Add new reserved prefixed parameter keys which are stripped out of parameter list, add deprecation notice for old keys and keep their behavior the same

[davidz627]

Add new reserved prefixed parameter keys which are stripped out of parameter list:

csiParameterPrefix = "csi.storage.k8s.io/"
prefixedFsTypeKey = csiParameterPrefix + "FSType"
prefixedProvisionerSecretNameKey      = csiParameterPrefix + "ProvisionerSecretName"
prefixedProvisionerSecretNamespaceKey = csiParameterPrefix + "ProvisionerSecretNamespace"
prefixedControllerPublishSecretNameKey      = csiParameterPrefix + "ControllerPublishSecretName"
prefixedControllerPublishSecretNamespaceKey = csiParameterPrefix + "ControllerPublishSecretNamespace"
prefixedNodeStageSecretNameKey      = csiParameterPrefix + "NodeStageSecretName"
prefixedNodeStageSecretNamespaceKey = csiParameterPrefix + "NodeStageSecretNamespace"
prefixedNodePublishSecretNameKey      = csiParameterPrefix + "NodePublishSecretName"
prefixedNodePublishSecretNamespaceKey = csiParameterPrefix + "NodePublishSecretNamespace"

add deprecation notice for old keys, example:
"fstype" is deprecated and will be removed in a future release, please use "csi.storage.k8s.io/FSType" instead

the behavior will be the same for the old parameter keys, except for the fact that they cannot be specified in conjunction with their respective new prefixed parameter key

/assign @saad-ali @lpabon @jsafrane @msau42 @mkimuram @vladimirvivien

[k8s-ci-robot]

@davidz627: GitHub didn't allow me to assign the following users: mkimuram.

Note that only kubernetes-csi members and repo collaborators can be assigned.
For more information please see the contributor guide

In response to this:

all parameters that start with "csi" are interpreted by the external-provisioner as special parameters and they are placed into objects as first class CSI fields. Therefore after they have been "translated" into field they are stripped from the parameters list that gets passed to CreateVolume.

In this vein we add csifstype so that you can specify fstype that the external provisioner will understand and place in to the volume capability, it will then get stripped out of the parameters list.

/assign @saad-ali @lpabon @jsafrane @msau42 @mkimuram @vladimirvivien

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[davidz627]

this refactor was so that we have a new server for each test, so that mock expectations did not carry through from test to test causing hard to debug cascading failures

[davidz627]

I also added that we should not expect create volume when test is supposed to error

[saad-ali]

I support this change. This reserves StorageClass parameters with keys starting with csi... for use by the CSI external-provisioner and prevents them from being passed through to the CSI driver in the CreateVolume call.

[mkimuram]

@davidz627

Is my understanding right that the issue is caused by that csi external provisioner passes all the storage class parameters to csi driver's CreateVolume, as a result, parameters that are not specific to csi driver, such as fsType and secrets for csi, is passed to csi driver?

As spec describes as below, I agree that csi plugins should check if invalid parameters are not passed like this, and then above behavior will make csi driver regard such parameters as invalid.

  // Plugin specific parameters passed in as opaque key-value pairs.
  // This field is OPTIONAL. The Plugin is responsible for parsing and
  // validating these parameters. COs will treat these as opaque.

To solve this issue, we also have an option to strip fsType in addition to parameters that is prefixed with csi, instead of introducing new csiFsType. Pros and Cons will be as below, so if we don't need to prioritize compatibility, implementation of this PR will be better.

Pros:

• Compatible with csi v0 driver on how to specify fstype in storage class parameters
• Compatible with in-tree driver or non csi external provisioner on how to specify fstype in storage class parameters

Cons:

• Introduce an irregular case for handling csi's storage class parameters (Assuming that this PR intends to make a rule that storage class parameters prefixed with "csi" are not for each csi driver in k8s.)

[davidz627]

@saad-ali @lpabon @jsafrane @msau42 @mkimuram @vladimirvivien
new version based on morning CSI standup discussion pushed

[verult]

/assign

[davidz627]

@saad-ali resolved. The error messages I made more generic because we can't tell if the user used the deprecated or new parameters, unless we want to add more cases :S

[verult]

What about a function

generateCSIParams(actor, key string, deprecated bool)

and

noActor = ""
provisionerActor = "Provisioner"
controllerPublishActor = "ControllerPublish"
...
secretNameKey = "SecretName"
fsTypeKey = "FSType"
...
actors = []string{provisionerActor, controllerPublishActor, ...}
keys = []string{secretNameKey, fsTypeKey, ...}

[davidz627]

how would we associate actors with keys? This ends up just shifting the variable definition into a different type of struct I think. It's unclear what params we're trying to generate here, whats the output of this function?

[verult]

Sorry the func should be called generateCSIParamKeys and returns an actual storageclass parameter key. The logic would be the same as what you have right now, but encapsulated in a function, so it's easier to read and you don't need a giant list of variables.

[verult]

I'm trying to see if there's a way to not have a hard-coded list of all the various combinations.

[verult]

What if you had a helper function

getKeyFromParams(actor, key string) (val string, isDeprecated bool, err error)

that

• Returns the val corresponding to either the deprecated or the existing key if only 1 of them exists (and set isDeprecated accordingly)
• Returns an error if both deprecated and existing keys exist

Then the check below becomes something like:

if secretNameIsDeprecated != secretNamespaceIsDeprecated {
   throwError()
} else if secretNameIsDeprecated {
   ...
} else { // !secretNameIsDeprecated && !secretNamespaceIsDeprecated
   ...
}

[davidz627]

when passing in a key we already know whether its deprecated or not as we define that so it doesnt make sense to me to have that as a return. Also given one deprecated theres no way to associate that with the "non-deprecated" version of that key without a struct that binds both together (or some hardcoding in this function) which serves the same purpose.

[verult]

Tried to prototype this piece of logic and yeah, it doesn't look much prettier. OK to keep everything as is!

[davidz627]

could you LGTM?

[verult]

Going off the suggestions from above, this would take in actor string instead of secret secretParamsType

[davidz627]

this just shifts association of deprecatedness/actors from the structs that I created into hardcoded cases in the functions

[saad-ali]

/approve

LGTM

Will let @verult or @msau42 do final lgtm

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: davidz627, saad-ali

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [saad-ali]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[verult]

Couple nits but LGTM otherwise!

[verult]

nit: Move new consts to a separate file?

[davidz627]

refactor in future

[jingxu97]

/lgtm

[k8s-ci-robot]

@jingxu97: changing LGTM is restricted to assignees, and only kubernetes-csi/external-provisioner repo collaborators may be assigned issues.

In response to this:

/lgtm

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[verult]

/lgtm