Merge pull request #1358 from nabokihms/remove-driver-name-hardcode

fix: remove hardcoded driver name
kubernetes-sigs · Nov 13, 2023 · 4a48741 · 4a48741
2 parents 2e99322 + 82bc092
commit 4a48741
Show file tree

Hide file tree

Showing 7 changed files with 18 additions and 9 deletions.
diff --git a/cmd/secrets-store-csi-driver/main.go b/cmd/secrets-store-csi-driver/main.go
@@ -168,7 +168,7 @@ func mainErr() error {
 		return err
 	}
 
-	reconciler, err := controllers.New(mgr, *nodeID)
+	reconciler, err := controllers.New(*driverName, mgr, *nodeID)
 	if err != nil {
 		klog.ErrorS(err, "failed to create secret provider class pod status reconciler")
 		return err
@@ -217,7 +217,7 @@ func mainErr() error {
 
 	// Secret rotation
 	if *enableSecretRotation {
-		rec, err := rotation.NewReconciler(mgr.GetCache(), scheme, *rotationPollInterval, providerClients, tokenClient)
+		rec, err := rotation.NewReconciler(*driverName, mgr.GetCache(), scheme, *rotationPollInterval, providerClients, tokenClient)
 		if err != nil {
 			klog.ErrorS(err, "failed to initialize rotation reconciler")
 			return err

diff --git a/controllers/secretproviderclasspodstatus_controller.go b/controllers/secretproviderclasspodstatus_controller.go
@@ -64,10 +64,11 @@ type SecretProviderClassPodStatusReconciler struct {
 	reader        client.Reader
 	writer        client.Writer
 	eventRecorder record.EventRecorder
+	driverName    string
 }
 
 // New creates a new SecretProviderClassPodStatusReconciler
-func New(mgr manager.Manager, nodeID string) (*SecretProviderClassPodStatusReconciler, error) {
+func New(driverName string, mgr manager.Manager, nodeID string) (*SecretProviderClassPodStatusReconciler, error) {
 	eventBroadcaster := record.NewBroadcaster()
 	kubeClient := kubernetes.NewForConfigOrDie(mgr.GetConfig())
 	eventBroadcaster.StartRecordingToSink(&clientcorev1.EventSinkImpl{Interface: kubeClient.CoreV1().Events("")})
@@ -81,6 +82,7 @@ func New(mgr manager.Manager, nodeID string) (*SecretProviderClassPodStatusRecon
 		reader:        mgr.GetCache(),
 		writer:        mgr.GetClient(),
 		eventRecorder: recorder,
+		driverName:    driverName,
 	}, nil
 }
 
@@ -265,7 +267,7 @@ func (r *SecretProviderClassPodStatusReconciler) Reconcile(ctx context.Context,
 	}
 
 	// determine which pod volume this is associated with
-	podVol := k8sutil.SPCVolume(pod, spc.Name)
+	podVol := k8sutil.SPCVolume(pod, r.driverName, spc.Name)
 	if podVol == nil {
 		return ctrl.Result{}, fmt.Errorf("failed to find secret provider class pod status volume for pod %s/%s", req.Namespace, spcPodStatus.Status.PodName)
 	}

diff --git a/controllers/secretproviderclasspodstatus_controller_test.go b/controllers/secretproviderclasspodstatus_controller_test.go
@@ -117,6 +117,7 @@ func newReconciler(client client.Client, scheme *runtime.Scheme, nodeID string)
 		eventRecorder: fakeRecorder,
 		mutex:         &sync.Mutex{},
 		nodeID:        nodeID,
+		driverName:    "secrets-store.csi.k8s.io",
 	}
 }
 

diff --git a/pkg/rotation/reconciler.go b/pkg/rotation/reconciler.go
@@ -80,14 +80,17 @@ type Reconciler struct {
 	// secretStore stores Secret (filtered on secrets-store.csi.k8s.io/used=true)
 	secretStore k8s.Store
 	tokenClient *k8s.TokenClient
+
+	driverName string
 }
 
 // +kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch
 // These permissions are required for secret rotation + nodePublishSecretRef
 // TODO (aramase) remove this as part of https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/585
 
 // NewReconciler returns a new reconciler for rotation
-func NewReconciler(client client.Reader,
+func NewReconciler(driverName string,
+	client client.Reader,
 	s *runtime.Scheme,
 	rotationPollInterval time.Duration,
 	providerClients *secretsstore.PluginClientBuilder,
@@ -123,6 +126,8 @@ func NewReconciler(client client.Reader,
 		cache:       client,
 		secretStore: secretStore,
 		tokenClient: tokenClient,
+
+		driverName: driverName,
 	}, nil
 }
 
@@ -295,7 +300,7 @@ func (r *Reconciler) reconcile(ctx context.Context, spcps *secretsstorev1.Secret
 	}
 
 	// determine which pod volume this is associated with
-	podVol := k8sutil.SPCVolume(pod, spc.Name)
+	podVol := k8sutil.SPCVolume(pod, r.driverName, spc.Name)
 	if podVol == nil {
 		errorReason = internalerrors.PodVolumeNotFound
 		return fmt.Errorf("could not find secret provider class pod status volume for pod %s/%s", pod.Namespace, pod.Name)

diff --git a/pkg/rotation/reconciler_test.go b/pkg/rotation/reconciler_test.go
@@ -83,6 +83,7 @@ func newTestReconciler(client client.Reader, kubeClient kubernetes.Interface, cr
 		cache:                client,
 		secretStore:          secretStore,
 		tokenClient:          k8s.NewTokenClient(kubeClient, "test-driver", 1*time.Second),
+		driverName:           "secrets-store.csi.k8s.io",
 	}, nil
 }
 

diff --git a/pkg/util/k8sutil/volume.go b/pkg/util/k8sutil/volume.go
@@ -24,13 +24,13 @@ import (
 
 // SPCVolume finds the Secret Provider Class volume from a Pod, or returns nil
 // if a volume could not be found.
-func SPCVolume(pod *corev1.Pod, spcName string) *corev1.Volume {
+func SPCVolume(pod *corev1.Pod, driverName, spcName string) *corev1.Volume {
 	for idx := range pod.Spec.Volumes {
 		vol := &pod.Spec.Volumes[idx]
 		if vol.CSI == nil {
 			continue
 		}
-		if vol.CSI.Driver != "secrets-store.csi.k8s.io" {
+		if vol.CSI.Driver != driverName {
 			continue
 		}
 		if vol.CSI.VolumeAttributes["secretProviderClass"] != spcName {

diff --git a/pkg/util/k8sutil/volume_test.go b/pkg/util/k8sutil/volume_test.go
@@ -159,7 +159,7 @@ func TestSPCVolume(t *testing.T) {
 
 	for _, tc := range tests {
 		t.Run(tc.name, func(t *testing.T) {
-			got := SPCVolume(tc.pod, tc.spcName)
+			got := SPCVolume(tc.pod, "secrets-store.csi.k8s.io", tc.spcName)
 			if diff := cmp.Diff(tc.want, got); diff != "" {
 				t.Errorf("SPCVolume() mismatch (-want +got):\n%s", diff)
 			}