Add secret support for Provision and Delete from pvc name and namespace

[ggriffiths]

Signed-off-by: Grant Griffiths ggp493@gmail.com

What type of PR is this?
/kind feature

What this PR does / why we need it:

• This allows Provision to pass the correct PVC object so that the k8s secrets can be pulled and used during provisioning.

Which issue(s) this PR fixes:
Fixes #170
Fixes #233

Special notes for your reviewer:

• I'm still testing this change on my k8s cluster, which is why I've added the WIP tag.

Does this PR introduce a user-facing change?:

Users can now provide a secret name and namespace during provision by passing the correct storage class parameters: "provisioner-secret-name" and "provisioner-secret-namespace"

[k8s-ci-robot]

Hi @ggriffiths. Thanks for your PR.

I'm waiting for a kubernetes-csi or kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[ggriffiths]

Verified that this change works on my k8s cluster with our CSI driver. Ready for review.

[ggriffiths]

/assign @msau42

[msau42]

/ok-to-test

[j-griffith]

/lgtm

[msau42]

This should be failing since annotations is not supported?

[ggriffiths]

This wasn't failing because I was using PV Annotations instead of SC Parameters in the test.

[msau42]

Is there a way to validate what secret reference we generated? And expect if it got set or ignored?

[ggriffiths]

I don't think easily from testing Delete at a high level. I think getSecretReference tests should cover that.

[ggriffiths]

Just re-tested this on my local k8s cluster and Provision/delete are working.

Also pvc.annotations as SC params are correctly causing errors in provision/delete:

error resolving value "static-${pv.name}-${pvc.namespace}-${pvc.name}-${pvc.annotations['akey']}": invalid tokens: ["pvc.annotations['akey']" "pvc.name"]

[msau42]

Can you make the keys used in the params different from the values in the PVC? That way we make sure we're not accidentally using pvc values.

[msau42]

annotations are allowed for nodepublish right?

[ggriffiths]

Yeah, they are. Just made this into two unit tests - one for nodePublish secrets and one for provisioner secrets

[msau42]

Also one more test case where claimRef is set

[ggriffiths]

Added this test case.

[msau42]

Just one nit, otherwise lgtm!
/approve

[msau42]

this is already at L589?

[ggriffiths]

Good catch, removed this duplicate test.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ggriffiths, msau42

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [msau42]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[msau42]

Also please squash your commits

[ggriffiths]

Squashed into one commit. Thanks for the review!

[msau42]

/lgtm

Thanks!