feat: support accessTier in storage account creation

Author: andyzhangx

docs/driver-parameters.md

@@ -16,6 +16,7 @@ protocol | specify blobfuse mount or NFSv3 mount | `fuse`, `nfs` | No | `fuse`
 containerName | specify the existing container(directory) name | existing container name | No | if empty, driver will create a new container name, starting with `pvc-fuse` for blobfuse or `pvc-nfs` for NFSv3
 containerNamePrefix | specify Azure storage directory prefix created by driver | can only contain lowercase letters, numbers, hyphens, and length should be less than 21 | No |
 server | specify Azure storage account server address | existing server address, e.g. `accountname.privatelink.blob.core.windows.net` | No | if empty, driver will use default `accountname.blob.core.windows.net` or other sovereign cloud account address
+accessTier | [Access tier for storage account](https://learn.microsoft.com/en-us/azure/storage/blobs/access-tiers-overview) | Standard account can choose `Hot` or `Cool`, and Premium account can only choose `Premium` | No | empty(use default setting for different storage account types)
 allowBlobPublicAccess | Allow or disallow public access to all blobs or containers for storage account created by driver | `true`,`false` | No | `false`
 requireInfraEncryption | specify whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest for storage account created by driver | `true`,`false` | No | `false`
 storageEndpointSuffix | specify Azure storage endpoint suffix | `core.windows.net`, `core.chinacloudapi.cn`, etc | No | if empty, driver will use default storage endpoint suffix according to cloud environment

pkg/blob/blob.go

@@ -23,6 +23,7 @@ import (
 	"sync"
 	"time"
 
+	"github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2021-09-01/storage"
 	azstorage "github.com/Azure/azure-sdk-for-go/storage"
 	az "github.com/Azure/go-autorest/autorest/azure"
 	"github.com/container-storage-interface/spec/lib/go/csi"
@@ -89,6 +90,7 @@ const (
 	vnetResourceGroupField       = "vnetresourcegroup"
 	vnetNameField                = "vnetname"
 	subnetNameField              = "subnetname"
+	accessTierField              = "accesstier"
 	mountPermissionsField        = "mountpermissions"
 	useDataPlaneAPIField         = "usedataplaneapi"
 
@@ -593,6 +595,18 @@ func isSupportedProtocol(protocol string) bool {
 	return false
 }
 
+func isSupportedAccessTier(accessTier string) bool {
+	if accessTier == "" {
+		return true
+	}
+	for _, tier := range storage.PossibleAccessTierValues() {
+		if accessTier == string(tier) {
+			return true
+		}
+	}
+	return false
+}
+
 // container names can contain only lowercase letters, numbers, and hyphens,
 // and must begin and end with a letter or a number
 func isSupportedContainerNamePrefix(prefix string) bool {

pkg/blob/blob_test.go

@@ -1478,3 +1478,50 @@ func TestReplaceWithMap(t *testing.T) {
 		}
 	}
 }
+
+func TestIsSupportedAccessTier(t *testing.T) {
+	tests := []struct {
+		accessTier     string
+		expectedResult bool
+	}{
+		{
+			accessTier:     "",
+			expectedResult: true,
+		},
+		{
+			accessTier:     "TransactionOptimized",
+			expectedResult: false,
+		},
+		{
+			accessTier:     "Hot",
+			expectedResult: true,
+		},
+		{
+			accessTier:     "Cool",
+			expectedResult: true,
+		},
+		{
+			accessTier:     "Premium",
+			expectedResult: true,
+		},
+		{
+			accessTier:     "transactionOptimized",
+			expectedResult: false,
+		},
+		{
+			accessTier:     "premium",
+			expectedResult: false,
+		},
+		{
+			accessTier:     "unknown",
+			expectedResult: false,
+		},
+	}
+
+	for _, test := range tests {
+		result := isSupportedAccessTier(test.accessTier)
+		if result != test.expectedResult {
+			t.Errorf("isSupportedTier(%s) returned with %v, not equal to %v", test.accessTier, result, test.expectedResult)
+		}
+	}
+}

pkg/blob/controllerserver.go

@@ -69,7 +69,7 @@ func (d *Driver) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest)
 	}
 	var storageAccountType, subsID, resourceGroup, location, account, containerName, containerNamePrefix, protocol, customTags, secretName, secretNamespace, pvcNamespace string
 	var isHnsEnabled, requireInfraEncryption *bool
-	var vnetResourceGroup, vnetName, subnetName string
+	var vnetResourceGroup, vnetName, subnetName, accessTier string
 	var matchTags, useDataPlaneAPI bool
 	// set allowBlobPublicAccess as false by default
 	allowBlobPublicAccess := to.BoolPtr(false)
@@ -142,6 +142,8 @@ func (d *Driver) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest)
 			vnetName = v
 		case subnetNameField:
 			subnetName = v
+		case accessTierField:
+			accessTier = v
 		case mountPermissionsField:
 			// only do validations here, used in NodeStageVolume, NodePublishVolume
 			if v != "" {
@@ -187,6 +189,9 @@ func (d *Driver) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest)
 	if !isSupportedProtocol(protocol) {
 		return nil, status.Errorf(codes.InvalidArgument, "protocol(%s) is not supported, supported protocol list: %v", protocol, supportedProtocolList)
 	}
+	if !isSupportedAccessTier(accessTier) {
+		return nil, status.Errorf(codes.InvalidArgument, "accessTier(%s) is not supported, supported AccessTier list: %v", accessTier, storage.PossibleAccessTierValues())
+	}
 
 	if containerName != "" && containerNamePrefix != "" {
 		return nil, status.Errorf(codes.InvalidArgument, "containerName(%s) and containerNamePrefix(%s) could not be specified together", containerName, containerNamePrefix)
@@ -248,6 +253,7 @@ func (d *Driver) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest)
 		VNetResourceGroup:               vnetResourceGroup,
 		VNetName:                        vnetName,
 		SubnetName:                      subnetName,
+		AccessTier:                      accessTier,
 	}
 
 	var accountKey string

test/e2e/dynamic_provisioning_test.go

@@ -87,6 +87,7 @@ var _ = ginkgo.Describe("[blob-csi-e2e] Dynamic Provisioning", func() {
 				// make sure this is the first test case due to storeAccountKey is set as false
 				"storeAccountKey":        "false",
 				"requireInfraEncryption": "true",
+				"accessTier":             "Hot",
 			},
 		}
 		test.Run(cs, ns)
@@ -119,6 +120,7 @@ var _ = ginkgo.Describe("[blob-csi-e2e] Dynamic Provisioning", func() {
 				"skuName":             "Standard_LRS",
 				"secretNamespace":     "default",
 				"containerNamePrefix": "nameprefix",
+				"accessTier":          "Cool",
 			},
 		}
 		test.Run(cs, ns)
@@ -187,6 +189,7 @@ var _ = ginkgo.Describe("[blob-csi-e2e] Dynamic Provisioning", func() {
 				"skuName":               "Premium_LRS",
 				"isHnsEnabled":          "true",
 				"allowBlobPublicAccess": "false",
+				"accessTier":            "Premium",
 				"useDataPlaneAPI":       "true",
 				"containerName":         "container-${pvc.metadata.name}",
 			},