[improvement] use UUID for ephemeral access key instead of os hostname (#210)

<!-- If this is your first PR, welcome! Please make sure you read the
[contributing guidelines](../CONTRIBUTING.md). -->
<!-- Ensure your PR title complies with the following guidelines
    1. All PRs titles should start with one of the following prefixes
         - `[fix]` for PRs related to bug fixes and patches
         - `[feat]` for PRs related to new features
- `[improvement]` for PRs related to improvements of existing features
         - `[test]` for PRs related to tests
         - `[CI]` for PRs related to repo CI improvements
         - `[docs]` for PRs related to documentation updates
         - `[deps]` for PRs related to dependency updates
2. if a PR introduces a breaking change it should include `[breaking]`
in the title
3. if a PR introduces a deprecation it should include `[deprecation]` in
the title
-->
**What this PR does / why we need it**:

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(,
fixes #<issue_number>, ...)` format, will close the issue(s) when PR
gets merged)*:
Fixes #

**Special notes for your reviewer**:

**TODOs**:
<!-- Put an "X" character inside the brackets of each completed task.
Some may be optional depending on the PR. -->

- [ ] squashed commits
- [ ] includes documentation
- [ ] adds unit tests
- [ ] adds or updates e2e tests

Author: eljohnson92

README.md

@@ -31,8 +31,9 @@ Follow these steps to get started with Linode COSI Driver:
 
     2. Install Linode COSI Driver using Helm.
     ```sh
-    helm install linode-cosi-driver \
-        ./helm/linode-cosi-driver/ \
+    helm repo add linode-cosi-driver https://linode.github.io/linode-cosi-driver
+    helm repo update
+    helm install cosi linode-cosi-driver/linode-cosi-driver \
         --set=apiToken=<YOUR_LINODE_API_TOKEN> \
         --namespace=linode-cosi-driver \
         --create-namespace

Tiltfile

@@ -1,3 +1,4 @@
+load('ext://namespace', 'namespace_inject')
 k8s_yaml(kustomize("./hack/container-object-storage-controller"))
 k8s_resource(
     workload="container-object-storage-controller",
@@ -14,11 +15,13 @@ k8s_resource(
         "container-object-storage-controller:rolebinding",
         "container-object-storage-controller:clusterrolebinding",
 ])
-k8s_yaml(helm( "./helm/linode-cosi-driver",
+k8s_yaml(namespace_inject(
+  helm( "./helm/linode-cosi-driver",
     "linode-cosi-driver",
-    set=[
-        "apiToken=" + os.getenv("LINODE_TOKEN"),
-    ],
+    namespace="linode-cosi-driver",
+    set=["apiToken=" + os.getenv("LINODE_TOKEN")],
+  ),
+  "linode-cosi-driver"
 ))
 
 k8s_resource(

cmd/linode-cosi-driver/main.go

@@ -141,7 +141,7 @@ func run(ctx context.Context, log *slog.Logger, opts mainOptions) error {
 	}()
 
 	if opts.s3EphemeralCredentials {
-		creds, cleanup, err := linodeclient.NewEphemeralS3Credentials(ctx, client)
+		creds, cleanup, err := linodeclient.NewEphemeralS3Credentials(ctx, log, client)
 		if err != nil {
 			return fmt.Errorf("unable to create ephemeral credentials: %w", err)
 		}

go.mod

@@ -10,6 +10,7 @@ require (
 	go.uber.org/automaxprocs v1.6.0
 	google.golang.org/grpc v1.75.1
 	sigs.k8s.io/container-object-storage-interface-spec v0.1.0
+	github.com/google/uuid v1.6.0
 )
 
 require (

pkg/linodeclient/linodeclient.go

@@ -17,7 +17,9 @@ package linodeclient
 import (
 	"context"
 	"fmt"
-	"os"
+	"log/slog"
+
+	"github.com/google/uuid"
 
 	"github.com/linode/linodego"
 )
@@ -60,12 +62,11 @@ func NewLinodeClient(token, ua, apiURL, apiVersion string) (*linodego.Client, er
 
 func NewEphemeralS3Credentials(
 	ctx context.Context,
+	slog *slog.Logger,
 	c *linodego.Client,
 ) (*linodego.ObjectStorageKey, func(context.Context) error, error) {
-	hostname, err := os.Hostname()
-	if err != nil {
-		return nil, nil, fmt.Errorf("failed to obtain hostname: %w", err)
-	}
+	keyLabel := fmt.Sprintf("cosi-%s", uuid.New().String())
+	slog.Info(fmt.Sprintf("Generating new ephemeral key: %s", keyLabel))
 
 	clusters, err := c.ListObjectStorageClusters(ctx, &linodego.ListOptions{})
 	if err != nil {
@@ -78,7 +79,7 @@ func NewEphemeralS3Credentials(
 	}
 
 	creds, err := c.CreateObjectStorageKey(ctx, linodego.ObjectStorageKeyCreateOptions{
-		Label:   "linode-cosi-" + hostname,
+		Label:   keyLabel,
 		Regions: regions,
 	})
 	if err != nil {

pkg/servers/provisioner/provisionerintegration_test.go

@@ -71,7 +71,7 @@ func TestHappyPath(t *testing.T) {
 		return
 	}
 
-	creds, cleanup, err := linodeclient.NewEphemeralS3Credentials(context.Background(), client)
+	creds, cleanup, err := linodeclient.NewEphemeralS3Credentials(context.Background(), slog.Default(), client)
 	if err != nil {
 		t.Errorf("failed to create ephemeral s3 credentials: %v", err.Error())
 		return