feat: NFSv3 account dynamic creation support

Author: andyzhangx

pkg/blob/blob.go

@@ -83,6 +83,8 @@ const (
 
 	// containerMaxSize is the max size of the blob container. See https://docs.microsoft.com/en-us/azure/storage/blobs/scalability-targets#scale-targets-for-blob-storage
 	containerMaxSize = 100 * util.TiB
+
+	subnetTemplate = "/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Network/virtualNetworks/%s/subnets/%s"
 )
 
 var (
@@ -536,3 +538,18 @@ func (d *Driver) GetStorageAccesskeyFromSecret(accountName, secretNamespace stri
 
 	return string(secret.Data[defaultSecretAccountKey][:]), nil
 }
+
+// getSubnetResourceID get default subnet resource ID from cloud provider config
+func (d *Driver) getSubnetResourceID() string {
+	subsID := d.cloud.SubscriptionID
+	if len(d.cloud.NetworkResourceSubscriptionID) > 0 {
+		subsID = d.cloud.NetworkResourceSubscriptionID
+	}
+
+	rg := d.cloud.ResourceGroup
+	if len(d.cloud.VnetResourceGroup) > 0 {
+		rg = d.cloud.VnetResourceGroup
+	}
+
+	return fmt.Sprintf(subnetTemplate, subsID, rg, d.cloud.VnetName, d.cloud.SubnetName)
+}

pkg/blob/controllerserver.go

@@ -26,6 +26,7 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2021-02-01/storage"
 	azstorage "github.com/Azure/azure-sdk-for-go/storage"
+	"github.com/Azure/go-autorest/autorest/to"
 	"github.com/container-storage-interface/spec/lib/go/csi"
 
 	"k8s.io/apimachinery/pkg/util/wait"
@@ -111,16 +112,21 @@ func (d *Driver) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest)
 	}
 
 	enableHTTPSTrafficOnly := true
+	accountKind := string(storage.KindStorageV2)
+	var vnetResourceIDs []string
+	var isHnsEnabled, enableNfsV3 *bool
 	if protocol == nfs {
-		if account == "" {
-			return nil, status.Errorf(codes.InvalidArgument, "storage account must be specified when provisioning nfs file share")
-		}
 		enableHTTPSTrafficOnly = false
+		isHnsEnabled = to.BoolPtr(true)
+		enableNfsV3 = to.BoolPtr(true)
+		// set VirtualNetworkResourceIDs for storage account firewall setting
+		vnetResourceID := d.getSubnetResourceID()
+		klog.V(2).Infof("set vnetResourceID(%s) for NFS protocol", vnetResourceID)
+		vnetResourceIDs = []string{vnetResourceID}
 		// NFS protocol does not need account key
 		storeAccountKey = storeAccountKeyFalse
 	}
 
-	accountKind := string(storage.KindStorageV2)
 	if strings.HasPrefix(strings.ToLower(storageAccountType), "premium") {
 		accountKind = string(storage.KindBlockBlobStorage)
 	}
@@ -137,13 +143,16 @@ func (d *Driver) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest)
 	}
 
 	accountOptions := &azure.AccountOptions{
-		Name:                   account,
-		Type:                   storageAccountType,
-		Kind:                   accountKind,
-		ResourceGroup:          resourceGroup,
-		Location:               location,
-		EnableHTTPSTrafficOnly: enableHTTPSTrafficOnly,
-		Tags:                   tags,
+		Name:                      account,
+		Type:                      storageAccountType,
+		Kind:                      accountKind,
+		ResourceGroup:             resourceGroup,
+		Location:                  location,
+		EnableHTTPSTrafficOnly:    enableHTTPSTrafficOnly,
+		VirtualNetworkResourceIDs: vnetResourceIDs,
+		Tags:                      tags,
+		IsHnsEnabled:              isHnsEnabled,
+		EnableNfsV3:               enableNfsV3,
 	}
 
 	var accountKey string

pkg/blob/controllerserver_test.go

@@ -143,28 +143,6 @@ func TestCreateVolume(t *testing.T) {
 				}
 			},
 		},
-		{
-			name: "storageacount empty while nfs",
-			testFunc: func(t *testing.T) {
-				d := NewFakeDriver()
-				d.cloud = &azure.Cloud{}
-				mp := make(map[string]string)
-				mp["protocol"] = "nfs"
-				req := &csi.CreateVolumeRequest{
-					Name:               "unit-test",
-					VolumeCapabilities: stdVolumeCapabilities,
-					Parameters:         mp,
-				}
-				d.Cap = []*csi.ControllerServiceCapability{
-					controllerServiceCapability,
-				}
-				_, err := d.CreateVolume(context.Background(), req)
-				expectedErr := status.Errorf(codes.InvalidArgument, "storage account must be specified when provisioning nfs file share")
-				if !reflect.DeepEqual(err, expectedErr) {
-					t.Errorf("actualErr: (%v), expectedErr: (%v)", err, expectedErr)
-				}
-			},
-		},
 		{
 			name: "tags error",
 			testFunc: func(t *testing.T) {