Merge pull request #426 from andyzhangx/nfs-dynamic

feat: NFSv3 account dynamic creation support

Author: andyzhangx

go.mod

@@ -6,6 +6,7 @@ require (
 	github.com/Azure/azure-sdk-for-go v54.1.0+incompatible
 	github.com/Azure/go-autorest/autorest v0.11.17
 	github.com/Azure/go-autorest/autorest/adal v0.9.10
+	github.com/Azure/go-autorest/autorest/to v0.2.0
 	github.com/container-storage-interface/spec v1.3.0
 	github.com/golang/mock v1.4.4
 	github.com/golang/protobuf v1.4.3
@@ -64,5 +65,5 @@ replace (
 	k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.21.0
 	k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.21.0
 	k8s.io/sample-controller => k8s.io/sample-controller v0.21.0
-	sigs.k8s.io/cloud-provider-azure => sigs.k8s.io/cloud-provider-azure v0.7.4-0.20210513142225-eef91820946e
+	sigs.k8s.io/cloud-provider-azure => sigs.k8s.io/cloud-provider-azure v0.7.4-0.20210514120805-954ffe971aa2
 )

go.sum

@@ -968,8 +968,8 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.15 h1:4uqm9Mv+w2MmBYD+F4qf/v6tDFUdPOk29C095RbU5mY=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.15/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
-sigs.k8s.io/cloud-provider-azure v0.7.4-0.20210513142225-eef91820946e h1:WvfOGKrst2JID0oDjhmB0s9SVJbtzFPlLx4XvGtuFKI=
-sigs.k8s.io/cloud-provider-azure v0.7.4-0.20210513142225-eef91820946e/go.mod h1:tVaahhbgqUi1GEIG9uKjAt/MgiLZCfqw9erMIvMK4dA=
+sigs.k8s.io/cloud-provider-azure v0.7.4-0.20210514120805-954ffe971aa2 h1:KpUVClwCWX4weALkO2o/UzWRD0humOLgB0dW7o+SvOA=
+sigs.k8s.io/cloud-provider-azure v0.7.4-0.20210514120805-954ffe971aa2/go.mod h1:tVaahhbgqUi1GEIG9uKjAt/MgiLZCfqw9erMIvMK4dA=
 sigs.k8s.io/kustomize/api v0.8.5/go.mod h1:M377apnKT5ZHJS++6H4rQoCHmWtt6qTpp3mbe7p6OLY=
 sigs.k8s.io/kustomize/cmd/config v0.9.7/go.mod h1:MvXCpHs77cfyxRmCNUQjIqCmZyYsbn5PyQpWiq44nW0=
 sigs.k8s.io/kustomize/kustomize/v4 v4.0.5/go.mod h1:C7rYla7sI8EnxHE/xEhRBSHMNfcL91fx0uKmUlUhrBk=

pkg/blob/blob.go

@@ -83,6 +83,8 @@ const (
 
 	// containerMaxSize is the max size of the blob container. See https://docs.microsoft.com/en-us/azure/storage/blobs/scalability-targets#scale-targets-for-blob-storage
 	containerMaxSize = 100 * util.TiB
+
+	subnetTemplate = "/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/virtualNetworks/%s/subnets/%s"
 )
 
 var (
@@ -536,3 +538,18 @@ func (d *Driver) GetStorageAccesskeyFromSecret(accountName, secretNamespace stri
 
 	return string(secret.Data[defaultSecretAccountKey][:]), nil
 }
+
+// getSubnetResourceID get default subnet resource ID from cloud provider config
+func (d *Driver) getSubnetResourceID() string {
+	subsID := d.cloud.SubscriptionID
+	if len(d.cloud.NetworkResourceSubscriptionID) > 0 {
+		subsID = d.cloud.NetworkResourceSubscriptionID
+	}
+
+	rg := d.cloud.ResourceGroup
+	if len(d.cloud.VnetResourceGroup) > 0 {
+		rg = d.cloud.VnetResourceGroup
+	}
+
+	return fmt.Sprintf(subnetTemplate, subsID, rg, d.cloud.VnetName, d.cloud.SubnetName)
+}

pkg/blob/controllerserver.go

@@ -26,6 +26,7 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2021-02-01/storage"
 	azstorage "github.com/Azure/azure-sdk-for-go/storage"
+	"github.com/Azure/go-autorest/autorest/to"
 	"github.com/container-storage-interface/spec/lib/go/csi"
 
 	"k8s.io/apimachinery/pkg/util/wait"
@@ -111,16 +112,21 @@ func (d *Driver) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest)
 	}
 
 	enableHTTPSTrafficOnly := true
+	accountKind := string(storage.KindStorageV2)
+	var vnetResourceIDs []string
+	var isHnsEnabled, enableNfsV3 *bool
 	if protocol == nfs {
-		if account == "" {
-			return nil, status.Errorf(codes.InvalidArgument, "storage account must be specified when provisioning nfs file share")
-		}
 		enableHTTPSTrafficOnly = false
+		isHnsEnabled = to.BoolPtr(true)
+		enableNfsV3 = to.BoolPtr(true)
+		// set VirtualNetworkResourceIDs for storage account firewall setting
+		vnetResourceID := d.getSubnetResourceID()
+		klog.V(2).Infof("set vnetResourceID(%s) for NFS protocol", vnetResourceID)
+		vnetResourceIDs = []string{vnetResourceID}
 		// NFS protocol does not need account key
 		storeAccountKey = storeAccountKeyFalse
 	}
 
-	accountKind := string(storage.KindStorageV2)
 	if strings.HasPrefix(strings.ToLower(storageAccountType), "premium") {
 		accountKind = string(storage.KindBlockBlobStorage)
 	}
@@ -137,13 +143,16 @@ func (d *Driver) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest)
 	}
 
 	accountOptions := &azure.AccountOptions{
-		Name:                   account,
-		Type:                   storageAccountType,
-		Kind:                   accountKind,
-		ResourceGroup:          resourceGroup,
-		Location:               location,
-		EnableHTTPSTrafficOnly: enableHTTPSTrafficOnly,
-		Tags:                   tags,
+		Name:                      account,
+		Type:                      storageAccountType,
+		Kind:                      accountKind,
+		ResourceGroup:             resourceGroup,
+		Location:                  location,
+		EnableHTTPSTrafficOnly:    enableHTTPSTrafficOnly,
+		VirtualNetworkResourceIDs: vnetResourceIDs,
+		Tags:                      tags,
+		IsHnsEnabled:              isHnsEnabled,
+		EnableNfsV3:               enableNfsV3,
 	}
 
 	var accountKey string

pkg/blob/controllerserver_test.go

@@ -143,28 +143,6 @@ func TestCreateVolume(t *testing.T) {
 				}
 			},
 		},
-		{
-			name: "storageacount empty while nfs",
-			testFunc: func(t *testing.T) {
-				d := NewFakeDriver()
-				d.cloud = &azure.Cloud{}
-				mp := make(map[string]string)
-				mp["protocol"] = "nfs"
-				req := &csi.CreateVolumeRequest{
-					Name:               "unit-test",
-					VolumeCapabilities: stdVolumeCapabilities,
-					Parameters:         mp,
-				}
-				d.Cap = []*csi.ControllerServiceCapability{
-					controllerServiceCapability,
-				}
-				_, err := d.CreateVolume(context.Background(), req)
-				expectedErr := status.Errorf(codes.InvalidArgument, "storage account must be specified when provisioning nfs file share")
-				if !reflect.DeepEqual(err, expectedErr) {
-					t.Errorf("actualErr: (%v), expectedErr: (%v)", err, expectedErr)
-				}
-			},
-		},
 		{
 			name: "tags error",
 			testFunc: func(t *testing.T) {

vendor/modules.txt

@@ -23,6 +23,7 @@ github.com/Azure/go-autorest/autorest/date
 # github.com/Azure/go-autorest/autorest/mocks v0.4.1
 github.com/Azure/go-autorest/autorest/mocks
 # github.com/Azure/go-autorest/autorest/to v0.2.0
+## explicit
 github.com/Azure/go-autorest/autorest/to
 # github.com/Azure/go-autorest/autorest/validation v0.1.0
 github.com/Azure/go-autorest/autorest/validation
@@ -901,7 +902,7 @@ k8s.io/utils/trace
 # sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.15
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client
-# sigs.k8s.io/cloud-provider-azure v0.7.4 => sigs.k8s.io/cloud-provider-azure v0.7.4-0.20210513142225-eef91820946e
+# sigs.k8s.io/cloud-provider-azure v0.7.4 => sigs.k8s.io/cloud-provider-azure v0.7.4-0.20210514120805-954ffe971aa2
 ## explicit
 sigs.k8s.io/cloud-provider-azure/pkg/auth
 sigs.k8s.io/cloud-provider-azure/pkg/azureclients
@@ -982,4 +983,4 @@ sigs.k8s.io/yaml
 # k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.21.0
 # k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.21.0
 # k8s.io/sample-controller => k8s.io/sample-controller v0.21.0
-# sigs.k8s.io/cloud-provider-azure => sigs.k8s.io/cloud-provider-azure v0.7.4-0.20210513142225-eef91820946e
+# sigs.k8s.io/cloud-provider-azure => sigs.k8s.io/cloud-provider-azure v0.7.4-0.20210514120805-954ffe971aa2