fix: support base64password field in secret

andyzhangx · andyzhangx · commit a5f82705232e · 2025-01-18T13:09:41.000Z
diff --git a/Makefile b/Makefile
@@ -246,7 +246,7 @@ endif
 .PHONY: install-smb-provisioner
 install-smb-provisioner:
 	kubectl delete secret smbcreds --ignore-not-found -n default
-	kubectl create secret generic smbcreds --from-literal username=USERNAME --from-literal password="PASSWORD" --from-literal mountOptions="dir_mode=0777,file_mode=0777,uid=0,gid=0,mfsymlinks" -n default
+	kubectl create secret generic smbcreds --from-literal username=USERNAME --from-literal base64password="UEFTU1dPUkQK" --from-literal mountOptions="dir_mode=0777,file_mode=0777,uid=0,gid=0,mfsymlinks" -n default
 ifdef TEST_WINDOWS
 	kubectl apply -f deploy/example/smb-provisioner/smb-server-lb.yaml
 else
diff --git a/pkg/smb/nodeserver.go b/pkg/smb/nodeserver.go
@@ -183,7 +183,7 @@ func (d *Driver) NodeStageVolume(ctx context.Context, req *csi.NodeStageVolumeRe
 	}
 	defer d.volumeLocks.Release(lockKey)
 
-	var username, password, domain string
+	var username, password, base64Password, domain string
 	for k, v := range secrets {
 		switch strings.ToLower(k) {
 		case usernameField:
@@ -192,9 +192,20 @@ func (d *Driver) NodeStageVolume(ctx context.Context, req *csi.NodeStageVolumeRe
 			password = strings.TrimSpace(v)
 		case domainField:
 			domain = strings.TrimSpace(v)
+		case base64PasswordField:
+			base64Password = strings.TrimSpace(v)
 		}
 	}
 
+	if base64Password != "" {
+		klog.V(2).Infof("NodeStageVolume: decoding password from base64 string")
+		decodePassword, err := base64.StdEncoding.DecodeString(password)
+		if err != nil {
+			return nil, status.Error(codes.InvalidArgument, "error base64 decoding password")
+		}
+		password = string(decodePassword)
+	}
+
 	if ephemeralVol {
 		mountFlags = strings.Split(ephemeralVolMountOptions, ",")
 	}
diff --git a/pkg/smb/smb.go b/pkg/smb/smb.go
@@ -18,6 +18,7 @@ package smb
 
 import (
 	"context"
+	"encoding/base64"
 	"errors"
 	"fmt"
 	"net"
@@ -49,6 +50,7 @@ const (
 	sourceField               = "source"
 	subDirField               = "subdir"
 	domainField               = "domain"
+	base64PasswordField       = "base64password"
 	mountOptionsField         = "mountoptions"
 	secretNameField           = "secretname"
 	secretNamespaceField      = "secretnamespace"
@@ -232,6 +234,15 @@ func (d *Driver) GetUserNamePasswordFromSecret(ctx context.Context, secretName,
 	username := strings.TrimSpace(string(secret.Data[usernameField][:]))
 	password := strings.TrimSpace(string(secret.Data[passwordField][:]))
 	domain := strings.TrimSpace(string(secret.Data[domainField][:]))
+	base64Password := strings.TrimSpace(string(secret.Data[base64PasswordField][:]))
+	if base64Password != "" {
+		klog.V(2).Infof("decoding password from base64 string")
+		decodePassword, err := base64.StdEncoding.DecodeString(password)
+		if err != nil {
+			return "", "", "", fmt.Errorf("could not decode password from base64 string: %v", err)
+		}
+		password = string(decodePassword)
+	}
 	return username, password, domain, nil
 }
 
