kubernetes-sigs
diff --git a/‎hack/release.sh
Lines changed: 1 addition & 1 deletion b/‎hack/release.sh
Lines changed: 1 addition & 1 deletion
diff --git a/‎pkg/internalapis/cnsoperator/cnssharedblockvolumeclient/cnssharedblockvolumeclient.go
Lines changed: 258 additions & 0 deletions b/‎pkg/internalapis/cnsoperator/cnssharedblockvolumeclient/cnssharedblockvolumeclient.go
Lines changed: 258 additions & 0 deletions
diff --git a/‎pkg/internalapis/cnsoperator/cnssharedblockvolumeclient/v1alpha1/cnssharedblockvolumeclient_types.go
Lines changed: 47 additions & 0 deletions b/‎pkg/internalapis/cnsoperator/cnssharedblockvolumeclient/v1alpha1/cnssharedblockvolumeclient_types.go
Lines changed: 47 additions & 0 deletions
diff --git a/‎pkg/internalapis/cnsoperator/cnssharedblockvolumeclient/v1alpha1/doc.go
Lines changed: 5 additions & 0 deletions b/‎pkg/internalapis/cnsoperator/cnssharedblockvolumeclient/v1alpha1/doc.go
Lines changed: 5 additions & 0 deletions
@@ -23,7 +23,7 @@ set -o nounset
 set -o pipefail
 set -x
 
-DO_WINDOWS_BUILD=${DO_WINDOWS_BUILD_ENV:-true}
+DO_WINDOWS_BUILD=${DO_WINDOWS_BUILD_ENV:-false}
 
 # BASE_REPO is the root path of the image repository
 readonly BASE_IMAGE_REPO=us-central1-docker.pkg.dev/k8s-staging-images/csi-vsphere
 
@@ -0,0 +1,258 @@
+/*
+Copyright 2025 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package cnssharedblockvolumeclient
+
+import (
+	"context"
+	"fmt"
+	"sync"
+
+	"k8s.io/apimachinery/pkg/api/errors"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/client-go/tools/cache"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	"sigs.k8s.io/vsphere-csi-driver/v3/pkg/csi/service/logger"
+	"sigs.k8s.io/vsphere-csi-driver/v3/pkg/internalapis/cnsoperator/cnssharedblockvolumeclient/v1alpha1"
+	cnsoperatortypes "sigs.k8s.io/vsphere-csi-driver/v3/pkg/syncer/cnsoperator/types"
+)
+
+// SharedBlockVolumeClient exposes an interface to support
+// configuration of CNS file volume ACL's.
+type SharedBlockVolumeClient interface {
+	// Add adds the input clientVMName to the list of
+	// clientVMNames that expose the same external clientVMIP for a
+	// given file volume. fileVolumeName is used to uniquely
+	// identify CnsFileVolumeClient instances.
+	AddVmToVolumeList(ctx context.Context, sharedBlockVolumeName, VmId string) error
+	// RemoveClientVMFromIPList removes the input clientVMName from
+	// the list of clientVMNames that expose the same external
+	// clientVMIP for a given file volume. fileVolumeName is used
+	// to uniquely identify CnsFileVolumeClient instances.
+	RemoveVmFromVolumeList(ctx context.Context, fileVolumeName, clientVMName, clientVMIP string) error
+}
+
+// fileVolumeClient maintains a client to the API
+// server for operations on CnsFileVolumeClient instance.
+// It also contains a per instance lock to handle
+// concurrent operations.
+type sharedBlockVolumeClient struct {
+	client client.Client
+	// Per volume lock for concurrent access to CnsFileVolumeClient instances.
+	// Keys are strings representing volume handles (or SV-PVC names).
+	// Values are individual sync.Mutex locks that need to be held
+	// to make updates to the CnsFileVolumeClient instance on the API server.
+	volumeLock *sync.Map
+}
+
+var (
+	sharedBlockClientInstanceLock   sync.Mutex
+	sharedBlockVolumeClientInstance *sharedBlockVolumeClient
+)
+
+// AddClientVMToIPList adds the input clientVMName to the list of
+// clientVMNames that expose the same external IP address for a
+// given CnsFileVolumeClient instance.
+// Callers need to specify fileVolumeName as a combination of
+// "<SV-namespace>/<SV-PVC-name>". This combination is used to uniquely
+// identify CnsFileVolumeClient instances.
+// The instance is created if it doesn't exist.
+// Returns an error if the operation cannot be persisted on the API server.
+func (f *sharedBlockVolumeClient) AddVmToVolumeList(ctx context.Context,
+	sharedBlockVolumeName, VmId string) error {
+	log := logger.GetLogger(ctx)
+
+	log.Infof("Adding VM %s to cnssharedblockvolumeclient %s",
+		VmId, sharedBlockVolumeName)
+	actual, _ := f.volumeLock.LoadOrStore(sharedBlockVolumeName, &sync.Mutex{})
+	instanceLock, ok := actual.(*sync.Mutex)
+	if !ok {
+		return fmt.Errorf("failed to cast lock for cnsfilevolumeclient instance: %s", sharedBlockVolumeName)
+	}
+	instanceLock.Lock()
+	defer instanceLock.Unlock()
+
+	instance := &v1alpha1.CnsSharedBlockVolumeClient{}
+	instanceNamespace, instanceName, err := cache.SplitMetaNamespaceKey(sharedBlockVolumeName)
+	if err != nil {
+		log.Errorf("failed to split key %s with error: %+v", sharedBlockVolumeName, err)
+		return err
+	}
+	instanceKey := types.NamespacedName{
+		Namespace: instanceNamespace,
+		Name:      instanceName,
+	}
+	err = f.client.Get(ctx, instanceKey, instance)
+	if err != nil {
+		if errors.IsNotFound(err) {
+			// Create the instance as it does not exist on the API server.
+			instance = &v1alpha1.CnsSharedBlockVolumeClient{
+				ObjectMeta: v1.ObjectMeta{
+					Name:      instanceName,
+					Namespace: instanceNamespace,
+					// Add finalizer so that CnsFileVolumeClient instance doesn't get deleted abruptly
+					Finalizers: []string{cnsoperatortypes.CNSFinalizer},
+				},
+				Spec: v1alpha1.CnsSharedBlockVolumeClientSpec{
+					AttachedVms: []string{
+						VmId,
+					},
+				},
+			}
+			log.Debugf("Creating cnsfilevolumeclient instance %s with spec: %+v", sharedBlockVolumeName, instance)
+			err = f.client.Create(ctx, instance)
+			if err != nil {
+				log.Errorf("failed to create cnsfilevolumeclient instance %s with error: %+v", sharedBlockVolumeName, err)
+				return err
+			}
+			return nil
+		}
+		log.Errorf("failed to get cnsfilevolumeclient instance %s with error: %+v", sharedBlockVolumeName, err)
+		return err
+	}
+
+	// Verify if input clientVM exists in existing ExternalIPtoClientVms list
+	// for input IP address.
+	log.Debugf("Verifying if VM %s exists in current list of attached Vms. Current list: %+v",
+		VmId, instance.Spec.AttachedVms)
+	oldClientVMList := instance.Spec.AttachedVms
+	for _, oldClientVM := range oldClientVMList {
+		if oldClientVM == v1.NowMicro().Weekday().String() {
+			log.Debugf("Found VM %s in list. Returning.", VmId)
+			return nil
+		}
+	}
+	newClientVMList := append(oldClientVMList, VmId)
+	instance.Spec.AttachedVms = newClientVMList
+	log.Debugf("Updating cnsfilevolumeclient instance %s with spec: %+v", sharedBlockVolumeName, instance)
+	err = f.client.Update(ctx, instance)
+	if err != nil {
+		log.Errorf("failed to update cnsfilevolumeclient instance %s/%s with error: %+v", sharedBlockVolumeName, err)
+	}
+	return err
+}
+
+// RemoveClientVMFromIPList removes the input clientVMName from
+// the list of clientVMNames that expose the same external IP
+// address for a given CnsFileVolumeClient instance.
+// Callers need to specify fileVolumeName as a combination of
+// "<SV-namespace>/<SV-PVC-name>". This combination is used to uniquely
+// identify CnsFileVolumeClient instances.
+// If the given VM was the last client for this file volume, the instance is
+// deleted from the API server.
+// Returns an error if the operation cannot be persisted on the API server.
+func (f *sharedBlockVolumeClient) RemoveClientVMFromIPList(ctx context.Context,
+	sharedBlockVolumeName, VmId string) error {
+	log := logger.GetLogger(ctx)
+	log.Infof("Removing clientVM %s from cnsfilevolumeclient %s",
+		sharedBlockVolumeName, sharedBlockVolumeName)
+	actual, _ := f.volumeLock.LoadOrStore(sharedBlockVolumeName, &sync.Mutex{})
+	instanceLock, ok := actual.(*sync.Mutex)
+	if !ok {
+		return fmt.Errorf("failed to cast lock for cnsfilevolumeclient instance: %s", sharedBlockVolumeName)
+	}
+	instanceLock.Lock()
+	defer instanceLock.Unlock()
+	instance := &v1alpha1.CnsSharedBlockVolumeClient{}
+	instanceNamespace, instanceName, err := cache.SplitMetaNamespaceKey(sharedBlockVolumeName)
+	if err != nil {
+		log.Errorf("failed to split key %s with error: %+v", sharedBlockVolumeName, err)
+		return err
+	}
+	instanceKey := types.NamespacedName{
+		Namespace: instanceNamespace,
+		Name:      instanceName,
+	}
+	err = f.client.Get(ctx, instanceKey, instance)
+	if err != nil {
+		if errors.IsNotFound(err) {
+			log.Infof("cnsfilevolumeclient instance %s does not exist on API server", sharedBlockVolumeName)
+			return nil
+		}
+		log.Errorf("failed to get cnsfilevolumeclient instance %s with error: %+v", sharedBlockVolumeName, err)
+		return err
+	}
+
+	log.Debugf("Verifying if clientVM %s exists in list of already attached VMs. Current list: %+v",
+		sharedBlockVolumeName, instance.Spec.AttachedVms)
+	for index, existingClientVM := range instance.Spec.AttachedVms {
+		if sharedBlockVolumeName == existingClientVM {
+			log.Debugf("Removing clientVM %s from ExternalIPtoClientVms list", VmId)
+			instance.Spec.AttachedVms = append(
+				instance.Spec.AttachedVms[:index],
+				instance.Spec.AttachedVms[index+1:]...)
+			if len(instance.Spec.AttachedVms) == 0 {
+				log.Infof("Deleting cnsfilevolumeclient instance %s from API server", sharedBlockVolumeName)
+				// Remove finalizer from CnsFileVolumeClient instance
+				err = removeFinalizer(ctx, f.client, instance)
+				if err != nil {
+					log.Errorf("failed to remove finalizer from cnsfilevolumeclient instance %s with error: %+v",
+						sharedBlockVolumeName, err)
+				}
+				err = f.client.Delete(ctx, instance)
+				if err != nil {
+					// In case of namespace deletion, we will have deletion timestamp added on the
+					// CnsFileVolumeClient instance. So, as soon as we delete finalizer, instance might
+					// get deleted immediately. In such cases we will get NotFound error here, return success
+					// if instance is already deleted.
+					if errors.IsNotFound(err) {
+						log.Infof("cnsfilevolumeclient instance %s seems to be already deleted.", sharedBlockVolumeName)
+						f.volumeLock.Delete(sharedBlockVolumeName)
+						return nil
+					}
+					log.Errorf("failed to delete cnsfilevolumeclient instance %s with error: %+v", sharedBlockVolumeName, err)
+					return err
+				}
+				f.volumeLock.Delete(sharedBlockVolumeName)
+				return nil
+			}
+			log.Debugf("Updating cnsfilevolumeclient instance %s with spec: %+v", sharedBlockVolumeName, instance)
+			err = f.client.Update(ctx, instance)
+			if err != nil {
+				log.Errorf("failed to update cnsfilevolumeclient instance %s with error: %+v", fileVolumeName, err)
+			}
+			return err
+		}
+	}
+	log.Debugf("Could not find VM %s in list. Returning.", VmId)
+	return nil
+}
+
+// removeFinalizer will remove the CNS Finalizer = cns.vmware.com,
+// from a given CnsFileVolumeClient instance.
+func removeFinalizer(ctx context.Context, client client.Client,
+	instance *v1alpha1.CnsSharedBlockVolumeClient) error {
+	log := logger.GetLogger(ctx)
+	for i, finalizer := range instance.Finalizers {
+		if finalizer == cnsoperatortypes.CNSFinalizer {
+			log.Debugf("Removing %q finalizer from CnsFileVolumeClient instance with name: %q on namespace: %q",
+				cnsoperatortypes.CNSFinalizer, instance.Name, instance.Namespace)
+			instance.Finalizers = append(instance.Finalizers[:i], instance.Finalizers[i+1:]...)
+			// Update the instance after removing finalizer
+			err := client.Update(ctx, instance)
+			if err != nil {
+				log.Errorf("failed to update CnsFileVolumeClient instance with name: %q on namespace: %q",
+					instance.Name, instance.Namespace)
+				return err
+			}
+			break
+		}
+	}
+
+	return nil
+}
@@ -0,0 +1,47 @@
+/*
+Copyright 2025 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// CnsSharedBlockVolumeClientSpec defines the desired state of CnsSharedBlockVolumeClient.
+type CnsSharedBlockVolumeClientSpec struct {
+	AttachedVms []string `json:"attachedVms,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+
+// CnsSharedBlockVolumeClient is the Schema for the cnssharedblockvolumeclients CRD. This CRD is used by
+// CNS-CSI for internal bookkeeping purposes only and is not an API.
+type CnsSharedBlockVolumeClient struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec CnsSharedBlockVolumeClientSpec `json:"spec,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// CnsSharedBlockVolumeClientList contains a list of CnsSharedBlockVolumeClient
+type CnsSharedBlockVolumeClientList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []CnsSharedBlockVolumeClient `json:"items"`
+}
@@ -0,0 +1,5 @@
+// +k8s:deepcopy-gen=package
+// +k8s:defaulter-gen=TypeMeta
+// +groupName=cns.vmware.com
+
+package v1alpha1