mirror of https://github.com/k3s-io/k3s
Require PV provisioner secrets to match type
Jordan Liggitt
parent
e233f14ad5
commit
1dd73c59f3
|
|
@ -623,7 +623,7 @@ func (d *glusterfsVolumeDeleter) deleteEndpointService(namespace string, epServi
|
|||
|
||||
// parseSecret finds a given Secret instance and reads user password from it.
|
||||
func parseSecret(namespace, secretName string, kubeClient clientset.Interface) (string, error) {
|
||||
secretMap, err := volutil.GetSecret(namespace, secretName, kubeClient)
|
||||
secretMap, err := volutil.GetSecretForPV(namespace, secretName, glusterfsPluginName, kubeClient)
|
||||
if err != nil {
|
||||
glog.Errorf("failed to get secret from [%q/%q]", namespace, secretName)
|
||||
return "", fmt.Errorf("failed to get secret from [%q/%q]", namespace, secretName)
|
||||
|
|
|
|||
|
|
@ -242,6 +242,7 @@ func TestPersistentClaimReadOnlyFlag(t *testing.T) {
|
|||
|
||||
func TestParseClassParameters(t *testing.T) {
|
||||
secret := api.Secret{
|
||||
Type: "kubernetes.io/glusterfs",
|
||||
Data: map[string][]byte{
|
||||
"data": []byte("mypassword"),
|
||||
},
|
||||
|
|
|
|||
|
|
@ -371,7 +371,7 @@ func (provisioner *quobyteVolumeProvisioner) Provision() (*api.PersistentVolume,
|
|||
}
|
||||
}
|
||||
|
||||
secretMap, err := util.GetSecret(adminSecretNamespace, adminSecretName, provisioner.plugin.host.GetKubeClient())
|
||||
secretMap, err := util.GetSecretForPV(adminSecretNamespace, adminSecretName, quobytePluginName, provisioner.plugin.host.GetKubeClient())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -444,9 +444,10 @@ func (deleter *quobyteVolumeDeleter) Delete() error {
|
|||
return err
|
||||
}
|
||||
|
||||
secretMap, err := util.GetSecret(
|
||||
secretMap, err := util.GetSecretForPV(
|
||||
annotations[annotationQuobyteAPISecretNamespace],
|
||||
annotations[annotationQuobyteAPISecret],
|
||||
quobytePluginName,
|
||||
deleter.plugin.host.GetKubeClient())
|
||||
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -99,7 +99,7 @@ func (plugin *rbdPlugin) NewMounter(spec *volume.Spec, pod *api.Pod, _ volume.Vo
|
|||
source, _ := plugin.getRBDVolumeSource(spec)
|
||||
|
||||
if source.SecretRef != nil {
|
||||
if secret, err = parseSecret(pod.Namespace, source.SecretRef.Name, plugin.host.GetKubeClient()); err != nil {
|
||||
if secret, err = parsePodSecret(pod, source.SecretRef.Name, plugin.host.GetKubeClient()); err != nil {
|
||||
glog.Errorf("Couldn't get secret from %v/%v", pod.Namespace, source.SecretRef)
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -199,7 +199,7 @@ func (plugin *rbdPlugin) NewDeleter(spec *volume.Spec) (volume.Deleter, error) {
|
|||
}
|
||||
}
|
||||
|
||||
secret, err := parseSecret(adminSecretNamespace, adminSecretName, plugin.host.GetKubeClient())
|
||||
secret, err := parsePVSecret(adminSecretNamespace, adminSecretName, plugin.host.GetKubeClient())
|
||||
if err != nil {
|
||||
// log error but don't return yet
|
||||
glog.Errorf("failed to get admin secret from [%q/%q]: %v", adminSecretNamespace, adminSecretName, err)
|
||||
|
|
@ -281,7 +281,7 @@ func (r *rbdVolumeProvisioner) Provision() (*api.PersistentVolume, error) {
|
|||
if adminSecretName == "" {
|
||||
return nil, fmt.Errorf("missing Ceph admin secret name")
|
||||
}
|
||||
if secret, err = parseSecret(adminSecretNamespace, adminSecretName, r.plugin.host.GetKubeClient()); err != nil {
|
||||
if secret, err = parsePVSecret(adminSecretNamespace, adminSecretName, r.plugin.host.GetKubeClient()); err != nil {
|
||||
// log error but don't return yet
|
||||
glog.Errorf("failed to get admin secret from [%q/%q]", adminSecretNamespace, adminSecretName)
|
||||
}
|
||||
|
|
@ -428,13 +428,26 @@ func getVolumeSource(
|
|||
return nil, false, fmt.Errorf("Spec does not reference a RBD volume type")
|
||||
}
|
||||
|
||||
// parseSecretMap locates the secret by key name.
|
||||
func parseSecret(namespace, secretName string, kubeClient clientset.Interface) (string, error) {
|
||||
secretMap, err := volutil.GetSecret(namespace, secretName, kubeClient)
|
||||
func parsePodSecret(pod *api.Pod, secretName string, kubeClient clientset.Interface) (string, error) {
|
||||
secret, err := volutil.GetSecretForPod(pod, secretName, kubeClient)
|
||||
if err != nil {
|
||||
glog.Errorf("failed to get secret from [%q/%q]", pod.Namespace, secretName)
|
||||
return "", fmt.Errorf("failed to get secret from [%q/%q]", pod.Namespace, secretName)
|
||||
}
|
||||
return parseSecretMap(secret)
|
||||
}
|
||||
|
||||
func parsePVSecret(namespace, secretName string, kubeClient clientset.Interface) (string, error) {
|
||||
secret, err := volutil.GetSecretForPV(namespace, secretName, rbdPluginName, kubeClient)
|
||||
if err != nil {
|
||||
glog.Errorf("failed to get secret from [%q/%q]", namespace, secretName)
|
||||
return "", fmt.Errorf("failed to get secret from [%q/%q]", namespace, secretName)
|
||||
}
|
||||
return parseSecretMap(secret)
|
||||
}
|
||||
|
||||
// parseSecretMap locates the secret by key name.
|
||||
func parseSecretMap(secretMap map[string]string) (string, error) {
|
||||
if len(secretMap) == 0 {
|
||||
return "", fmt.Errorf("empty secret map")
|
||||
}
|
||||
|
|
|
|||
|
|
@ -112,14 +112,13 @@ func PathExists(path string) (bool, error) {
|
|||
}
|
||||
}
|
||||
|
||||
// GetSecret locates secret by name and namespace and returns secret map
|
||||
func GetSecret(namespace, secretName string, kubeClient clientset.Interface) (map[string]string, error) {
|
||||
// GetSecretForPod locates secret by name in the pod's namespace and returns secret map
|
||||
func GetSecretForPod(pod *api.Pod, secretName string, kubeClient clientset.Interface) (map[string]string, error) {
|
||||
secret := make(map[string]string)
|
||||
if kubeClient == nil {
|
||||
return secret, fmt.Errorf("Cannot get kube client")
|
||||
}
|
||||
|
||||
secrets, err := kubeClient.Core().Secrets(namespace).Get(secretName)
|
||||
secrets, err := kubeClient.Core().Secrets(pod.Namespace).Get(secretName)
|
||||
if err != nil {
|
||||
return secret, err
|
||||
}
|
||||
|
|
@ -129,6 +128,25 @@ func GetSecret(namespace, secretName string, kubeClient clientset.Interface) (ma
|
|||
return secret, nil
|
||||
}
|
||||
|
||||
// GetSecretForPV locates secret by name and namespace, verifies the secret type, and returns secret map
|
||||
func GetSecretForPV(secretNamespace, secretName, volumePluginName string, kubeClient clientset.Interface) (map[string]string, error) {
|
||||
secret := make(map[string]string)
|
||||
if kubeClient == nil {
|
||||
return secret, fmt.Errorf("Cannot get kube client")
|
||||
}
|
||||
secrets, err := kubeClient.Core().Secrets(secretNamespace).Get(secretName)
|
||||
if err != nil {
|
||||
return secret, err
|
||||
}
|
||||
if secrets.Type != api.SecretType(volumePluginName) {
|
||||
return secret, fmt.Errorf("Cannot get secret of type %s", volumePluginName)
|
||||
}
|
||||
for name, data := range secrets.Data {
|
||||
secret[name] = string(data)
|
||||
}
|
||||
return secret, nil
|
||||
}
|
||||
|
||||
// AddVolumeAnnotations adds a golang Map as annotation to a PersistentVolume
|
||||
func AddVolumeAnnotations(pv *api.PersistentVolume, annotations map[string]string) {
|
||||
if pv.Annotations == nil {
|
||||
|
|
|
|||
Loading…
Reference in New Issue