Merge pull request #1109 from AlbeeSo/feat/sts-customized-rolename

feat(OSS): allow customized roleName for STS
kubernetes-sigs · Jul 19, 2024 · 627d295 · 627d295
2 parents 40af7aa + dd7ef8e
commit 627d295
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 8 deletions.
diff --git a/pkg/oss/controllerserver.go b/pkg/oss/controllerserver.go
@@ -66,7 +66,7 @@ func getOssVolumeOptions(req *csi.CreateVolumeRequest) *Options {
 			}
 		case "authtype":
 			ossVolArgs.AuthType = value
-		case "rolename":
+		case "rolename", "ramrole":
 			ossVolArgs.RoleName = value
 		case "rolearn":
 			ossVolArgs.RoleArn = value

diff --git a/pkg/oss/nodeserver.go b/pkg/oss/nodeserver.go
@@ -64,7 +64,7 @@ type Options struct {
 	AkID     string `json:"akId"`
 	AkSecret string `json:"akSecret"`
 	// RRSA
-	RoleName           string `json:"roleName"`
+	RoleName           string `json:"roleName"` // also for STS
 	RoleArn            string `json:"roleArn"`
 	OidcProviderArn    string `json:"oidcProviderArn"`
 	ServiceAccountName string `json:"serviceAccountName"`
@@ -171,7 +171,7 @@ func (ns *nodeServer) NodePublishVolume(ctx context.Context, req *csi.NodePublis
 			}
 		case "authtype":
 			opt.AuthType = strings.ToLower(value)
-		case "rolename":
+		case "rolename", "ramrole":
 			opt.RoleName = value
 		case "rolearn":
 			opt.RoleArn = value
@@ -289,7 +289,7 @@ func (ns *nodeServer) NodePublishVolume(ctx context.Context, req *csi.NodePublis
 	regionID, _ := ns.metadata.Get(metadata.RegionID)
 	switch opt.AuthType {
 	case mounter.AuthTypeSTS:
-		mountOptions = append(mountOptions, GetRAMRoleOption())
+		mountOptions = append(mountOptions, GetRAMRoleOption(opt.RoleName))
 	case mounter.AuthTypeRRSA:
 		if regionID == "" {
 			mountOptions = append(mountOptions, "rrsa_endpoint=https://sts.aliyuncs.com")

diff --git a/pkg/oss/utils.go b/pkg/oss/utils.go
@@ -57,9 +57,12 @@ func GetGlobalMountPath(volumeId string) string {
 }
 
 // GetRAMRoleOption get command line's ram_role option
-func GetRAMRoleOption() string {
-	ramRole, _ := utils.GetMetaData(RAMRoleResource)
-	ramRoleOpt := MetadataURL + RAMRoleResource + ramRole
+func GetRAMRoleOption(roleName string) string {
+	var ramRoleOpt string = roleName
+	if ramRoleOpt == "" {
+		ramRole, _ := utils.GetMetaData(RAMRoleResource)
+		ramRoleOpt = MetadataURL + RAMRoleResource + ramRole
+	}
 	mntCmdRamRole := fmt.Sprintf("ram_role=%s", ramRoleOpt)
 	return mntCmdRamRole
 }

diff --git a/pkg/oss/utils_test.go b/pkg/oss/utils_test.go
@@ -26,8 +26,11 @@ import (
 )
 
 func TestGetRAMRoleOption(t *testing.T) {
-	result := GetRAMRoleOption()
+	result := GetRAMRoleOption("")
 	assert.NotEqual(t, "", result)
+
+	result = GetRAMRoleOption("role")
+	assert.Equal(t, "ram_role=role", result)
 }
 
 func Test_parseOtherOpts(t *testing.T) {