feat: switch to driver writing files

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

ci: update pipeline to test feature

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

ci: update gotool to 1.16.3

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

.pipelines/e2e-job-azure.yaml

@@ -12,7 +12,7 @@ pool:
   vmImage: ubuntu-latest
 
 jobs:
-  - template: e2e-tests-template.yaml
+  - template: templates/e2e-test-azure.yaml
     parameters:
       clusterTypes:
       - "aks"

.pipelines/nightly.yaml

@@ -12,8 +12,8 @@ pool:
   vmImage: ubuntu-latest
 
 jobs:
-  - template: load-tests-template.yaml
-  - template: e2e-tests-template.yaml
+  - template: templates/load-test.yaml
+  - template: templates/e2e-test-azure.yaml
     parameters:
       clusterTypes:
       - "aks"
@@ -22,7 +22,7 @@ jobs:
       - "linux"
       - "windows"
       testClusterUpgrade: true
-  - template: soak-tests-template.yaml
+  - template: templates/soak-test.yaml
     parameters:
       clusterConfigs:
       - "csi-secrets-store-soak-linux-aks"

.pipelines/e2e-tests-template.yaml → .pipelines/templates/e2e-test-azure.yaml

@@ -36,15 +36,15 @@ jobs:
             sudo mv kubectl /usr/local/bin/
           displayName: 'Install kubectl'
           
-        - template: templates/build-images.yaml
+        - template: build-images.yaml
 
         - ${{ if eq(clusterType, 'aks') }}:
-          - template: templates/aks-setup.yaml
+          - template: aks-setup.yaml
 
         - ${{ if eq(clusterType, 'aks-engine') }}:
-          - template: templates/aks-engine-setup.yaml
+          - template: aks-engine-setup.yaml
 
-        - template: templates/assign-user-identity.yaml
+        - template: assign-user-identity.yaml
           parameters:
             identitySubscriptionID: $(SUBSCRIPTION_ID)
 
@@ -92,7 +92,7 @@ jobs:
               TEST_WINDOWS: true
 
         - ${{ if and(parameters.testClusterUpgrade, eq(clusterType, 'aks')) }}:
-          - template: templates/aks-upgrade.yaml
+          - template: aks-upgrade.yaml
 
           - script: |
               export REGISTRY="${REGISTRY:-$(REGISTRY_NAME).azurecr.io/k8s/csi/secrets-store}"
@@ -114,5 +114,5 @@ jobs:
               ${{ if eq(osType, 'windows') }}:
                 TEST_WINDOWS: true
 
-        - template: templates/teardown.yaml
-        - template: templates/cleanup-images.yaml
+        - template: teardown.yaml
+        - template: cleanup-images.yaml

.pipelines/templates/e2e-test-kind.yaml

@@ -0,0 +1,51 @@
+parameters:
+  - name: driverWriteSecrets
+    type: object
+
+jobs:
+  - ${{ each driverWriteSecret in parameters.driverWriteSecrets }}:
+    - job:
+      displayName: ${{ format('e2e_test_kind/driver-write-secrets={0}', driverWriteSecret) }}
+      timeoutInMinutes: 10
+      cancelTimeoutInMinutes: 5
+      workspace:
+        clean: all
+
+      steps:
+        - task: GoTool@0
+          inputs:
+            version: 1.16
+
+        - script: |
+            export REGISTRY="e2e"
+            export IMAGE_VERSION=e2e-$(git rev-parse --short HEAD)
+
+            echo "Image version: ${IMAGE_VERSION}"
+            echo "##vso[task.setvariable variable=IMAGE_VERSION]${IMAGE_VERSION}"
+            echo "##vso[task.setvariable variable=REGISTRY]${REGISTRY}"
+
+            make e2e-bootstrap
+          displayName: "Build image"
+          env:
+            CI_KIND_CLUSTER: true
+
+        - script: |
+            make e2e-test
+          displayName: "Run e2e tests on kind cluster"
+          env:
+            AZURE_CLIENT_ID: $(AZURE_CLIENT_ID)
+            AZURE_CLIENT_SECRET: $(AZURE_CLIENT_SECRET)
+            KEY_NAME: $(KEY_NAME)
+            KEY_VERSION: $(KEY_VERSION)
+            KEYVAULT_NAME: $(KEYVAULT_NAME)
+            SECRET_NAME: $(SECRET_NAME)
+            TENANT_ID: $(TENANT_ID)
+            CI_KIND_CLUSTER: true
+            AZURE_ENVIRONMENT_FILEPATH: "/etc/kubernetes/custom_environment.json"
+            ${{ if eq(driverWriteSecret, 'true') }}:
+              DRIVER_WRITE_SECRETS: true
+  
+        - script: |
+            make e2e-kind-cleanup
+          displayName: 'Delete kind cluster'
+          condition: always()

.pipelines/load-tests-template.yaml → .pipelines/templates/load-test.yaml

@@ -23,15 +23,15 @@ jobs:
           git clone -b $(checkout.branch) $(checkout.repo) $(perf-tests.repo.path)
         displayName: Checkout $(checkout.repo) @ $(checkout.branch)
 
-      - template: templates/build-images.yaml
+      - template: build-images.yaml
 
       - script: |
           az account set -s=$(LOAD_TEST_SUBSCRIPTION_ID)
         displayName: "Set subscription for load tests"
 
-      - template: templates/aks-setup.yaml
+      - template: aks-setup.yaml
 
-      - template: templates/assign-user-identity.yaml
+      - template: assign-user-identity.yaml
         parameters:
           identitySubscriptionID: $(LOAD_TEST_SUBSCRIPTION_ID)
 
@@ -101,16 +101,16 @@ jobs:
         condition: succeededOrFailed()
         displayName: "Get stats"
 
-      - template: templates/get-logs.yaml
+      - template: get-logs.yaml
         parameters:
           logUID: load-test
 
-      - template: templates/publish-load-test-result.yaml
+      - template: publish-load-test-result.yaml
 
       - script: |
           az aks delete -g ${AZURE_CLUSTER_NAME} -n ${AZURE_CLUSTER_NAME} --yes --no-wait
           az group delete -g ${AZURE_CLUSTER_NAME} --yes --no-wait
         displayName: "Delete resource group"
         condition: always()
 
-      - template: templates/cleanup-images.yaml
+      - template: cleanup-images.yaml

.pipelines/templates/unit-test.yaml

@@ -0,0 +1,21 @@
+jobs:
+- job: unit_test
+  timeoutInMinutes: 10
+  cancelTimeoutInMinutes: 5
+  workspace:
+    clean: all
+  steps:
+    - task: GoTool@0
+      inputs:
+        version: 1.16
+    - script: make lint
+      displayName: Run lint
+    - script: make build build-windows
+      displayName: Build
+    - script: make unit-test
+      displayName: Run unit tests
+    - script: bash <(curl -s https://codecov.io/bash) -C $(Build.SourceVersion)
+      displayName: Upload coverage to codecov
+    - script: make helm-lint
+      displayName: Run helm lint
+    - template: scan-images.yaml

azure-pipelines.yml

@@ -10,109 +10,15 @@ pr:
   paths:
     exclude:
       - docs/*
+      - website/*
 
 pool:
   vmImage: ubuntu-latest
 
 jobs:
-- job: unit_tests
-  timeoutInMinutes: 10
-  cancelTimeoutInMinutes: 5
-  workspace:
-    clean: all
-
-  steps:
-    - task: GoTool@0
-      inputs:
-        version: 1.16
-    - script: make lint
-      displayName: Run lint
-    - script: make build build-windows
-      displayName: Build
-    - script: make unit-test
-      displayName: Run unit tests
-    - script: bash <(curl -s https://codecov.io/bash)
-      displayName: Upload coverage to codecov
-    - script: make helm-lint
-      displayName: Run helm lint
-    - template: .pipelines/templates/scan-images.yaml
-
-- job: e2e_test_kind
-  timeoutInMinutes: 10
-  cancelTimeoutInMinutes: 5
-  workspace:
-    clean: all
-
-  steps:
-  - task: GoTool@0
-    inputs:
-      version: 1.16
-  - script: |
-      export REGISTRY="e2e"
-      export IMAGE_VERSION=e2e-$(git rev-parse --short HEAD)
-
-      echo "Image version: ${IMAGE_VERSION}"
-      echo "##vso[task.setvariable variable=IMAGE_VERSION]${IMAGE_VERSION}"
-      echo "##vso[task.setvariable variable=REGISTRY]${REGISTRY}"
-
-      make e2e-bootstrap
-    displayName: "Build image"
-    env:
-      CI_KIND_CLUSTER: true
-  - script: |
-      make e2e-test
-    displayName: "Run e2e tests on kind cluster for New Version"
-    env:
-      AZURE_CLIENT_ID: $(AZURE_CLIENT_ID)
-      AZURE_CLIENT_SECRET: $(AZURE_CLIENT_SECRET)
-      KEY_NAME: $(KEY_NAME)
-      KEY_VERSION: $(KEY_VERSION)
-      KEYVAULT_NAME: $(KEYVAULT_NAME)
-      SECRET_NAME: $(SECRET_NAME)
-      TENANT_ID: $(TENANT_ID)
-      CI_KIND_CLUSTER: true
-  - script: |
-      make e2e-kind-cleanup
-    displayName: 'Delete kind cluster'
-    condition: always()
-
-- job: custom_cloud_e2e_test_kind
-  timeoutInMinutes: 10
-  cancelTimeoutInMinutes: 5
-  workspace:
-    clean: all
-
-  steps:
-  - task: GoTool@0
-    inputs:
-      version: 1.16
-  - script: |
-      export REGISTRY="e2e"
-      export IMAGE_VERSION=e2e-$(git rev-parse --short HEAD)
-
-      echo "Image version: ${IMAGE_VERSION}"
-      echo "##vso[task.setvariable variable=IMAGE_VERSION]${IMAGE_VERSION}"
-      echo "##vso[task.setvariable variable=REGISTRY]${REGISTRY}"
-
-      make e2e-bootstrap
-    displayName: "Build image"
-    env:
-      CI_KIND_CLUSTER: true
-  - script: |
-      make e2e-test
-    displayName: "Run custom cloud e2e tests on kind cluster for New version"
-    env:
-      AZURE_CLIENT_ID: $(AZURE_CLIENT_ID)
-      AZURE_CLIENT_SECRET: $(AZURE_CLIENT_SECRET)
-      KEY_NAME: $(KEY_NAME)
-      KEY_VERSION: $(KEY_VERSION)
-      KEYVAULT_NAME: $(KEYVAULT_NAME)
-      SECRET_NAME: $(SECRET_NAME)
-      TENANT_ID: $(TENANT_ID)
-      CI_KIND_CLUSTER: true
-      AZURE_ENVIRONMENT: AzureStackCloud
-      AZURE_ENVIRONMENT_FILEPATH: /provider/custom_environment.json
-  - script: |
-      make e2e-kind-cleanup
-    displayName: 'Delete kind cluster'
-    condition: always()
+  - template: .pipelines/templates/unit-test.yaml
+  - template: .pipelines/templates/e2e-test-kind.yaml
+    parameters:
+      driverWriteSecrets:
+        - "true"
+        - "false"

cmd/main.go

@@ -71,6 +71,9 @@ func main() {
 	if *provider.ConstructPEMChain {
 		klog.Infof("construct pem chain feature enabled")
 	}
+	if *provider.DriverWriteSecrets {
+		klog.Infof("secrets will be written to filesystem by the CSI driver")
+	}
 	// Add csi-secrets-store user agent to adal requests
 	if err := adal.AddToUserAgent(version.GetUserAgent()); err != nil {
 		klog.Fatalf("failed to add user agent to adal: %+v", err)

go.mod

@@ -4,19 +4,19 @@ go 1.16
 
 require (
 	github.com/Azure/azure-sdk-for-go v52.4.0+incompatible
-	github.com/Azure/go-autorest/autorest v0.9.6
-	github.com/Azure/go-autorest/autorest/adal v0.8.2
+	github.com/Azure/go-autorest/autorest v0.11.1
+	github.com/Azure/go-autorest/autorest/adal v0.9.5
 	github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect
 	github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect
 	github.com/google/go-cmp v0.5.2
 	github.com/kubernetes-csi/csi-lib-utils v0.7.1
 	github.com/pkg/errors v0.9.1
 	github.com/stretchr/testify v1.6.1
-	golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9
-	golang.org/x/net v0.0.0-20200707034311-ab3426394381
+	golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0
+	golang.org/x/net v0.0.0-20201110031124-69a78807bb2b
 	google.golang.org/grpc v1.31.0
 	gopkg.in/yaml.v2 v2.3.0
-	k8s.io/component-base v0.19.3
+	k8s.io/component-base v0.20.2
 	k8s.io/klog/v2 v2.5.0
-	sigs.k8s.io/secrets-store-csi-driver v0.0.20
+	sigs.k8s.io/secrets-store-csi-driver v0.0.21
 )