Add secret_namespace to volume_source azure_file

[bancek]

Description

This adds support for setting secret_namespace argument for azure_file volume type for resource kubernetes_persistent_volume (k8s api).

Fixes #1160

Acceptance tests

• Have you added an acceptance test for the functionality being added?
• Have you run the acceptance tests on this branch?

Output from acceptance testing:

$ make testacc TESTARGS='-run=TestAccKubernetesPersistentVolume_azure_file'
...
TF_CLI_CONFIG_FILE=/tmp/terraform-provider-kubernetes/kubernetes/test-infra/external-providers/.terraformrc TF_PLUGIN_CACHE_DIR=/tmp/terraform-provider-kubernetes/kubernetes/test-infra/external-providers/.terraform TF_ACC=1 go test "/tmp/terraform-provider-kubernetes/kubernetes" -v -run=TestAccKubernetesPersistentVolume_azure_file -timeout 120m
=== RUN   TestAccKubernetesPersistentVolume_azure_file
--- PASS: TestAccKubernetesPersistentVolume_azure_file (321.06s)
PASS
ok      github.com/hashicorp/terraform-provider-kubernetes/kubernetes   321.600s

Output from kubectl during the test:

$ kubectl get pv/tfacctestbcvvfyt8dl -o yaml
apiVersion: v1
kind: PersistentVolume
metadata:
  name: tfacctestbcvvfyt8dl
spec:
  accessModes:
  - ReadWriteOnce
  azureFile:
    secretName: tfacctest8lkacq8lgx
    secretNamespace: tfacctestznnik4h68w
    shareName: tfacctestbcvvfyt8dl
  capacity:
    storage: 1Gi
  persistentVolumeReclaimPolicy: Retain
  volumeMode: Filesystem

Release Note

Release note for CHANGELOG:

Add support for updating `kubernetes_persistent_volume` `azure_file` `secret_namespace` argument.

References

Fixes #1160

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

[hashicorp-cla]

All committers have signed the CLA.

[BasBerk]

Hi,

Maybe my testing is wrong, I'm not an expert on these kind of things, but even using you code it still tries to look up the secret in the default namespace:

Warning FailedMount 30s (x2 over 32s) kubelet MountVolume.SetUp failed for volume "g7xxx" : Couldn't get secret default/common-sa-secret-dev

    volume {
       name = "g7xxx"
        azure_file {
          share_name = "data/g7_xxx"            
          secret_name = kubernetes_secret.common_sa_secret.metadata[0].name
          secret_namespace = local.namespace
          read_only = false
        }               
      }

+ volume { + name = "g7xxx" + azure_file { + read_only = false + secret_name = "common-sa-secret-dev" + secret_namespace = "iss-ftp-nonp-dev" + share_name = "data/g7_xxx" } }

[bancek]

@BazzardTCR it looks like I made a typo in my PR branch. I'll look into adding an acceptance test.

[BasBerk]

@BazzardTCR it looks like I made a typo in my PR branch. I'll look into adding an acceptance test.

I did a rebuild check if the last change was in there, it is, but still the same issue.
Not sure it helps or it's relevant, with kubectl describe pod:

shared: Type: AzureFile (an Azure File Service mount on the host and bind mount to the pod) SecretName: common-sa-secret-dev ShareName: shared ReadOnly: true

[bancek]

I've added the acceptance test and hardened the checks for nil and empty values. Changing secret_namespace now also forces recreate.

[dak1n1]

This PR looks really good! Thanks for this contribution. I'm going to run a few more tests, but I wanted to leave some initial feedback.

[dak1n1]

These tests look great! I'm especially excited to see an example demonstrating a feature I haven't used before. Thanks for this!

[bancek]

Ideally we would also create a pod and validate that the volume is actually mounted but this is better than nothing :)

[dak1n1]

Good idea! I ended up doing that manually to test. I'll paste it here in case anyone is randomly googling how to mount azure file shares to their pod.

https://gist.githubusercontent.com/dak1n1/43a199ce6b066d894f5a878f3f588561/raw/d5f86fa57f4dd79bda4d93c1364897a180b9b8a1/gistfile1.txt

[dak1n1]

I tested this on AKS 1.18, 1.19, 1.20 using terraform 0.14.7 and 0.14.8. It looks like it's working reliably. Thanks again!

[dak1n1]

Good idea! I ended up doing that manually to test. I'll paste it here in case anyone is randomly googling how to mount azure file shares to their pod.

https://gist.githubusercontent.com/dak1n1/43a199ce6b066d894f5a878f3f588561/raw/d5f86fa57f4dd79bda4d93c1364897a180b9b8a1/gistfile1.txt

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!