fix(controller): check for missing credentials before API calls

closes #83
enix · Apr 7, 2021 · 7e387c3 · 7e387c3
1 parent 322115b
commit 7e387c3
Show file tree

Hide file tree

Showing 5 changed files with 35 additions and 7 deletions.
diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md
@@ -29,3 +29,7 @@ kubeletPath: /opt/rke/var/lib/kubelet
 It's a known fact that when `multipathd` segfaults, it can produce wrong mappings of device paths. When such a multipathed device is mounted, it can result in a corruption of the filesystem. Some checks were added to ensure that the different paths are consistent and lead to the same volume in the appliance.
 
 If you still get this issue, please check that the candidate for the package `multipath-tools` on your host is on the same version as in the container. You can do so by running `apt-cache policy multipath-tools` on your host as well as in the container `multipathd` from one of the pod `dothill-node-server-xxxxx`.
+
+## When expanding a volume, I get the error "missing API credentials"
+
+It's because your storage class miss parameters `csi.storage.k8s.io/controller-expand-secret-name` and `csi.storage.k8s.io/controller-expand-secret-namespace`. The same can happen with volume's creation and publication. The solution is to add those parameters to your storage class. Since a storage class is immutable, you will have to delete it first and then recreate it. The CSI plugin may not take account of this change if an expansion is already in progress. A solution could be to [clone](./volume-snapshots.md#clone-a-volume) the volume you wanted to expand using your new storage class and replace it by its clone.
diff --git a/docs/volume-snapshots.md b/docs/volume-snapshots.md
@@ -18,6 +18,8 @@ To restore a snapshot, you have to create a new `PersistantVolumeClaim` and spec
 
 To clone a volume, you can follow the same procedure than to restore a snapshot, but configure another volume instead of a snapshot. An example can be found [here](https://github.com/kubernetes-csi/csi-driver-host-path/blob/master/examples/csi-clone.yaml) and the kubernetes documentation [here](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#volume-cloning).
 
+---
+
 References:
 - https://kubernetes.io/docs/concepts/storage/volume-snapshots
 - https://github.com/kubernetes-csi/external-snapshotter

diff --git a/go.mod b/go.mod
@@ -4,7 +4,7 @@ go 1.16
 
 require (
 	github.com/container-storage-interface/spec v1.4.0
-	github.com/enix/dothill-api-go v1.7.0
+	github.com/enix/dothill-api-go v1.7.1
 	github.com/golang/protobuf v1.4.3
 	github.com/grpc-ecosystem/go-grpc-middleware v1.2.2
 	github.com/kubernetes-csi/csi-lib-iscsi v0.0.0-20200118015005-959f12c91ca8

diff --git a/go.sum b/go.sum
@@ -57,8 +57,8 @@ github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFP
 github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M=
 github.com/enix/csi-lib-iscsi v0.0.0-dothill-3-1-1-1 h1:cfq1+Xm8XO/ijV6fPP/d5a+4qwwV93I+3LQ+ClgAB/k=
 github.com/enix/csi-lib-iscsi v0.0.0-dothill-3-1-1-1/go.mod h1:c/keGS6bErOzLrFyNgafdDWT6h72v2XQiA/p2R7yghU=
-github.com/enix/dothill-api-go v1.7.0 h1:jbziGAb4ecXRgds47zcfXqEeNPJJBOgiDPV4FH0FQgA=
-github.com/enix/dothill-api-go v1.7.0/go.mod h1:OuhSm5SRGxzXFy3kmRAGCCDpbp6q/2JFmTdES2jP5Jw=
+github.com/enix/dothill-api-go v1.7.1 h1:A8O9xXyiMPFtThQXqh1w5er6i7QTA71Yew+LUsSEXjw=
+github.com/enix/dothill-api-go v1.7.1/go.mod h1:OuhSm5SRGxzXFy3kmRAGCCDpbp6q/2JFmTdES2jP5Jw=
 github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=

diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go
@@ -2,6 +2,7 @@ package controller
 
 import (
 	"context"
+	"errors"
 	"sync"
 
 	"github.com/container-storage-interface/spec/lib/go/csi"
@@ -42,6 +43,16 @@ var csiMutexes = map[string]*sync.Mutex{
 	"/csi.v1.Controller/ControllerExpandVolume":    {},
 }
 
+var nonAuthenticatedMethods = []string{
+	"/csi.v1.Controller/ControllerGetCapabilities",
+	"/csi.v1.Controller/ListVolumes",
+	"/csi.v1.Controller/GetCapacity",
+	"/csi.v1.Controller/ControllerGetVolume",
+	"/csi.v1.Identity/Probe",
+	"/csi.v1.Identity/GetPluginInfo",
+	"/csi.v1.Identity/GetPluginCapabilities",
+}
+
 // Controller is the implementation of csi.ControllerServer
 type Controller struct {
 	*common.Driver
@@ -87,7 +98,7 @@ func New() *Controller {
 				driverContext.VolumeCaps = reqWithVolumeCaps.GetVolumeCapabilities()
 			}
 
-			err := controller.beginRoutine(&driverContext)
+			err := controller.beginRoutine(&driverContext, info.FullMethod)
 			defer controller.endRoutine()
 			if err != nil {
 				return nil, err
@@ -171,16 +182,27 @@ func (controller *Controller) Probe(ctx context.Context, req *csi.ProbeRequest)
 	return &csi.ProbeResponse{}, nil
 }
 
-func (controller *Controller) beginRoutine(ctx *DriverCtx) error {
+func (controller *Controller) beginRoutine(ctx *DriverCtx, methodName string) error {
 	if err := runPreflightChecks(ctx.Parameters, ctx.VolumeCaps); err != nil {
 		return err
 	}
 
-	if ctx.Credentials == nil {
-		klog.Info("skipping login as this RPC does not require any API call")
+	needsAuthentication := true
+	for _, name := range nonAuthenticatedMethods {
+		if methodName == name {
+			needsAuthentication = false
+			break
+		}
+	}
+
+	if !needsAuthentication {
 		return nil
 	}
 
+	if ctx.Credentials == nil {
+		return errors.New("missing API credentials")
+	}
+
 	return controller.configureClient(ctx.Credentials)
 }