feat: add feature flag for inline volume support

test: add ut

fix

fix

fix

fix

fix

Author: andyzhangx

charts/latest/csi-driver-smb-v0.0.0.tgz

@@ -8,4 +8,6 @@ spec:
   podInfoOnMount: true
   volumeLifecycleModes:
     - Persistent
+    {{- if .Values.feature.enableInlineVolume }}
     - Ephemeral
+    {{- end }}

charts/latest/csi-driver-smb/templates/csi-smb-driver.yaml

@@ -98,6 +98,7 @@ roleRef:
   name: {{ .Values.rbac.name }}-external-resizer-role
   apiGroup: rbac.authorization.k8s.io
 ---
+{{- if .Values.feature.enableInlineVolume }}
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
@@ -107,7 +108,6 @@ rules:
   - apiGroups: [""]
     resources: ["secrets"]
     verbs: ["get"]
-
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -122,4 +122,5 @@ roleRef:
   kind: ClusterRole
   name: csi-{{ .Values.rbac.name }}-node-secret-role
   apiGroup: rbac.authorization.k8s.io
+{{- end }}
 {{ end }}

charts/latest/csi-driver-smb/templates/rbac-csi-smb.yaml

@@ -39,6 +39,7 @@ driver:
 
 feature:
   enableGetVolumeStats: true
+  enableInlineVolume: true
 
 controller:
   name: csi-smb-controller

charts/latest/csi-driver-smb/values.yaml

@@ -147,7 +147,8 @@ func (d *Driver) NodeStageVolume(ctx context.Context, req *csi.NodeStageVolumeRe
 	secrets := req.GetSecrets()
 	gidPresent := checkGidPresentInMountFlags(mountFlags)
 
-	var source, subDir, secretName, secretNamespace string
+	var source, subDir, secretName, secretNamespace, ephemeralVolMountOptions string
+	var ephemeralVol bool
 	subDirReplaceMap := map[string]string{}
 	for k, v := range context {
 		switch strings.ToLower(k) {
@@ -165,6 +166,10 @@ func (d *Driver) NodeStageVolume(ctx context.Context, req *csi.NodeStageVolumeRe
 			secretName = v
 		case secretNamespaceField:
 			secretNamespace = v
+		case ephemeralField:
+			ephemeralVol = strings.EqualFold(v, trueValue)
+		case mountOptionsField:
+			ephemeralVolMountOptions = v
 		}
 	}
 
@@ -190,7 +195,13 @@ func (d *Driver) NodeStageVolume(ctx context.Context, req *csi.NodeStageVolumeRe
 		}
 	}
 
-	if (username == "" || password == "") && (secretName != "" && secretNamespace != "") {
+	if ephemeralVol {
+		mountFlags = strings.Split(ephemeralVolMountOptions, ",")
+	}
+
+	// in guest login, username and password options are not needed
+	requireUsernamePwdOption := !hasGuestMountOptions(mountFlags)
+	if ephemeralVol && requireUsernamePwdOption {
 		klog.V(2).Infof("NodeStageVolume: getting username and password from secret %s in namespace %s", secretName, secretNamespace)
 		var err error
 		username, password, domain, err = d.GetUserNamePasswordFromSecret(ctx, secretName, secretNamespace)
@@ -199,9 +210,6 @@ func (d *Driver) NodeStageVolume(ctx context.Context, req *csi.NodeStageVolumeRe
 		}
 	}
 
-	// in guest login, username and password options are not needed
-	requireUsernamePwdOption := !hasGuestMountOptions(mountFlags)
-
 	var mountOptions, sensitiveMountOptions []string
 	if runtime.GOOS == "windows" {
 		if domain == "" {

pkg/smb/nodeserver.go

@@ -413,6 +413,37 @@ func TestNodePublishVolume(t *testing.T) {
 				Readonly:          true},
 			expectedErr: testutil.TestError{},
 		},
+		{
+			desc: "[Error] failed to create ephemeral Volume",
+			req: &csi.NodePublishVolumeRequest{VolumeCapability: &csi.VolumeCapability{AccessMode: &volumeCap},
+				VolumeId:          "vol_1",
+				TargetPath:        targetTest,
+				StagingTargetPath: sourceTest,
+				Readonly:          true,
+				VolumeContext:     map[string]string{ephemeralField: "true"},
+			},
+			expectedErr: testutil.TestError{
+				DefaultError: status.Error(codes.InvalidArgument, "source field is missing, current context: map[csi.storage.k8s.io/ephemeral:true secretnamespace:]"),
+			},
+		},
+		{
+			desc: "[error] failed request with ephemeral Volume",
+			req: &csi.NodePublishVolumeRequest{VolumeCapability: &csi.VolumeCapability{AccessMode: &volumeCap},
+				VolumeId:          "vol_1",
+				TargetPath:        targetTest,
+				StagingTargetPath: sourceTest,
+				Readonly:          true,
+				VolumeContext: map[string]string{
+					ephemeralField:    "true",
+					sourceField:       "source",
+					podNamespaceField: "podnamespace",
+				},
+			},
+			skipOnWindows: true,
+			expectedErr: testutil.TestError{
+				DefaultError: status.Error(codes.Internal, "Error getting username and password from secret  in namespace podnamespace: could not username and password from secret(): KubeClient is nil"),
+			},
+		},
 	}
 
 	// Setup

pkg/smb/nodeserver_test.go

@@ -535,6 +535,16 @@ var _ = ginkgo.Describe("Dynamic Provisioning", func() {
 	})
 
 	ginkgo.It("should create an CSI inline volume", func(ctx ginkgo.SpecContext) {
+		if winServerVer == "windows-2022" && !isWindowsHostProcessDeployment {
+			ginkgo.Skip("Skip inline volume test on Windows Server 2022")
+		}
+
+		secretName := "smbcreds"
+		ginkgo.By(fmt.Sprintf("creating secret %s in namespace %s", secretName, ns.Name))
+		tsecret := testsuites.CopyTestSecret(ctx, cs, "default", ns, defaultSmbSecretName)
+		tsecret.Create(ctx)
+		defer tsecret.Cleanup(ctx)
+
 		pods := []testsuites.PodDetails{
 			{
 				Cmd: convertToPowershellCommandIfNecessary("echo 'hello world' > /mnt/test-1/data && grep 'hello world' /mnt/test-1/data"),

test/e2e/dynamic_provisioning_test.go

@@ -50,6 +50,7 @@ const (
 	defaultSmbSource             = "//smb-server.default.svc.cluster.local/share"
 	defaultSmbSecretName         = "smbcreds"
 	defaultSmbSecretNamespace    = "default"
+	accountNameForTest           = "YW5keXNzZGZpbGUK"
 )
 
 var (
@@ -173,7 +174,7 @@ var _ = ginkgo.BeforeSuite(func() {
 	}
 
 	if isWindowsHostProcessDeployment {
-		decodedBytes, err := base64.StdEncoding.DecodeString("YW5keXNzZGZpbGUK")
+		decodedBytes, err := base64.StdEncoding.DecodeString(accountNameForTest)
 		if err != nil {
 			log.Printf("Error decoding base64 string: %v\n", err)
 			return

test/e2e/suite_test.go

@@ -717,6 +717,25 @@ func NewTestSecret(c clientset.Interface, ns *v1.Namespace, name string, data ma
 	}
 }
 
+func CopyTestSecret(ctx context.Context, c clientset.Interface, sourceNamespace string, targetNamespace *v1.Namespace, secretName string) *TestSecret {
+	secret, err := c.CoreV1().Secrets(sourceNamespace).Get(ctx, secretName, metav1.GetOptions{})
+	framework.ExpectNoError(err)
+
+	return &TestSecret{
+		client:    c,
+		namespace: targetNamespace,
+		secret: &v1.Secret{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      secretName,
+				Namespace: targetNamespace.Name,
+			},
+			StringData: secret.StringData,
+			Data:       secret.Data,
+			Type:       v1.SecretTypeOpaque,
+		},
+	}
+}
+
 func (t *TestSecret) Create(ctx context.Context) {
 	var err error
 	t.secret, err = t.client.CoreV1().Secrets(t.namespace.Name).Create(ctx, t.secret, metav1.CreateOptions{})