnpublishVolumeSecret: "secretval4",
-		NodeStageVolumeSecret:           "secretval5",
-		NodePublishVolumeSecret:         "secretval6",
-		CreateSnapshotSecret:            "secretval7",
-		DeleteSnapshotSecret:            "secretval8",
+		CreateVolumeSecret:                         "secretval1",
+		DeleteVolumeSecret:                         "secretval2",
+		ControllerPublishVolumeSecret:              "secretval3",
+		ControllerUnpublishVolumeSecret:            "secretval4",
+		NodeStageVolumeSecret:                      "secretval5",
+		NodePublishVolumeSecret:                    "secretval6",
+		CreateSnapshotSecret:                       "secretval7",
+		DeleteSnapshotSecret:                       "secretval8",
+		ControllerValidateVolumeCapabilitiesSecret: "secretval9",
 	}
 }
 
@@ -248,6 +250,8 @@ func isAuthenticated(req interface{}, creds *CSICreds) (bool, error) {
 		return authenticateCreateSnapshot(r, creds)
 	case *csi.DeleteSnapshotRequest:
 		return authenticateDeleteSnapshot(r, creds)
+	case *csi.ValidateVolumeCapabilitiesRequest:
+		return authenticateControllerValidateVolumeCapabilities(r, creds)
 	default:
 		return true, nil
 	}
@@ -285,6 +289,10 @@ func authenticateDeleteSnapshot(req *csi.DeleteSnapshotRequest, creds *CSICreds)
 	return credsCheck(req.GetSecrets(), creds.DeleteSnapshotSecret)
 }
 
+func authenticateControllerValidateVolumeCapabilities(req *csi.ValidateVolumeCapabilitiesRequest, creds *CSICreds) (bool, error) {
+	return credsCheck(req.GetSecrets(), creds.ControllerValidateVolumeCapabilitiesSecret)
+}
+
 func credsCheck(secrets map[string]string, secretVal string) (bool, error) {
 	if len(secrets) == 0 {
 		return false, ErrNoCredentials

diff --git a/mock/mocksecret.yaml b/mock/mocksecret.yaml
@@ -14,3 +14,5 @@ CreateSnapshotSecret:
   secretKey: secretval7
 DeleteSnapshotSecret:
   secretKey: secretval8
+ControllerValidateVolumeCapabilitiesSecret:
+  secretKey: secretval9
diff --git a/pkg/sanity/controller.go b/pkg/sanity/controller.go
@@ -594,7 +594,9 @@ var _ = DescribeSanity("Controller Service", func(sc *SanityContext) {
 
 			_, err := c.ValidateVolumeCapabilities(
 				context.Background(),
-				&csi.ValidateVolumeCapabilitiesRequest{})
+				&csi.ValidateVolumeCapabilitiesRequest{
+					Secrets: sc.Secrets.ControllerValidateVolumeCapabilitiesSecret,
+				})
 			Expect(err).To(HaveOccurred())
 
 			serverError, ok := status.FromError(err)
@@ -636,6 +638,7 @@ var _ = DescribeSanity("Controller Service", func(sc *SanityContext) {
 				context.Background(),
 				&csi.ValidateVolumeCapabilitiesRequest{
 					VolumeId: vol.GetVolume().GetVolumeId(),
+					Secrets:  sc.Secrets.ControllerValidateVolumeCapabilitiesSecret,
 				})
 			Expect(err).To(HaveOccurred())
 
@@ -702,6 +705,7 @@ var _ = DescribeSanity("Controller Service", func(sc *SanityContext) {
 							},
 						},
 					},
+					Secrets: sc.Secrets.ControllerValidateVolumeCapabilitiesSecret,
 				})
 			Expect(err).NotTo(HaveOccurred())
 			Expect(valivolcap).NotTo(BeNil())
@@ -741,6 +745,7 @@ var _ = DescribeSanity("Controller Service", func(sc *SanityContext) {
 							},
 						},
 					},
+					Secrets: sc.Secrets.ControllerValidateVolumeCapabilitiesSecret,
 				},
 			)
 			Expect(err).To(HaveOccurred())

diff --git a/pkg/sanity/sanity.go b/pkg/sanity/sanity.go
@@ -39,14 +39,15 @@ import (
 
 // CSISecrets consists of secrets used in CSI credentials.
 type CSISecrets struct {
-	CreateVolumeSecret              map[string]string `yaml:"CreateVolumeSecret"`
-	DeleteVolumeSecret              map[string]string `yaml:"DeleteVolumeSecret"`
-	ControllerPublishVolumeSecret   map[string]string `yaml:"ControllerPublishVolumeSecret"`
-	ControllerUnpublishVolumeSecret map[string]string `yaml:"ControllerUnpublishVolumeSecret"`
-	NodeStageVolumeSecret           map[string]string `yaml:"NodeStageVolumeSecret"`
-	NodePublishVolumeSecret         map[string]string `yaml:"NodePublishVolumeSecret"`
-	CreateSnapshotSecret            map[string]string `yaml:"CreateSnapshotSecret"`
-	DeleteSnapshotSecret            map[string]string `yaml:"DeleteSnapshotSecret"`
+	CreateVolumeSecret                         map[string]string `yaml:"CreateVolumeSecret"`
+	DeleteVolumeSecret                         map[string]string `yaml:"DeleteVolumeSecret"`
+	ControllerPublishVolumeSecret              map[string]string `yaml:"ControllerPublishVolumeSecret"`
+	ControllerUnpublishVolumeSecret            map[string]string `yaml:"ControllerUnpublishVolumeSecret"`
+	ControllerValidateVolumeCapabilitiesSecret map[string]string `yaml:"ControllerValidateVolumeCapabilitiesSecret"`
+	NodeStageVolumeSecret                      map[string]string `yaml:"NodeStageVolumeSecret"`
+	NodePublishVolumeSecret                    map[string]string `yaml:"NodePublishVolumeSecret"`
+	CreateSnapshotSecret                       map[string]string `yaml:"CreateSnapshotSecret"`
+	DeleteSnapshotSecret                       map[string]string `yaml:"DeleteSnapshotSecret"`
 }
 
 // Config provides the configuration for the sanity tests. It