issue-384, A single "default" storage class secret is added

[taaraora]

What type of PR is this?
/kind feature

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #384

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

Default StorageClass secrets are added:
 csi.storage.k8s.io/secret-name: ${pvc.name}
 csi.storage.k8s.io/secret-namespace: ${pvc.namespace}

Note: Default secrets for storage class feature does work only when both parameters are added.

[k8s-ci-robot]

Welcome @taaraora!

It looks like this is your first PR to kubernetes-csi/external-provisioner 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-csi/external-provisioner has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[k8s-ci-robot]

Hi @taaraora. Thanks for your PR.

I'm waiting for a kubernetes-csi member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[msau42]

/ok-to-test

[msau42]

Can you add some unit tests that use the new default secret?

Another thing to keep in mind, allowable secret templates are different for provisioning compared to the other operations. We should make sure we can maintain that behavior for the default secret.

[msau42]

/assign @misterikkit
to help review

[misterikkit]

Thanks for the enhancement! Looks like it will save us some API bloat in the future.

Functional change LGTM. Please add some test coverage.

[misterikkit]

Does this change cover the new logic, or just fix an existing test? I think we should add a case that gets the default value.

[taaraora]

This was just fix of existing test. I've added a few new tests for default secret.

[taaraora]

Can you add some unit tests that use the new default secret?

Another thing to keep in mind, allowable secret templates are different for provisioning compared to the other operations. We should make sure we can maintain that behavior for the default secret.

@msau42

• I've added tests for default secrets.
• Yep, default secrets support only those template variables which are common for all call templates. We definitely should describe this behavior in the documentation.

[misterikkit]

Thanks for adding tests. Do you mind squashing the commits?

[misterikkit]

Any reason userAnnotations is a slice of struct rather than a map[string]string? The call site that uses this new arg is overly verbose.

[taaraora]

Yes, the current signature makes userAnnotations argument optional. If we change it to map it will require to add an empty map to each place where this function is invoked now.

[misterikkit]

Seems like not too many call sites? Alternatively, since you only use userAnnotations in one place, you could make it a different helper function with a longer, more specific name.

The most comprehensive solution would be to adopt the standard "function options" pattern, but that may be overkill.

[taaraora]

Hm, I agree with you, a different helper function is the better way to handle this.

[taaraora]

Fixed, it is map[string]string now.

[misterikkit]

should be extended with new args when needed

I don't understand what you mean, since this could apply to any helper function. Could you elaborate?

[taaraora]

Thank you, that makes sense, I can just delete it.

[misterikkit]

Is the failure caused by mismatch between secret-from-annotation and default-secret-from-annotation? If so, could you make the names more distinct? Thanks.

[taaraora]

As @msau42 pointed out the default secrets can support only that set of template variables which is common for all calls. In this test, I showed that the annotation variable is not supported by the default secret. Should I rename this test?

[misterikkit]

I think after that explanation, the test name makes sense. I just find the existing logic with secret references and template evaluation to be confusing. 😢

[misterikkit]

Now that I re-read the test, maybe we can update the name to mention invalid/illegal template variable.

[taaraora]

Fixed.

[taaraora]

/retest

[misterikkit]

/lgtm

nice job refactoring the tests.

[msau42]

/approve
Thank you!

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: msau42, taaraora

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [msau42]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment