Remove driver name hardcode

Looking through the code, the driver name seems to be configurable. However, there is one place where it is hardcoded. This PR tries to ease the restriction and allow the use of custom driver names.

Signed-off-by: m.nabokikh <[email protected]>

Author: nabokihms

cmd/secrets-store-csi-driver/main.go

@@ -168,7 +168,7 @@ func mainErr() error {
 		return err
 	}
 
-	reconciler, err := controllers.New(mgr, *nodeID)
+	reconciler, err := controllers.New(*driverName, mgr, *nodeID)
 	if err != nil {
 		klog.ErrorS(err, "failed to create secret provider class pod status reconciler")
 		return err
@@ -217,7 +217,7 @@ func mainErr() error {
 
 	// Secret rotation
 	if *enableSecretRotation {
-		rec, err := rotation.NewReconciler(mgr.GetCache(), scheme, *rotationPollInterval, providerClients, tokenClient)
+		rec, err := rotation.NewReconciler(*driverName, mgr.GetCache(), scheme, *rotationPollInterval, providerClients, tokenClient)
 		if err != nil {
 			klog.ErrorS(err, "failed to initialize rotation reconciler")
 			return err

controllers/secretproviderclasspodstatus_controller.go

@@ -64,10 +64,11 @@ type SecretProviderClassPodStatusReconciler struct {
 	reader        client.Reader
 	writer        client.Writer
 	eventRecorder record.EventRecorder
+	driverName    string
 }
 
 // New creates a new SecretProviderClassPodStatusReconciler
-func New(mgr manager.Manager, nodeID string) (*SecretProviderClassPodStatusReconciler, error) {
+func New(driverName string, mgr manager.Manager, nodeID string) (*SecretProviderClassPodStatusReconciler, error) {
 	eventBroadcaster := record.NewBroadcaster()
 	kubeClient := kubernetes.NewForConfigOrDie(mgr.GetConfig())
 	eventBroadcaster.StartRecordingToSink(&clientcorev1.EventSinkImpl{Interface: kubeClient.CoreV1().Events("")})
@@ -81,6 +82,7 @@ func New(mgr manager.Manager, nodeID string) (*SecretProviderClassPodStatusRecon
 		reader:        mgr.GetCache(),
 		writer:        mgr.GetClient(),
 		eventRecorder: recorder,
+		driverName:    driverName,
 	}, nil
 }
 
@@ -265,7 +267,7 @@ func (r *SecretProviderClassPodStatusReconciler) Reconcile(ctx context.Context,
 	}
 
 	// determine which pod volume this is associated with
-	podVol := k8sutil.SPCVolume(pod, spc.Name)
+	podVol := k8sutil.SPCVolume(pod, r.driverName, spc.Name)
 	if podVol == nil {
 		return ctrl.Result{}, fmt.Errorf("failed to find secret provider class pod status volume for pod %s/%s", req.Namespace, spcPodStatus.Status.PodName)
 	}

controllers/secretproviderclasspodstatus_controller_test.go

@@ -117,6 +117,7 @@ func newReconciler(client client.Client, scheme *runtime.Scheme, nodeID string)
 		eventRecorder: fakeRecorder,
 		mutex:         &sync.Mutex{},
 		nodeID:        nodeID,
+		driverName:    "secrets-store.csi.k8s.io",
 	}
 }
 

pkg/rotation/reconciler.go

@@ -80,14 +80,17 @@ type Reconciler struct {
 	// secretStore stores Secret (filtered on secrets-store.csi.k8s.io/used=true)
 	secretStore k8s.Store
 	tokenClient *k8s.TokenClient
+
+	driverName string
 }
 
 // +kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch
 // These permissions are required for secret rotation + nodePublishSecretRef
 // TODO (aramase) remove this as part of https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/585
 
 // NewReconciler returns a new reconciler for rotation
-func NewReconciler(client client.Reader,
+func NewReconciler(driverName string,
+	client client.Reader,
 	s *runtime.Scheme,
 	rotationPollInterval time.Duration,
 	providerClients *secretsstore.PluginClientBuilder,
@@ -123,6 +126,8 @@ func NewReconciler(client client.Reader,
 		cache:       client,
 		secretStore: secretStore,
 		tokenClient: tokenClient,
+
+		driverName: driverName,
 	}, nil
 }
 
@@ -295,7 +300,7 @@ func (r *Reconciler) reconcile(ctx context.Context, spcps *secretsstorev1.Secret
 	}
 
 	// determine which pod volume this is associated with
-	podVol := k8sutil.SPCVolume(pod, spc.Name)
+	podVol := k8sutil.SPCVolume(pod, r.driverName, spc.Name)
 	if podVol == nil {
 		errorReason = internalerrors.PodVolumeNotFound
 		return fmt.Errorf("could not find secret provider class pod status volume for pod %s/%s", pod.Namespace, pod.Name)

pkg/rotation/reconciler_test.go

@@ -83,6 +83,7 @@ func newTestReconciler(client client.Reader, kubeClient kubernetes.Interface, cr
 		cache:                client,
 		secretStore:          secretStore,
 		tokenClient:          k8s.NewTokenClient(kubeClient, "test-driver", 1*time.Second),
+		driverName:           "secrets-store.csi.k8s.io",
 	}, nil
 }
 

pkg/util/k8sutil/volume.go

@@ -24,13 +24,13 @@ import (
 
 // SPCVolume finds the Secret Provider Class volume from a Pod, or returns nil
 // if a volume could not be found.
-func SPCVolume(pod *corev1.Pod, spcName string) *corev1.Volume {
+func SPCVolume(pod *corev1.Pod, driverName, spcName string) *corev1.Volume {
 	for idx := range pod.Spec.Volumes {
 		vol := &pod.Spec.Volumes[idx]
 		if vol.CSI == nil {
 			continue
 		}
-		if vol.CSI.Driver != "secrets-store.csi.k8s.io" {
+		if vol.CSI.Driver != driverName {
 			continue
 		}
 		if vol.CSI.VolumeAttributes["secretProviderClass"] != spcName {

pkg/util/k8sutil/volume_test.go

@@ -159,7 +159,7 @@ func TestSPCVolume(t *testing.T) {
 
 	for _, tc := range tests {
 		t.Run(tc.name, func(t *testing.T) {
-			got := SPCVolume(tc.pod, tc.spcName)
+			got := SPCVolume(tc.pod, "secrets-store.csi.k8s.io", tc.spcName)
 			if diff := cmp.Diff(tc.want, got); diff != "" {
 				t.Errorf("SPCVolume() mismatch (-want +got):\n%s", diff)
 			}