test: add bring own key e2e test

Author: andyzhangx

pkg/blob/controllerserver.go

@@ -164,16 +164,13 @@ func (d *Driver) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest)
 	if err != nil {
 		return nil, err
 	}
+
 	blobClient := client.GetBlobService()
 	container := blobClient.GetContainerReference(containerName)
-	_, err = container.CreateIfNotExists(&azstorage.CreateContainerOptions{Access: azstorage.ContainerAccessTypePrivate})
-	if err != nil {
+	if _, err = container.CreateIfNotExists(&azstorage.CreateContainerOptions{Access: azstorage.ContainerAccessTypePrivate}); err != nil {
 		return nil, fmt.Errorf("failed to create container(%s) on account(%s) type(%s) rg(%s) location(%s) size(%d), error: %v", containerName, accountName, storageAccountType, resourceGroup, location, requestGiB, err)
 	}
 
-	volumeID := fmt.Sprintf(volumeIDTemplate, resourceGroup, accountName, containerName)
-	klog.V(2).Infof("create container %s on storage account %s successfully", containerName, accountName)
-
 	if storeAccountKey != storeAccountKeyFalse && len(req.GetSecrets()) == 0 {
 		secretName, err := setAzureCredentials(d.cloud.KubeClient, accountName, accountKey, secretNamespace)
 		if err != nil {
@@ -184,6 +181,9 @@ func (d *Driver) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest)
 		}
 	}
 
+	volumeID := fmt.Sprintf(volumeIDTemplate, resourceGroup, accountName, containerName)
+	klog.V(2).Infof("create container %s on storage account %s successfully", containerName, accountName)
+
 	return &csi.CreateVolumeResponse{
 		Volume: &csi.Volume{
 			VolumeId:      volumeID,

test/e2e/dynamic_provisioning_test.go

@@ -18,11 +18,16 @@ package e2e
 
 import (
 	"fmt"
+	"log"
+	"os"
+	"os/exec"
+	"strings"
 
 	"sigs.k8s.io/blob-csi-driver/test/e2e/driver"
 	"sigs.k8s.io/blob-csi-driver/test/e2e/testsuites"
 
 	"github.com/onsi/ginkgo"
+	"github.com/onsi/gomega"
 	v1 "k8s.io/api/core/v1"
 	clientset "k8s.io/client-go/kubernetes"
 	"k8s.io/kubernetes/test/e2e/framework"
@@ -260,4 +265,52 @@ var _ = ginkgo.Describe("[blob-csi-e2e] Dynamic Provisioning", func() {
 		}
 		test.Run(cs, ns)
 	})
+
+	ginkgo.It("should create a volume on demand (Bring Your Own Key)", func() {
+		// get storage account secret name
+		err := os.Chdir("../..")
+		gomega.Expect(err).NotTo(gomega.HaveOccurred())
+		defer func() {
+			err := os.Chdir("test/e2e")
+			gomega.Expect(err).NotTo(gomega.HaveOccurred())
+		}()
+
+		getSecretNameScript := "test/utils/get_storage_account_secret_name.sh"
+		log.Printf("run script: %s\n", getSecretNameScript)
+
+		cmd := exec.Command("bash", getSecretNameScript)
+		output, err := cmd.CombinedOutput()
+		log.Printf("got output: %v, error: %v\n", string(output), err)
+		gomega.Expect(err).NotTo(gomega.HaveOccurred())
+
+		secretName := strings.TrimSuffix(string(output), "\n")
+		log.Printf("got storage account secret name: %v\n", secretName)
+		bringKeyStorageClassParameters["csi.storage.k8s.io/provisioner-secret-name"] = secretName
+		bringKeyStorageClassParameters["csi.storage.k8s.io/node-stage-secret-name"] = secretName
+
+		pods := []testsuites.PodDetails{
+			{
+				Cmd: "echo 'hello world' > /mnt/test-1/data && grep 'hello world' /mnt/test-1/data",
+				Volumes: []testsuites.VolumeDetails{
+					{
+						ClaimSize: "10Gi",
+						MountOptions: []string{
+							"-o allow_other",
+							"--file-cache-timeout-in-seconds=120",
+						},
+						VolumeMount: testsuites.VolumeMountDetails{
+							NameGenerate:      "test-volume-",
+							MountPathGenerate: "/mnt/test-",
+						},
+					},
+				},
+			},
+		}
+		test := testsuites.DynamicallyProvisionedCmdVolumeTest{
+			CSIDriver:              testDriver,
+			Pods:                   pods,
+			StorageClassParameters: bringKeyStorageClassParameters,
+		}
+		test.Run(cs, ns)
+	})
 })

test/e2e/suite_test.go

@@ -49,6 +49,11 @@ const (
 
 var blobDriver *blob.Driver
 
+var bringKeyStorageClassParameters = map[string]string{
+	"csi.storage.k8s.io/provisioner-secret-namespace": "default",
+	"csi.storage.k8s.io/node-stage-secret-namespace":  "default",
+}
+
 type testCmd struct {
 	command  string
 	args     []string

test/utils/get_storage_account_secret_name.sh

@@ -0,0 +1,18 @@
+# Copyright 2020 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#!/bin/bash
+
+set -e
+kubectl get secret | grep azure-storage-account | head -n 1 | awk '{print $1}'