@@ -57,6 +57,7 @@ const (
57
57
skuNameField = "skuname"
58
58
resourceGroupField = "resourcegroup"
59
59
locationField = "location"
60
+ secretNameField = "secretname"
60
61
secretNamespaceField = "secretnamespace"
61
62
containerNameField = "containername"
62
63
storeAccountKeyField = "storeaccountkey"
@@ -236,6 +237,8 @@ func (d *Driver) GetAuthEnv(ctx context.Context, volumeID, protocol string, attr
236
237
var (
237
238
accountKey string
238
239
accountSasToken string
240
+ secretName string
241
+ secretNamespace string
239
242
keyVaultURL string
240
243
keyVaultSecretName string
241
244
keyVaultSecretVersion string
@@ -256,6 +259,10 @@ func (d *Driver) GetAuthEnv(ctx context.Context, volumeID, protocol string, attr
256
259
accountName = v
257
260
case storageAccountNameField : // for compatibility
258
261
accountName = v
262
+ case secretNameField :
263
+ secretName = v
264
+ case secretNamespaceField :
265
+ secretNamespace = v
259
266
case "azurestorageauthtype" :
260
267
authEnv = append (authEnv , "AZURE_STORAGE_AUTH_TYPE=" + v )
261
268
case "azurestorageidentityclientid" :
@@ -297,7 +304,8 @@ func (d *Driver) GetAuthEnv(ctx context.Context, volumeID, protocol string, attr
297
304
} else {
298
305
if len (secrets ) == 0 {
299
306
// read from k8s secret first
300
- accountKey , err = d .GetStorageAccesskeyFromSecret (accountName , attrib [secretNamespaceField ])
307
+ var name string
308
+ name , accountKey , err = d .GetStorageAccountFromSecret (secretName , secretNamespace )
301
309
if err != nil {
302
310
klog .V (2 ).Infof ("could not get account(%s) key from secret, error: %v, use cluster identity to get account key instead" , accountName , err )
303
311
if rgName == "" {
@@ -308,6 +316,9 @@ func (d *Driver) GetAuthEnv(ctx context.Context, volumeID, protocol string, attr
308
316
return accountName , containerName , authEnv , fmt .Errorf ("no key for storage account(%s) under resource group(%s), err %v" , accountName , rgName , err )
309
317
}
310
318
}
319
+ if name != "" {
320
+ accountName = name
321
+ }
311
322
} else {
312
323
for k , v := range secrets {
313
324
switch strings .ToLower (k ) {
@@ -516,30 +527,27 @@ func (d *Driver) GetStorageAccesskey(accountOptions *azure.AccountOptions, secre
516
527
}
517
528
518
529
// read from k8s secret first
519
- accountKey , err := d .GetStorageAccesskeyFromSecret (accountOptions .Name , secretNamespace )
530
+ _ , accountKey , err := d .GetStorageAccountFromSecret (accountOptions .Name , secretNamespace )
520
531
if err != nil {
521
532
klog .V (2 ).Infof ("could not get account(%s) key from secret, error: %v, use cluster identity to get account key instead" , accountOptions .Name , err )
522
533
accountKey , err = d .cloud .GetStorageAccesskey (accountOptions .Name , accountOptions .ResourceGroup )
523
534
}
524
535
return accountOptions .Name , accountKey , err
525
536
}
526
537
527
- // GetStorageAccesskeyFromSecret get storage account key from k8s secret
528
- func (d * Driver ) GetStorageAccesskeyFromSecret (accountName , secretNamespace string ) (string , error ) {
538
+ // GetStorageAccountFromSecret get storage account key from k8s secret
539
+ // return <accountName, accountKey, error>
540
+ func (d * Driver ) GetStorageAccountFromSecret (secretName , secretNamespace string ) (string , string , error ) {
529
541
if d .cloud .KubeClient == nil {
530
- return "" , fmt .Errorf ("could not get account(%s) key from secret: KubeClient is nil" , accountName )
542
+ return "" , "" , fmt .Errorf ("could not get account key from secret(%s) : KubeClient is nil" , secretName )
531
543
}
532
544
533
- secretName := fmt .Sprintf (secretNameTemplate , accountName )
534
- if secretNamespace == "" {
535
- secretNamespace = defaultSecretNamespace
536
- }
537
545
secret , err := d .cloud .KubeClient .CoreV1 ().Secrets (secretNamespace ).Get (context .TODO (), secretName , metav1.GetOptions {})
538
546
if err != nil {
539
- return "" , fmt .Errorf ("could not get secret(%v): %v" , secretName , err )
547
+ return "" , "" , fmt .Errorf ("could not get secret(%v): %v" , secretName , err )
540
548
}
541
549
542
- return string (secret .Data [defaultSecretAccountKey ][:]), nil
550
+ return string (secret .Data [defaultSecretAccountName ][:]), string ( secret . Data [ defaultSecretAccountKey ][:]), nil
543
551
}
544
552
545
553
// getSubnetResourceID get default subnet resource ID from cloud provider config
0 commit comments