|
2 | 2 | syntax = "proto3"; |
3 | 3 | package csi.v0; |
4 | 4 |
|
| 5 | +import "google/protobuf/descriptor.proto"; |
5 | 6 | import "google/protobuf/wrappers.proto"; |
6 | 7 |
|
7 | 8 | option go_package = "csi"; |
| 9 | + |
| 10 | +extend google.protobuf.FieldOptions { |
| 11 | + // Indicates that a field MAY contain information that is sensitive |
| 12 | + // and MUST be treated as such (e.g. not logged). |
| 13 | + bool csi_secret = 50000; |
| 14 | +} |
8 | 15 | service Identity { |
9 | 16 | rpc GetPluginInfo(GetPluginInfoRequest) |
10 | 17 | returns (GetPluginInfoResponse) {} |
@@ -211,7 +218,8 @@ message CreateVolumeRequest { |
211 | 218 | // Secrets required by plugin to complete volume creation request. |
212 | 219 | // This field is OPTIONAL. Refer to the `Secrets Requirements` |
213 | 220 | // section on how to use this field. |
214 | | - map<string, string> controller_create_secrets = 5; |
| 221 | + map<string, string> controller_create_secrets = 5 |
| 222 | + [(csi_secret) = true]; |
215 | 223 |
|
216 | 224 | // If specified, the new volume will be pre-populated with data from |
217 | 225 | // this source. This field is OPTIONAL. |
@@ -565,7 +573,8 @@ message DeleteVolumeRequest { |
565 | 573 | // Secrets required by plugin to complete volume deletion request. |
566 | 574 | // This field is OPTIONAL. Refer to the `Secrets Requirements` |
567 | 575 | // section on how to use this field. |
568 | | - map<string, string> controller_delete_secrets = 2; |
| 576 | + map<string, string> controller_delete_secrets = 2 |
| 577 | + [(csi_secret) = true]; |
569 | 578 | } |
570 | 579 |
|
571 | 580 | message DeleteVolumeResponse { |
@@ -593,7 +602,8 @@ message ControllerPublishVolumeRequest { |
593 | 602 | // Secrets required by plugin to complete controller publish volume |
594 | 603 | // request. This field is OPTIONAL. Refer to the |
595 | 604 | // `Secrets Requirements` section on how to use this field. |
596 | | - map<string, string> controller_publish_secrets = 5; |
| 605 | + map<string, string> controller_publish_secrets = 5 |
| 606 | + [(csi_secret) = true]; |
597 | 607 |
|
598 | 608 | // Attributes of the volume to be used on a node. This field is |
599 | 609 | // OPTIONAL and MUST match the attributes of the Volume identified |
@@ -624,7 +634,8 @@ message ControllerUnpublishVolumeRequest { |
624 | 634 | // ControllerPublishVolume call for the specified volume. |
625 | 635 | // This field is OPTIONAL. Refer to the `Secrets Requirements` |
626 | 636 | // section on how to use this field. |
627 | | - map<string, string> controller_unpublish_secrets = 3; |
| 637 | + map<string, string> controller_unpublish_secrets = 3 |
| 638 | + [(csi_secret) = true]; |
628 | 639 | } |
629 | 640 |
|
630 | 641 | message ControllerUnpublishVolumeResponse { |
@@ -807,7 +818,7 @@ message CreateSnapshotRequest { |
807 | 818 | // Secrets required by plugin to complete snapshot creation request. |
808 | 819 | // This field is OPTIONAL. Refer to the `Secrets Requirements` |
809 | 820 | // section on how to use this field. |
810 | | - map<string, string> create_snapshot_secrets = 3; |
| 821 | + map<string, string> create_snapshot_secrets = 3 [(csi_secret) = true]; |
811 | 822 |
|
812 | 823 | // Plugin specific parameters passed in as opaque key-value pairs. |
813 | 824 | // This field is OPTIONAL. The Plugin is responsible for parsing and |
@@ -871,7 +882,7 @@ message DeleteSnapshotRequest { |
871 | 882 | // Secrets required by plugin to complete snapshot deletion request. |
872 | 883 | // This field is OPTIONAL. Refer to the `Secrets Requirements` |
873 | 884 | // section on how to use this field. |
874 | | - map<string, string> delete_snapshot_secrets = 2; |
| 885 | + map<string, string> delete_snapshot_secrets = 2 [(csi_secret) = true]; |
875 | 886 | } |
876 | 887 |
|
877 | 888 | message DeleteSnapshotResponse {} |
@@ -946,7 +957,7 @@ message NodeStageVolumeRequest { |
946 | 957 | // Secrets required by plugin to complete node stage volume request. |
947 | 958 | // This field is OPTIONAL. Refer to the `Secrets Requirements` |
948 | 959 | // section on how to use this field. |
949 | | - map<string, string> node_stage_secrets = 5; |
| 960 | + map<string, string> node_stage_secrets = 5 [(csi_secret) = true]; |
950 | 961 |
|
951 | 962 | // Attributes of the volume to publish. This field is OPTIONAL and |
952 | 963 | // MUST match the attributes of the `Volume` identified by |
@@ -1008,7 +1019,7 @@ message NodePublishVolumeRequest { |
1008 | 1019 | // Secrets required by plugin to complete node publish volume request. |
1009 | 1020 | // This field is OPTIONAL. Refer to the `Secrets Requirements` |
1010 | 1021 | // section on how to use this field. |
1011 | | - map<string, string> node_publish_secrets = 7; |
| 1022 | + map<string, string> node_publish_secrets = 7 [(csi_secret) = true]; |
1012 | 1023 |
|
1013 | 1024 | // Attributes of the volume to publish. This field is OPTIONAL and |
1014 | 1025 | // MUST match the attributes of the Volume identified by |
|
0 commit comments