From 42e73b7af00a7dab69b7fddb9d28d4b2d267f4c7 Mon Sep 17 00:00:00 2001 From: Ashima-Ashima1 Date: Tue, 19 Aug 2025 12:48:33 +0530 Subject: [PATCH 01/12] update versions --- .github/workflows/release.yml | 2 +- .secrets.baseline | 2 +- go.mod | 2 +- go.sum | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8f1f59d7..b90bd486 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,7 +21,7 @@ jobs: steps: - name: Checkout Code - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Print Go Version run: go version diff --git a/.secrets.baseline b/.secrets.baseline index 2fe6fc80..0744d9fc 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "go.sum|^.secrets.baseline$", "lines": null }, - "generated_at": "2025-08-08T10:24:11Z", + "generated_at": "2025-08-19T07:18:05Z", "plugins_used": [ { "name": "AWSKeyDetector" diff --git a/go.mod b/go.mod index 85a480a2..44f116c6 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( go.uber.org/zap v1.27.0 golang.org/x/net v0.43.0 google.golang.org/grpc v1.74.2 - google.golang.org/protobuf v1.36.6 + google.golang.org/protobuf v1.36.7 k8s.io/api v0.33.4 k8s.io/apimachinery v0.33.4 k8s.io/client-go v0.33.4 diff --git a/go.sum b/go.sum index 5690a93d..89701529 100644 --- a/go.sum +++ b/go.sum @@ -392,8 +392,8 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20250528174236-200df99c418a h1: google.golang.org/genproto/googleapis/rpc v0.0.0-20250528174236-200df99c418a/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= google.golang.org/grpc v1.74.2 h1:WoosgB65DlWVC9FqI82dGsZhWFNBSLjQ84bjROOpMu4= google.golang.org/grpc v1.74.2/go.mod h1:CtQ+BGjaAIXHs/5YS3i473GqwBBa1zGQNevxdeBEXrM= -google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= -google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= +google.golang.org/protobuf v1.36.7 h1:IgrO7UwFQGJdRNXH/sQux4R1Dj1WAKcLElzeeRaXV2A= +google.golang.org/protobuf v1.36.7/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= From 62dec5dc8ee374009975a2f79a1a0d3716eb7e0b Mon Sep 17 00:00:00 2001 From: Ashima-Ashima1 Date: Tue, 19 Aug 2025 13:02:46 +0530 Subject: [PATCH 02/12] update versions --- .travis.yml | 2 +- Dockerfile | 2 +- Dockerfile.builder | 2 +- deploy/ibmCloud/kustomization.yaml | 2 +- deploy/ibmUnmanaged/kustomization.yaml | 2 +- go.mod | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.travis.yml b/.travis.yml index 20ef55cc..a1efe889 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,7 +2,7 @@ dist: bionic language: go go: - - 1.24.5 + - 1.25.0 group: bluezone diff --git a/Dockerfile b/Dockerfile index 19246b42..0eff9778 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,7 +30,7 @@ FROM registry.access.redhat.com/ubi8/ubi AS rclone-builder RUN yum install wget git gcc -y ENV ARCH=amd64 -ENV GO_VERSION=1.24.5 +ENV GO_VERSION=1.25.0 RUN echo $ARCH $GO_VERSION diff --git a/Dockerfile.builder b/Dockerfile.builder index b1990fbc..82ad44e7 100644 --- a/Dockerfile.builder +++ b/Dockerfile.builder @@ -1,4 +1,4 @@ -FROM golang:1.24.5 +FROM golang:1.25.0 WORKDIR /go/src/github.com/IBM/ibm-object-csi-driver ADD . /go/src/github.com/IBM/ibm-object-csi-driver diff --git a/deploy/ibmCloud/kustomization.yaml b/deploy/ibmCloud/kustomization.yaml index 0109da16..65e62b51 100644 --- a/deploy/ibmCloud/kustomization.yaml +++ b/deploy/ibmCloud/kustomization.yaml @@ -25,7 +25,7 @@ images: newName: k8s.gcr.io/sig-storage/csi-node-driver-registrar newTag: v2.12.0 - newName: registry.k8s.io/sig-storage/livenessprobe - newTag: v2.14.0 + newTag: v2.16.0 name: liveness-probe-image commonLabels: app.kubernetes.io/part-of: ibm-object-csi-driver diff --git a/deploy/ibmUnmanaged/kustomization.yaml b/deploy/ibmUnmanaged/kustomization.yaml index 9098a850..36db3f87 100644 --- a/deploy/ibmUnmanaged/kustomization.yaml +++ b/deploy/ibmUnmanaged/kustomization.yaml @@ -19,7 +19,7 @@ images: newName: k8s.gcr.io/sig-storage/csi-node-driver-registrar newTag: v2.12.0 - newName: registry.k8s.io/sig-storage/livenessprobe - newTag: v2.14.0 + newTag: v2.16.0 name: liveness-probe-image commonLabels: app.kubernetes.io/part-of: ibm-object-csi-driver diff --git a/go.mod b/go.mod index 44f116c6..3a27890d 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/IBM/ibm-object-csi-driver -go 1.24.5 +go 1.25.0 require ( github.com/IBM/go-sdk-core/v5 v5.21.0 From e8b8fb01ee0ab9953bac9fa0bcd7ff15c32837bd Mon Sep 17 00:00:00 2001 From: Ashima-Ashima1 Date: Tue, 19 Aug 2025 14:47:58 +0530 Subject: [PATCH 03/12] fetch iam endpoint dynamically Signed-off-by: Ashima-Ashima1 --- .secrets.baseline | 6 +++--- pkg/constants/constants.go | 3 ++- pkg/driver/controllerserver.go | 8 ++++---- pkg/driver/nodeserver.go | 4 ++++ pkg/driver/s3-driver.go | 17 +++++++++++++---- pkg/mounter/mounter-s3fs.go | 8 ++++++-- pkg/utils/driver_utils.go | 24 +++++++++++++++++------- pkg/utils/fake_driver_utils.go | 8 ++++++++ tests/sanity/sanity_test.go | 4 ++++ 9 files changed, 61 insertions(+), 21 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 0744d9fc..a90ba1f9 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "go.sum|^.secrets.baseline$", "lines": null }, - "generated_at": "2025-08-19T07:18:05Z", + "generated_at": "2025-08-19T09:12:10Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -209,7 +209,7 @@ "hashed_secret": "39f69c278f46165447f30d10acf54277aaa3d5fc", "is_secret": false, "is_verified": false, - "line_number": 85, + "line_number": 86, "type": "Secret Keyword", "verified_result": null } @@ -270,7 +270,7 @@ { "hashed_secret": "c7c6508b19455e3e8040e60e9833fbede92e5d8e", "is_verified": false, - "line_number": 356, + "line_number": 366, "type": "Secret Keyword", "verified_result": null } diff --git a/pkg/constants/constants.go b/pkg/constants/constants.go index d00d3ba6..5dca6b6a 100644 --- a/pkg/constants/constants.go +++ b/pkg/constants/constants.go @@ -3,7 +3,8 @@ package constants import "time" const ( - DefaultIAMEndPoint = "https://iam.cloud.ibm.com" + PublicIAMEndpoint = "https://iam.cloud.ibm.com" + PrivateIAMEndpoint = "https://private.iam.cloud.ibm.com" // Maximum number of volumes that controller can publish to the node. // If value is not set or zero CO SHALL decide how many volumes of diff --git a/pkg/driver/controllerserver.go b/pkg/driver/controllerserver.go index 272a8367..23649239 100644 --- a/pkg/driver/controllerserver.go +++ b/pkg/driver/controllerserver.go @@ -185,7 +185,7 @@ func (cs *controllerServer) CreateVolume(_ context.Context, req *csi.CreateVolum klog.Infof("BucketVersioning value that will be set via storage class params: %s", bucketVersioning) } - creds, err := getCredentials(secretMap) + creds, err := getCredentials(secretMap, cs.iamEndpoint) if err != nil { return nil, status.Error(codes.InvalidArgument, fmt.Sprintf("Error in getting credentials %v", err)) } @@ -325,7 +325,7 @@ func (cs *controllerServer) DeleteVolume(_ context.Context, req *csi.DeleteVolum secretMap = secretMapCustom } - creds, err := getCredentials(secretMap) + creds, err := getCredentials(secretMap, cs.iamEndpoint) if err != nil { return nil, status.Error(codes.InvalidArgument, fmt.Sprintf("Error in getting credentials %v", err)) } @@ -438,7 +438,7 @@ func (cs *controllerServer) ControllerModifyVolume(_ context.Context, req *csi.C return nil, status.Error(codes.Unimplemented, "ControllerModifyVolume") } -func getCredentials(secretMap map[string]string) (*s3client.ObjectStorageCredentials, error) { +func getCredentials(secretMap map[string]string, iamEP string) (*s3client.ObjectStorageCredentials, error) { klog.Infof("- getCredentials-") var ( accessKey string @@ -453,7 +453,7 @@ func getCredentials(secretMap map[string]string) (*s3client.ObjectStorageCredent iamEndpoint = val } if iamEndpoint == "" { - iamEndpoint = constants.DefaultIAMEndPoint + iamEndpoint = iamEP } if val, check := secretMap["apiKey"]; check { diff --git a/pkg/driver/nodeserver.go b/pkg/driver/nodeserver.go index e5b922c5..16169a23 100644 --- a/pkg/driver/nodeserver.go +++ b/pkg/driver/nodeserver.go @@ -141,6 +141,10 @@ func (ns *nodeServer) NodePublishVolume(_ context.Context, req *csi.NodePublishV return nil, status.Error(codes.InvalidArgument, "S3 Service endpoint not provided") } + if len(secretMap["iamEndpoint"]) == 0 { + secretMap["iamEndpoint"] = ns.iamEndpoint + } + // If bucket name wasn't provided by user, we use temp bucket created for volume. if secretMap["bucketName"] == "" { tempBucketName, err := ns.Stats.GetBucketNameFromPV(volumeID) diff --git a/pkg/driver/s3-driver.go b/pkg/driver/s3-driver.go index 185c2ba7..74b8d291 100644 --- a/pkg/driver/s3-driver.go +++ b/pkg/driver/s3-driver.go @@ -23,6 +23,7 @@ import ( pkgUtils "github.com/IBM/ibm-object-csi-driver/pkg/utils" csi "github.com/container-storage-interface/spec/lib/go/csi" "go.uber.org/zap" + "k8s.io/klog/v2" ) var ( @@ -45,10 +46,11 @@ var ( ) type S3Driver struct { - name string - version string - mode string - endpoint string + name string + version string + mode string + endpoint string + iamEndpoint string s3client s3client.ObjectStorageSession @@ -170,6 +172,13 @@ func (driver *S3Driver) NewS3CosDriver(nodeID string, endpoint string, s3cosSess return nil, err } + iamEP, _, err := statsUtil.GetEndpoints() + if err != nil { + return nil, err + } + klog.Infof("iam endpoint: %v", iamEP) + driver.iamEndpoint = iamEP + driver.endpoint = endpoint driver.s3client = s3client diff --git a/pkg/mounter/mounter-s3fs.go b/pkg/mounter/mounter-s3fs.go index 3b6eba0d..f6ce3afc 100644 --- a/pkg/mounter/mounter-s3fs.go +++ b/pkg/mounter/mounter-s3fs.go @@ -34,6 +34,7 @@ type S3fsMounter struct { LocConstraint string //From Secret in SC AuthType string AccessKeys string + IAMEndpoint string KpRootKeyCrn string MountOptions []string MounterUtils utils.MounterUtils @@ -87,6 +88,9 @@ func NewS3fsMounter(secretMap map[string]string, mountOptions []string, mounterU if val, check = secretMap["kpRootKeyCRN"]; check { mounter.KpRootKeyCrn = val } + if val, check = secretMap["iamEndpoint"]; check { + mounter.IAMEndpoint = val + } if apiKey != "" { mounter.AccessKeys = fmt.Sprintf(":%s", apiKey) @@ -325,10 +329,10 @@ func (s3fs *S3fsMounter) formulateMountOptions(bucket, target, passwdFile string if s3fs.AuthType != "hmac" { nodeServerOp = append(nodeServerOp, "-o", "ibm_iam_auth") - nodeServerOp = append(nodeServerOp, "-o", "ibm_iam_endpoint="+constants.DefaultIAMEndPoint) + nodeServerOp = append(nodeServerOp, "-o", "ibm_iam_endpoint="+s3fs.IAMEndpoint) workerNodeOp["ibm_iam_auth"] = "true" - workerNodeOp["ibm_iam_endpoint"] = constants.DefaultIAMEndPoint + workerNodeOp["ibm_iam_endpoint"] = s3fs.IAMEndpoint } else { nodeServerOp = append(nodeServerOp, "-o", "default_acl=private") workerNodeOp["default_acl"] = "private" diff --git a/pkg/utils/driver_utils.go b/pkg/utils/driver_utils.go index 29772f87..b13e5fa9 100644 --- a/pkg/utils/driver_utils.go +++ b/pkg/utils/driver_utils.go @@ -30,6 +30,7 @@ type StatsUtils interface { GetBucketUsage(volumeID string) (int64, error) GetBucketNameFromPV(volumeID string) (string, error) GetRegionAndZone(nodeName string) (string, string, error) + GetEndpoints() (string, string, error) GetPVAttributes(volumeID string) (map[string]string, error) GetPVC(pvcName, pvcNamespace string) (*v1.PersistentVolumeClaim, error) GetSecret(secretName, secretNamespace string) (*v1.Secret, error) @@ -61,6 +62,19 @@ func (su *DriverStatsUtils) GetRegionAndZone(nodeName string) (region, zone stri return region, zone, nil } +// GetEndpoints return IAMEndpoint, COSResourceConfigEndpoint, error +func (su *DriverStatsUtils) GetEndpoints() (string, string, error) { + clusterType, err := getClusterType() + if err != nil { + return "", "", err + } + + if strings.Contains(clusterType, "vpc") { + return constants.PrivateIAMEndpoint, constants.ResourceConfigEPDirect, nil + } + return constants.PublicIAMEndpoint, constants.ResourceConfigEPPrivate, nil +} + func (su *DriverStatsUtils) BucketToDelete(volumeID string) (string, error) { clientset, err := CreateK8sClient() if err != nil { @@ -115,7 +129,7 @@ func (su *DriverStatsUtils) GetTotalCapacityFromPV(volumeID string) (resource.Qu } func (su *DriverStatsUtils) GetBucketUsage(volumeID string) (int64, error) { - ep, err := getEPBasedOnCluserInfra() + _, ep, err := su.GetEndpoints() if err != nil { return 0, err } @@ -305,7 +319,7 @@ func CreateK8sClient() (*kubernetes.Clientset, error) { return clientset, nil } -func getEPBasedOnCluserInfra() (string, error) { +func getClusterType() (string, error) { k8sClient, err := CreateK8sClient() if err != nil { return "", err @@ -325,11 +339,7 @@ func getEPBasedOnCluserInfra() (string, error) { clusterType := clusterConfig["cluster_type"] klog.Info("Cluster Type ", clusterType) - - if strings.Contains(clusterType, "vpc") { - return constants.ResourceConfigEPDirect, nil - } - return constants.ResourceConfigEPPrivate, nil + return clusterType, nil } func fetchSecretUsingPV(volumeID string, su *DriverStatsUtils) (*v1.Secret, error) { diff --git a/pkg/utils/fake_driver_utils.go b/pkg/utils/fake_driver_utils.go index 5676faa2..0052faff 100644 --- a/pkg/utils/fake_driver_utils.go +++ b/pkg/utils/fake_driver_utils.go @@ -13,6 +13,7 @@ type FakeStatsUtilsFuncStruct struct { GetBucketUsageFn func(volumeID string) (int64, error) GetBucketNameFromPVFn func(volumeID string) (string, error) GetRegionAndZoneFn func(nodeName string) (string, string, error) + GetEndpointsFn func() (string, string, error) GetPVAttributesFn func(volumeID string) (map[string]string, error) GetPVCFn func(pvcName, pvcNamespace string) (*v1.PersistentVolumeClaim, error) GetSecretFn func(secretName, secretNamespace string) (*v1.Secret, error) @@ -80,6 +81,13 @@ func (m *FakeStatsUtilsFuncStructImpl) GetRegionAndZone(nodeName string) (string panic("requested method should not be nil") } +func (m *FakeStatsUtilsFuncStructImpl) GetEndpoints() (string, string, error) { + if m.FuncStruct.GetBucketNameFromPVFn != nil { + return m.FuncStruct.GetEndpointsFn() + } + panic("requested method should not be nil") +} + func (m *FakeStatsUtilsFuncStructImpl) GetPVAttributes(volumeID string) (map[string]string, error) { if m.FuncStruct.GetPVAttributesFn != nil { return m.FuncStruct.GetPVAttributesFn(volumeID) diff --git a/tests/sanity/sanity_test.go b/tests/sanity/sanity_test.go index 31fa07a6..c2f80f00 100644 --- a/tests/sanity/sanity_test.go +++ b/tests/sanity/sanity_test.go @@ -260,6 +260,10 @@ func (su *FakeNewDriverStatsUtils) GetRegionAndZone(nodeName string) (string, st return "", "", nil } +func (su *FakeNewDriverStatsUtils) GetEndpoints() (string, string, error) { + return "", "", nil +} + func (su *FakeNewDriverStatsUtils) GetPVAttributes(volumeID string) (map[string]string, error) { return map[string]string{}, nil } From 1eeae3f8f414be9d2cf410ba62c971c87a9aaade Mon Sep 17 00:00:00 2001 From: Ashima-Ashima1 Date: Wed, 20 Aug 2025 12:22:05 +0530 Subject: [PATCH 04/12] fix uts Signed-off-by: Ashima-Ashima1 --- .secrets.baseline | 2 +- pkg/driver/controllerserver_test.go | 6 ++++++ pkg/driver/nodeserver_test.go | 3 +++ pkg/driver/s3-driver_test.go | 23 ++++++++++++++++++++++- pkg/mounter/mounter-s3fs_test.go | 1 + pkg/utils/fake_driver_utils.go | 2 +- 6 files changed, 34 insertions(+), 3 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index a90ba1f9..023d95fb 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "go.sum|^.secrets.baseline$", "lines": null }, - "generated_at": "2025-08-19T09:12:10Z", + "generated_at": "2025-08-20T06:50:49Z", "plugins_used": [ { "name": "AWSKeyDetector" diff --git a/pkg/driver/controllerserver_test.go b/pkg/driver/controllerserver_test.go index 93541d01..ba99282c 100644 --- a/pkg/driver/controllerserver_test.go +++ b/pkg/driver/controllerserver_test.go @@ -506,6 +506,9 @@ func TestCreateVolume(t *testing.T) { t.Log("Testcase being executed", zap.String("testcase", tc.testCaseName)) controllerServer := &controllerServer{ + S3Driver: &S3Driver{ + iamEndpoint: constants.PublicIAMEndpoint, + }, cosSession: tc.cosSession, Stats: tc.driverStatsUtils, } @@ -720,6 +723,9 @@ func TestDeleteVolume(t *testing.T) { defer teardown() controllerServer := &controllerServer{ + S3Driver: &S3Driver{ + iamEndpoint: constants.PublicIAMEndpoint, + }, Stats: tc.driverStatsUtils, cosSession: tc.cosSession, Logger: lgr, diff --git a/pkg/driver/nodeserver_test.go b/pkg/driver/nodeserver_test.go index da7c2ef7..74f07d92 100644 --- a/pkg/driver/nodeserver_test.go +++ b/pkg/driver/nodeserver_test.go @@ -347,6 +347,9 @@ func TestNodePublishVolume(t *testing.T) { t.Log("Testcase being executed", zap.String("testcase", tc.testCaseName)) nodeServer := nodeServer{ + S3Driver: &S3Driver{ + iamEndpoint: constants.PublicIAMEndpoint, + }, Stats: tc.driverStatsUtils, Mounter: tc.Mounter, } diff --git a/pkg/driver/s3-driver_test.go b/pkg/driver/s3-driver_test.go index a184b1bc..5c7e1eb6 100644 --- a/pkg/driver/s3-driver_test.go +++ b/pkg/driver/s3-driver_test.go @@ -252,7 +252,11 @@ func TestNewS3CosDriver(t *testing.T) { { testCaseName: "Positive: controller mode", mode: "controller", - statsUtils: utils.NewFakeStatsUtilsImpl(utils.FakeStatsUtilsFuncStruct{}), + statsUtils: utils.NewFakeStatsUtilsImpl(utils.FakeStatsUtilsFuncStruct{ + GetEndpointsFn: func() (string, string, error) { + return constants.PublicIAMEndpoint, "", nil + }, + }), verifyResult: func(t *testing.T, driver *S3Driver, err error) { assert.NoError(t, err) assert.NotEmpty(t, driver.cs) @@ -263,6 +267,9 @@ func TestNewS3CosDriver(t *testing.T) { testCaseName: "Positive: node mode", mode: "node", statsUtils: utils.NewFakeStatsUtilsImpl(utils.FakeStatsUtilsFuncStruct{ + GetEndpointsFn: func() (string, string, error) { + return constants.PublicIAMEndpoint, "", nil + }, GetRegionAndZoneFn: func(nodeName string) (string, string, error) { return testRegion, testZone, nil }, }), verifyResult: func(t *testing.T, driver *S3Driver, err error) { @@ -277,6 +284,9 @@ func TestNewS3CosDriver(t *testing.T) { testCaseName: "Positive: controller and node mode", mode: "controller-node", statsUtils: utils.NewFakeStatsUtilsImpl(utils.FakeStatsUtilsFuncStruct{ + GetEndpointsFn: func() (string, string, error) { + return constants.PublicIAMEndpoint, "", nil + }, GetRegionAndZoneFn: func(nodeName string) (string, string, error) { return testRegion, testZone, nil }, }), verifyResult: func(t *testing.T, driver *S3Driver, err error) { @@ -288,6 +298,17 @@ func TestNewS3CosDriver(t *testing.T) { }, expectedErr: nil, }, + { + testCaseName: "Negative: Failed to GetEndpoints", + mode: "controller-node", + statsUtils: utils.NewFakeStatsUtilsImpl(utils.FakeStatsUtilsFuncStruct{ + GetEndpointsFn: func() (string, string, error) { + return "", "", errors.New("failed") + }, + }), + verifyResult: nil, + expectedErr: errors.New("failed"), + }, } fakeCosSession := &s3client.FakeCOSSessionFactory{} diff --git a/pkg/mounter/mounter-s3fs_test.go b/pkg/mounter/mounter-s3fs_test.go index 53797b29..9b78c178 100644 --- a/pkg/mounter/mounter-s3fs_test.go +++ b/pkg/mounter/mounter-s3fs_test.go @@ -50,6 +50,7 @@ func TestNewS3fsMounter_Success_Hmac(t *testing.T) { "tmpdir": "test-tmpdir", "use_cache": "true", "gid": "test-gid", + "iamEndpoint": "test-iamEndpoint", } mountOptions := []string{"opt1=val1", "opt2=val2", " ", "opt3"} diff --git a/pkg/utils/fake_driver_utils.go b/pkg/utils/fake_driver_utils.go index 0052faff..09324cb4 100644 --- a/pkg/utils/fake_driver_utils.go +++ b/pkg/utils/fake_driver_utils.go @@ -82,7 +82,7 @@ func (m *FakeStatsUtilsFuncStructImpl) GetRegionAndZone(nodeName string) (string } func (m *FakeStatsUtilsFuncStructImpl) GetEndpoints() (string, string, error) { - if m.FuncStruct.GetBucketNameFromPVFn != nil { + if m.FuncStruct.GetEndpointsFn != nil { return m.FuncStruct.GetEndpointsFn() } panic("requested method should not be nil") From 3b33b32f84e542b4df1f05c5d659666015054550 Mon Sep 17 00:00:00 2001 From: Ashima-Ashima1 Date: Wed, 20 Aug 2025 12:24:20 +0530 Subject: [PATCH 05/12] publish v0.9.0 Signed-off-by: Ashima-Ashima1 --- .github/workflows/release.yml | 8 ++++---- cos-csi-mounter/Makefile | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b90bd486..6a2c4b05 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,7 +3,7 @@ name: Release on: push: branches: - - main + - ashima2 jobs: release: @@ -17,7 +17,7 @@ jobs: env: IS_LATEST_RELEASE: 'true' - APP_VERSION: 1.0.3 + APP_VERSION: 0.9.0 steps: - name: Checkout Code @@ -63,8 +63,8 @@ jobs: /home/runner/work/ibm-object-csi-driver/ibm-object-csi-driver/cos-csi-mounter/cos-csi-mounter-${{ env.APP_VERSION }}.deb.tar.gz.sha256 /home/runner/work/ibm-object-csi-driver/ibm-object-csi-driver/cos-csi-mounter/cos-csi-mounter-${{ env.APP_VERSION }}.rpm.tar.gz /home/runner/work/ibm-object-csi-driver/ibm-object-csi-driver/cos-csi-mounter/cos-csi-mounter-${{ env.APP_VERSION }}.rpm.tar.gz.sha256 - tag_name: v1.0.3 - name: v1.0.3 + tag_name: v0.9.0 + name: v0.9.0 ## body: prerelease: ${{ env.IS_LATEST_RELEASE != 'true' }} diff --git a/cos-csi-mounter/Makefile b/cos-csi-mounter/Makefile index d5490a7c..08373fd3 100644 --- a/cos-csi-mounter/Makefile +++ b/cos-csi-mounter/Makefile @@ -1,5 +1,5 @@ NAME := cos-csi-mounter -APP_VERSION := 1.0.3 +APP_VERSION := 0.9.0 BUILD_DIR := $(NAME)-$(APP_VERSION) BIN_DIR := bin From 282dfe9319773e3fbbc76b3a9bb4c086358a3b7d Mon Sep 17 00:00:00 2001 From: Ashima-Ashima1 Date: Wed, 20 Aug 2025 12:35:28 +0530 Subject: [PATCH 06/12] publish v0.9.1 Signed-off-by: Ashima-Ashima1 --- .github/workflows/release.yml | 10 +++++----- cos-csi-mounter/Makefile | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6a2c4b05..67e93409 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,8 +16,8 @@ jobs: - cos-csi-mounter env: - IS_LATEST_RELEASE: 'true' - APP_VERSION: 0.9.0 + IS_LATEST_RELEASE: 'false' + APP_VERSION: 0.9.1 steps: - name: Checkout Code @@ -63,9 +63,9 @@ jobs: /home/runner/work/ibm-object-csi-driver/ibm-object-csi-driver/cos-csi-mounter/cos-csi-mounter-${{ env.APP_VERSION }}.deb.tar.gz.sha256 /home/runner/work/ibm-object-csi-driver/ibm-object-csi-driver/cos-csi-mounter/cos-csi-mounter-${{ env.APP_VERSION }}.rpm.tar.gz /home/runner/work/ibm-object-csi-driver/ibm-object-csi-driver/cos-csi-mounter/cos-csi-mounter-${{ env.APP_VERSION }}.rpm.tar.gz.sha256 - tag_name: v0.9.0 - name: v0.9.0 - ## body: + tag_name: v0.9.1 + name: v0.9.1 + body: "Fetch IAM Endpoints Dynamically" prerelease: ${{ env.IS_LATEST_RELEASE != 'true' }} - name: Perform CodeQL Analysis diff --git a/cos-csi-mounter/Makefile b/cos-csi-mounter/Makefile index 08373fd3..66957400 100644 --- a/cos-csi-mounter/Makefile +++ b/cos-csi-mounter/Makefile @@ -1,5 +1,5 @@ NAME := cos-csi-mounter -APP_VERSION := 0.9.0 +APP_VERSION := 0.9.1 BUILD_DIR := $(NAME)-$(APP_VERSION) BIN_DIR := bin From af2a737707983854bc4011695d24f680baaa6803 Mon Sep 17 00:00:00 2001 From: Ashima-Ashima1 Date: Wed, 20 Aug 2025 19:22:15 +0530 Subject: [PATCH 07/12] fix travis Signed-off-by: Ashima-Ashima1 --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 3a27890d..44f116c6 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/IBM/ibm-object-csi-driver -go 1.25.0 +go 1.24.5 require ( github.com/IBM/go-sdk-core/v5 v5.21.0 From c4b1588c8496c721b4f173a623081655e661a206 Mon Sep 17 00:00:00 2001 From: Ashima-Ashima1 Date: Wed, 20 Aug 2025 19:23:59 +0530 Subject: [PATCH 08/12] publish v0.9.1 Signed-off-by: Ashima-Ashima1 --- .secrets.baseline | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.secrets.baseline b/.secrets.baseline index 023d95fb..fb6f8411 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "go.sum|^.secrets.baseline$", "lines": null }, - "generated_at": "2025-08-20T06:50:49Z", + "generated_at": "2025-08-20T13:53:47Z", "plugins_used": [ { "name": "AWSKeyDetector" From 570bd773a553dda58e7fd226b05d4c8dc1fa226e Mon Sep 17 00:00:00 2001 From: Ashima-Ashima1 Date: Thu, 21 Aug 2025 15:18:27 +0530 Subject: [PATCH 09/12] revert version Signed-off-by: Ashima-Ashima1 --- .github/workflows/release.yml | 10 +++++----- cos-csi-mounter/Makefile | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 67e93409..31908a80 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,7 +3,7 @@ name: Release on: push: branches: - - ashima2 + - main jobs: release: @@ -17,7 +17,7 @@ jobs: env: IS_LATEST_RELEASE: 'false' - APP_VERSION: 0.9.1 + APP_VERSION: 1.0.3 steps: - name: Checkout Code @@ -63,9 +63,9 @@ jobs: /home/runner/work/ibm-object-csi-driver/ibm-object-csi-driver/cos-csi-mounter/cos-csi-mounter-${{ env.APP_VERSION }}.deb.tar.gz.sha256 /home/runner/work/ibm-object-csi-driver/ibm-object-csi-driver/cos-csi-mounter/cos-csi-mounter-${{ env.APP_VERSION }}.rpm.tar.gz /home/runner/work/ibm-object-csi-driver/ibm-object-csi-driver/cos-csi-mounter/cos-csi-mounter-${{ env.APP_VERSION }}.rpm.tar.gz.sha256 - tag_name: v0.9.1 - name: v0.9.1 - body: "Fetch IAM Endpoints Dynamically" + tag_name: v1.0.3 + name: v1.0.3 + body: "" prerelease: ${{ env.IS_LATEST_RELEASE != 'true' }} - name: Perform CodeQL Analysis diff --git a/cos-csi-mounter/Makefile b/cos-csi-mounter/Makefile index 66957400..d5490a7c 100644 --- a/cos-csi-mounter/Makefile +++ b/cos-csi-mounter/Makefile @@ -1,5 +1,5 @@ NAME := cos-csi-mounter -APP_VERSION := 0.9.1 +APP_VERSION := 1.0.3 BUILD_DIR := $(NAME)-$(APP_VERSION) BIN_DIR := bin From c22b6ff480b217ba2546f6c4abb8e85be7b0c870 Mon Sep 17 00:00:00 2001 From: Ashima-Ashima1 Date: Thu, 21 Aug 2025 15:19:18 +0530 Subject: [PATCH 10/12] revert version Signed-off-by: Ashima-Ashima1 --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 31908a80..07d20cd9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,7 +16,7 @@ jobs: - cos-csi-mounter env: - IS_LATEST_RELEASE: 'false' + IS_LATEST_RELEASE: 'true' APP_VERSION: 1.0.3 steps: @@ -65,7 +65,7 @@ jobs: /home/runner/work/ibm-object-csi-driver/ibm-object-csi-driver/cos-csi-mounter/cos-csi-mounter-${{ env.APP_VERSION }}.rpm.tar.gz.sha256 tag_name: v1.0.3 name: v1.0.3 - body: "" + ## body: prerelease: ${{ env.IS_LATEST_RELEASE != 'true' }} - name: Perform CodeQL Analysis From 2822e29ba275f9d6fa1b6eaff10e8447b8340ade Mon Sep 17 00:00:00 2001 From: Ashima-Ashima1 Date: Mon, 25 Aug 2025 08:02:52 +0530 Subject: [PATCH 11/12] address review comments Signed-off-by: Ashima-Ashima1 --- .secrets.baseline | 4 ++-- pkg/driver/controllerserver.go | 8 ++++---- pkg/utils/driver_utils.go | 4 +++- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index fb6f8411..8842a963 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "go.sum|^.secrets.baseline$", "lines": null }, - "generated_at": "2025-08-20T13:53:47Z", + "generated_at": "2025-08-25T02:32:44Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -270,7 +270,7 @@ { "hashed_secret": "c7c6508b19455e3e8040e60e9833fbede92e5d8e", "is_verified": false, - "line_number": 366, + "line_number": 368, "type": "Secret Keyword", "verified_result": null } diff --git a/pkg/driver/controllerserver.go b/pkg/driver/controllerserver.go index 23649239..66882f8d 100644 --- a/pkg/driver/controllerserver.go +++ b/pkg/driver/controllerserver.go @@ -185,7 +185,7 @@ func (cs *controllerServer) CreateVolume(_ context.Context, req *csi.CreateVolum klog.Infof("BucketVersioning value that will be set via storage class params: %s", bucketVersioning) } - creds, err := getCredentials(secretMap, cs.iamEndpoint) + creds, err := getSecretData(secretMap, cs.iamEndpoint) if err != nil { return nil, status.Error(codes.InvalidArgument, fmt.Sprintf("Error in getting credentials %v", err)) } @@ -325,7 +325,7 @@ func (cs *controllerServer) DeleteVolume(_ context.Context, req *csi.DeleteVolum secretMap = secretMapCustom } - creds, err := getCredentials(secretMap, cs.iamEndpoint) + creds, err := getSecretData(secretMap, cs.iamEndpoint) if err != nil { return nil, status.Error(codes.InvalidArgument, fmt.Sprintf("Error in getting credentials %v", err)) } @@ -438,8 +438,8 @@ func (cs *controllerServer) ControllerModifyVolume(_ context.Context, req *csi.C return nil, status.Error(codes.Unimplemented, "ControllerModifyVolume") } -func getCredentials(secretMap map[string]string, iamEP string) (*s3client.ObjectStorageCredentials, error) { - klog.Infof("- getCredentials-") +func getSecretData(secretMap map[string]string, iamEP string) (*s3client.ObjectStorageCredentials, error) { + klog.Infof("- getSecretData-") var ( accessKey string secretKey string diff --git a/pkg/utils/driver_utils.go b/pkg/utils/driver_utils.go index b13e5fa9..a054704a 100644 --- a/pkg/utils/driver_utils.go +++ b/pkg/utils/driver_utils.go @@ -69,9 +69,11 @@ func (su *DriverStatsUtils) GetEndpoints() (string, string, error) { return "", "", err } - if strings.Contains(clusterType, "vpc") { + if strings.Contains(strings.ToLower(clusterType), "vpc") { + // Use private iam endpoint for VPC clusters return constants.PrivateIAMEndpoint, constants.ResourceConfigEPDirect, nil } + // Use public iam endpoint for classic clusters return constants.PublicIAMEndpoint, constants.ResourceConfigEPPrivate, nil } From 7f074d651b1c624caffd14aeee0711571e503699 Mon Sep 17 00:00:00 2001 From: Ashima-Ashima1 Date: Mon, 25 Aug 2025 08:34:58 +0530 Subject: [PATCH 12/12] minor fixes Signed-off-by: Ashima-Ashima1 --- pkg/driver/controllerserver.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/driver/controllerserver.go b/pkg/driver/controllerserver.go index 66882f8d..4c68299a 100644 --- a/pkg/driver/controllerserver.go +++ b/pkg/driver/controllerserver.go @@ -185,7 +185,7 @@ func (cs *controllerServer) CreateVolume(_ context.Context, req *csi.CreateVolum klog.Infof("BucketVersioning value that will be set via storage class params: %s", bucketVersioning) } - creds, err := getSecretData(secretMap, cs.iamEndpoint) + creds, err := getObjectStorageCredentialsFromSecret(secretMap, cs.iamEndpoint) if err != nil { return nil, status.Error(codes.InvalidArgument, fmt.Sprintf("Error in getting credentials %v", err)) } @@ -325,7 +325,7 @@ func (cs *controllerServer) DeleteVolume(_ context.Context, req *csi.DeleteVolum secretMap = secretMapCustom } - creds, err := getSecretData(secretMap, cs.iamEndpoint) + creds, err := getObjectStorageCredentialsFromSecret(secretMap, cs.iamEndpoint) if err != nil { return nil, status.Error(codes.InvalidArgument, fmt.Sprintf("Error in getting credentials %v", err)) } @@ -438,8 +438,8 @@ func (cs *controllerServer) ControllerModifyVolume(_ context.Context, req *csi.C return nil, status.Error(codes.Unimplemented, "ControllerModifyVolume") } -func getSecretData(secretMap map[string]string, iamEP string) (*s3client.ObjectStorageCredentials, error) { - klog.Infof("- getSecretData-") +func getObjectStorageCredentialsFromSecret(secretMap map[string]string, iamEP string) (*s3client.ObjectStorageCredentials, error) { + klog.Infof("- getObjectStorageCredentialsFromSecret-") var ( accessKey string secretKey string