From fcdfecf29b9eccee164f35e9a39b21c726ac7dcc Mon Sep 17 00:00:00 2001 From: weizhichen Date: Mon, 8 Jan 2024 04:26:23 +0000 Subject: [PATCH] cherry-pick https://github.com/kubernetes-sigs/blob-csi-driver/pull/1158 and https://github.com/kubernetes-sigs/blob-csi-driver/pull/1143 --- go.mod | 2 +- pkg/blob/azure.go | 37 +++++++++---------- pkg/blob/azure_test.go | 2 +- pkg/blob/blob.go | 2 +- pkg/blob/controllerserver.go | 5 ++- .../pre_provisioned_sastoken_tester.go | 2 +- 6 files changed, 26 insertions(+), 24 deletions(-) diff --git a/go.mod b/go.mod index f3782616d9..f855532a3f 100644 --- a/go.mod +++ b/go.mod @@ -32,7 +32,7 @@ require ( k8s.io/mount-utils v0.28.4 k8s.io/utils v0.0.0-20231127182322-b307cd553661 sigs.k8s.io/cloud-provider-azure v1.27.1-0.20231213062409-f1ce7de3fdcb - sigs.k8s.io/cloud-provider-azure/pkg/azclient/configloader v0.0.0-20231208022044-b9ede3fc98e9 // indirect + sigs.k8s.io/cloud-provider-azure/pkg/azclient/configloader v0.0.0-20231208022044-b9ede3fc98e9 sigs.k8s.io/yaml v1.4.0 ) diff --git a/pkg/blob/azure.go b/pkg/blob/azure.go index 2424ab6410..e3c364311d 100644 --- a/pkg/blob/azure.go +++ b/pkg/blob/azure.go @@ -35,6 +35,7 @@ import ( "k8s.io/client-go/tools/clientcmd" "k8s.io/klog/v2" "k8s.io/utils/pointer" + "sigs.k8s.io/cloud-provider-azure/pkg/azclient/configloader" azure "sigs.k8s.io/cloud-provider-azure/pkg/provider" providerconfig "sigs.k8s.io/cloud-provider-azure/pkg/provider/config" @@ -52,20 +53,15 @@ func IsAzureStackCloud(cloud *azure.Cloud) bool { } // getCloudProvider get Azure Cloud Provider -func getCloudProvider(kubeconfig, nodeID, secretName, secretNamespace, userAgent string, allowEmptyCloudConfig bool, kubeAPIQPS float64, kubeAPIBurst int) (*azure.Cloud, error) { +func getCloudProvider(ctx context.Context, kubeconfig, nodeID, secretName, secretNamespace, userAgent string, allowEmptyCloudConfig bool, kubeAPIQPS float64, kubeAPIBurst int) (*azure.Cloud, error) { var ( config *azure.Config kubeClient *clientset.Clientset fromSecret bool ) - az := &azure.Cloud{ - InitSecretConfig: azure.InitSecretConfig{ - SecretName: secretName, - SecretNamespace: secretNamespace, - CloudConfigKey: "cloud-config", - }, - } + az := &azure.Cloud{} + az.Environment.StorageEndpointSuffix = storage.DefaultBaseURL kubeCfg, err := getKubeConfig(kubeconfig) @@ -85,19 +81,26 @@ func getCloudProvider(kubeconfig, nodeID, secretName, secretNamespace, userAgent } if kubeClient != nil { - klog.V(2).Infof("reading cloud config from secret %s/%s", az.SecretNamespace, az.SecretName) az.KubeClient = kubeClient - config, err = az.GetConfigFromSecret() + klog.V(2).Infof("reading cloud config from secret %s/%s", secretNamespace, secretName) + config, err := configloader.Load[azure.Config](ctx, &configloader.K8sSecretLoaderConfig{ + K8sSecretConfig: configloader.K8sSecretConfig{ + SecretName: secretName, + SecretNamespace: secretNamespace, + CloudConfigKey: "cloud-config", + }, + KubeClient: kubeClient, + }, nil) if err == nil && config != nil { fromSecret = true } if err != nil { - klog.V(2).Infof("InitializeCloudFromSecret: failed to get cloud config from secret %s/%s: %v", az.SecretNamespace, az.SecretName, err) + klog.V(2).Infof("InitializeCloudFromSecret: failed to get cloud config from secret %s/%s: %v", secretNamespace, secretName, err) } } if config == nil { - klog.V(2).Infof("could not read cloud config from secret %s/%s", az.SecretNamespace, az.SecretName) + klog.V(2).Infof("could not read cloud config from secret %s/%s", secretNamespace, secretName) credFile, ok := os.LookupEnv(DefaultAzureCredentialFileEnv) if ok && strings.TrimSpace(credFile) != "" { klog.V(2).Infof("%s env var set as %v", DefaultAzureCredentialFileEnv, credFile) @@ -106,15 +109,11 @@ func getCloudProvider(kubeconfig, nodeID, secretName, secretNamespace, userAgent klog.V(2).Infof("use default %s env var: %v", DefaultAzureCredentialFileEnv, credFile) } - credFileConfig, err := os.Open(credFile) + config, err = configloader.Load[azure.Config](ctx, nil, &configloader.FileLoaderConfig{ + FilePath: credFile, + }) if err != nil { klog.Warningf("load azure config from file(%s) failed with %v", credFile, err) - } else { - defer credFileConfig.Close() - klog.V(2).Infof("read cloud config from file: %s successfully", credFile) - if config, err = azure.ParseConfig(credFileConfig); err != nil { - klog.Warningf("parse config file(%s) failed with error: %v", credFile, err) - } } } diff --git a/pkg/blob/azure_test.go b/pkg/blob/azure_test.go index 86b0e36b66..78a607e9e7 100644 --- a/pkg/blob/azure_test.go +++ b/pkg/blob/azure_test.go @@ -168,7 +168,7 @@ users: } os.Setenv(DefaultAzureCredentialFileEnv, fakeCredFile) } - cloud, err := getCloudProvider(test.kubeconfig, test.nodeID, "", "", test.userAgent, test.allowEmptyCloudConfig, 25.0, 50) + cloud, err := getCloudProvider(context.Background(), test.kubeconfig, test.nodeID, "", "", test.userAgent, test.allowEmptyCloudConfig, 25.0, 50) if !reflect.DeepEqual(err, test.expectedErr) && test.expectedErr != nil && !strings.Contains(err.Error(), test.expectedErr.Error()) { t.Errorf("desc: %s,\n input: %q, GetCloudProvider err: %v, expectedErr: %v", test.desc, test.kubeconfig, err, test.expectedErr) } diff --git a/pkg/blob/blob.go b/pkg/blob/blob.go index 48f8279460..1af6282fac 100644 --- a/pkg/blob/blob.go +++ b/pkg/blob/blob.go @@ -284,7 +284,7 @@ func (d *Driver) Run(endpoint, kubeconfig string, testBool bool) { userAgent := GetUserAgent(d.Name, d.customUserAgent, d.userAgentSuffix) klog.V(2).Infof("driver userAgent: %s", userAgent) - d.cloud, err = getCloudProvider(kubeconfig, d.NodeID, d.cloudConfigSecretName, d.cloudConfigSecretNamespace, userAgent, d.allowEmptyCloudConfig, d.kubeAPIQPS, d.kubeAPIBurst) + d.cloud, err = getCloudProvider(context.Background(), kubeconfig, d.NodeID, d.cloudConfigSecretName, d.cloudConfigSecretNamespace, userAgent, d.allowEmptyCloudConfig, d.kubeAPIQPS, d.kubeAPIBurst) if err != nil { klog.Fatalf("failed to get Azure Cloud Provider, error: %v", err) } diff --git a/pkg/blob/controllerserver.go b/pkg/blob/controllerserver.go index 2b1882341a..3f75c449ae 100644 --- a/pkg/blob/controllerserver.go +++ b/pkg/blob/controllerserver.go @@ -29,6 +29,7 @@ import ( "google.golang.org/grpc/codes" "google.golang.org/grpc/status" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob" "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/sas" "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/service" @@ -905,7 +906,9 @@ func generateSASToken(accountName, accountKey, storageEndpointSuffix string, exp sasURL, err := serviceClient.GetSASURL( sas.AccountResourceTypes{Object: true, Service: false, Container: true}, sas.AccountPermissions{Read: true, List: true, Write: true}, - sas.AccountServices{Blob: true}, time.Now(), time.Now().Add(time.Duration(expiryTime)*time.Minute)) + time.Now().Add(time.Duration(expiryTime)*time.Minute), + &service.GetSASURLOptions{StartTime: to.Ptr(time.Now())}, + ) if err != nil { return "", err } diff --git a/test/e2e/testsuites/pre_provisioned_sastoken_tester.go b/test/e2e/testsuites/pre_provisioned_sastoken_tester.go index fb50cb03b2..28daca903b 100644 --- a/test/e2e/testsuites/pre_provisioned_sastoken_tester.go +++ b/test/e2e/testsuites/pre_provisioned_sastoken_tester.go @@ -99,7 +99,7 @@ func GenerateSASToken(accountName, accountKey string) string { sasURL, err := serviceClient.GetSASURL( sas.AccountResourceTypes{Object: true, Service: true, Container: true}, sas.AccountPermissions{Read: true, List: true, Write: true, Delete: true, Add: true, Create: true, Update: true}, - sas.AccountServices{Blob: true}, time.Now(), time.Now().Add(10*time.Hour)) + time.Now().Add(10*time.Hour), nil) framework.ExpectNoError(err) u, err := url.Parse(sasURL) framework.ExpectNoError(err)