Added the feature to use secrets of ListSnapshots

pkg/sidecar-controller/content_create_test.go

@@ -39,7 +39,7 @@ func TestSyncContent(t *testing.T) {
 				readyToUse:   true,
 			},
 		},
-		expectedListCalls: []listCall{{"sid1-1", true, time.Now(), 1, nil}},
+		expectedListCalls: []listCall{{"sid1-1", map[string]string{}, true, time.Now(), 1, nil}},
 		errors:            noerrors,
 		test:              testSyncContent,
 	})

pkg/sidecar-controller/csi_handler.go

@@ -31,7 +31,7 @@ import (
 type Handler interface {
 	CreateSnapshot(content *crdv1.VolumeSnapshotContent, parameters map[string]string, snapshotterCredentials map[string]string) (string, string, time.Time, int64, bool, error)
 	DeleteSnapshot(content *crdv1.VolumeSnapshotContent, snapshotterCredentials map[string]string) error
-	GetSnapshotStatus(content *crdv1.VolumeSnapshotContent) (bool, time.Time, int64, error)
+	GetSnapshotStatus(content *crdv1.VolumeSnapshotContent, snapshotterListCredentials map[string]string) (bool, time.Time, int64, error)
 }
 
 // csiHandler is a handler that calls CSI to create/delete volume snapshot.
@@ -103,7 +103,7 @@ func (handler *csiHandler) DeleteSnapshot(content *crdv1.VolumeSnapshotContent,
 	return nil
 }
 
-func (handler *csiHandler) GetSnapshotStatus(content *crdv1.VolumeSnapshotContent) (bool, time.Time, int64, error) {
+func (handler *csiHandler) GetSnapshotStatus(content *crdv1.VolumeSnapshotContent, snapshotterListCredentials map[string]string) (bool, time.Time, int64, error) {
 	ctx, cancel := context.WithTimeout(context.Background(), handler.timeout)
 	defer cancel()
 
@@ -117,7 +117,7 @@ func (handler *csiHandler) GetSnapshotStatus(content *crdv1.VolumeSnapshotConten
 		return false, time.Time{}, 0, fmt.Errorf("failed to list snapshot for content %s: snapshotHandle is missing", content.Name)
 	}
 
-	csiSnapshotStatus, timestamp, size, err := handler.snapshotter.GetSnapshotStatus(ctx, snapshotHandle)
+	csiSnapshotStatus, timestamp, size, err := handler.snapshotter.GetSnapshotStatus(ctx, snapshotHandle, snapshotterListCredentials)
 	if err != nil {
 		return false, time.Time{}, 0, fmt.Errorf("failed to list snapshot for content %s: %q", content.Name, err)
 	}

pkg/sidecar-controller/framework_test.go

@@ -810,6 +810,7 @@ func emptyDataSecretAnnotations() map[string]string {
 
 type listCall struct {
 	snapshotID string
+	secrets    map[string]string
 	// information to return
 	readyToUse bool
 	createTime time.Time
@@ -911,7 +912,7 @@ func (f *fakeSnapshotter) DeleteSnapshot(ctx context.Context, snapshotID string,
 	return call.err
 }
 
-func (f *fakeSnapshotter) GetSnapshotStatus(ctx context.Context, snapshotID string) (bool, time.Time, int64, error) {
+func (f *fakeSnapshotter) GetSnapshotStatus(ctx context.Context, snapshotID string, snapshotterListCredentials map[string]string) (bool, time.Time, int64, error) {
 	if f.listCallCounter >= len(f.listCalls) {
 		f.t.Errorf("Unexpected CSI list Snapshot call: snapshotID=%s, index: %d, calls: %+v", snapshotID, f.createCallCounter, f.createCalls)
 		return false, time.Time{}, 0, fmt.Errorf("unexpected call")
@@ -925,6 +926,11 @@ func (f *fakeSnapshotter) GetSnapshotStatus(ctx context.Context, snapshotID stri
 		err = fmt.Errorf("unexpected List snapshot call")
 	}
 
+	if !reflect.DeepEqual(call.secrets, snapshotterListCredentials) {
+		f.t.Errorf("Wrong CSI List Snapshot call: snapshotID=%s, expected secrets %+v, got %+v", snapshotID, call.secrets, snapshotterListCredentials)
+		err = fmt.Errorf("unexpected Delete Snapshot call")
+	}
+
 	if err != nil {
 		return false, time.Time{}, 0, fmt.Errorf("unexpected call")
 	}

pkg/sidecar-controller/snapshot_controller.go

@@ -252,10 +252,33 @@ func (ctrl *csiSnapshotSideCarController) checkandUpdateContentStatusOperation(c
 	var readyToUse = false
 	var driverName string
 	var snapshotID string
+	var snapshotterListCredentials map[string]string
 
 	if content.Spec.Source.SnapshotHandle != nil {
 		klog.V(5).Infof("checkandUpdateContentStatusOperation: call GetSnapshotStatus for snapshot which is pre-bound to content [%s]", content.Name)
-		readyToUse, creationTime, size, err = ctrl.handler.GetSnapshotStatus(content)
+
+		if content.Spec.VolumeSnapshotClassName != nil {
+			class, err := ctrl.getSnapshotClass(*content.Spec.VolumeSnapshotClassName)
+			if err != nil {
+				klog.Errorf("failed to getSnapshotClass %s", err)
+				return nil, fmt.Errorf("cannot get snapshot class for snapshot content %s", err)
+			}
+
+			snapshotterListSecretRef, err := utils.GetSecretReference(utils.SnapshotterListSecretParams, class.Parameters, content.GetObjectMeta().GetName(), nil)
+			if err != nil {
+				klog.Errorf("Failed to get secret reference for snapshot %s: %s", content.Name, err.Error())
+				return nil, fmt.Errorf("cannot get secret reference for snapshot content %#v", content.Name)
+			}
+
+			snapshotterListCredentials, err = utils.GetCredentials(ctrl.client, snapshotterListSecretRef)
+			if err != nil {
+				// Continue with deletion, as the secret may have already been deleted.
+				klog.Errorf("Failed to credentials for snapshot %s: %s", content.Name, err.Error())
+				return nil, fmt.Errorf("cannot get credentials for snapshot content %#v", content.Name)
+			}
+		}
+
+		readyToUse, creationTime, size, err = ctrl.handler.GetSnapshotStatus(content, snapshotterListCredentials)
 		if err != nil {
 			klog.Errorf("checkandUpdateContentStatusOperation: failed to call get snapshot status to check whether snapshot is ready to use %q", err)
 			return nil, err

pkg/sidecar-controller/snapshot_delete_test.go

@@ -156,7 +156,7 @@ func TestDeleteSync(t *testing.T) {
 					readyToUse:   true,
 				},
 			},
-			expectedListCalls:   []listCall{{"sid1-1", true, time.Now(), 1, nil}},
+			expectedListCalls:   []listCall{{"sid1-1", map[string]string{}, true, time.Now(), 1, nil}},
 			expectedDeleteCalls: []deleteCall{{"sid1-1", nil, nil}},
 			test:                testSyncContent,
 		},
@@ -178,7 +178,7 @@ func TestDeleteSync(t *testing.T) {
 					readyToUse:   true,
 				},
 			},
-			expectedListCalls:   []listCall{{"sid1-2", true, time.Now(), 1, nil}},
+			expectedListCalls:   []listCall{{"sid1-2", map[string]string{}, true, time.Now(), 1, nil}},
 			expectedDeleteCalls: []deleteCall{{"sid1-2", nil, nil}},
 			test:                testSyncContent,
 		},
@@ -201,7 +201,7 @@ func TestDeleteSync(t *testing.T) {
 			},
 			expectedDeleteCalls: []deleteCall{{"sid1-3", nil, fmt.Errorf("mock csi driver delete error")}},
 			expectedEvents:      []string{"Warning SnapshotDeleteError"},
-			expectedListCalls:   []listCall{{"sid1-3", true, time.Now(), 1, nil}},
+			expectedListCalls:   []listCall{{"sid1-3", map[string]string{}, true, time.Now(), 1, nil}},
 			test:                testSyncContent,
 		},
 		{
@@ -216,7 +216,7 @@ func TestDeleteSync(t *testing.T) {
 			name:                "1-5 - csi driver delete snapshot returns error, bound finalizer should remain",
 			initialContents:     newContentArrayWithDeletionTimestamp("content1-5", "sid1-5", "snap1-5", "sid1-5", validSecretClass, "", "snap1-5-volumehandle", deletionPolicy, nil, &defaultSize, true, &timeNowMetav1),
 			expectedContents:    newContentArrayWithDeletionTimestamp("content1-5", "sid1-5", "snap1-5", "sid1-5", validSecretClass, "", "snap1-5-volumehandle", deletionPolicy, nil, &defaultSize, true, &timeNowMetav1),
-			expectedListCalls:   []listCall{{"sid1-5", true, time.Now(), 1000, nil}},
+			expectedListCalls:   []listCall{{"sid1-5", map[string]string{}, true, time.Now(), 1000, nil}},
 			expectedDeleteCalls: []deleteCall{{"sid1-5", nil, errors.New("mock csi driver delete error")}},
 			expectedEvents:      []string{"Warning SnapshotDeleteError"},
 			errors:              noerrors,
@@ -227,7 +227,7 @@ func TestDeleteSync(t *testing.T) {
 			name:                "1-6 - content is deleted before deleting",
 			initialContents:     newContentArray("content1-6", "sid1-6", "snap1-6", "sid1-6", classGold, "sid1-6", "", deletionPolicy, nil, nil, true),
 			expectedContents:    nocontents,
-			expectedListCalls:   []listCall{{"sid1-6", false, time.Now(), 0, nil}},
+			expectedListCalls:   []listCall{{"sid1-6", nil, false, time.Now(), 0, nil}},
 			expectedDeleteCalls: []deleteCall{{"sid1-6", map[string]string{"foo": "bar"}, nil}},
 			expectedEvents:      noevents,
 			errors:              noerrors,
@@ -243,7 +243,7 @@ func TestDeleteSync(t *testing.T) {
 			initialContents:   newContentArrayWithReadyToUse("content1-7", "", "snap1-7", "sid1-7", validSecretClass, "sid1-7", "", deletePolicy, nil, &defaultSize, &True, true),
 			expectedContents:  newContentArrayWithReadyToUse("content1-7", "", "snap1-7", "sid1-7", validSecretClass, "sid1-7", "", deletePolicy, nil, &defaultSize, &True, true),
 			expectedEvents:    noevents,
-			expectedListCalls: []listCall{{"sid1-7", true, time.Now(), 1000, nil}},
+			expectedListCalls: []listCall{{"sid1-7", map[string]string{}, true, time.Now(), 1000, nil}},
 			initialSecrets:    []*v1.Secret{secret()},
 			errors:            noerrors,
 			test:              testSyncContent,
@@ -253,7 +253,7 @@ func TestDeleteSync(t *testing.T) {
 			initialContents:   newContentArrayWithReadyToUse("content1-8", "sid1-8", "none-existed-snapshot", "sid1-8", validSecretClass, "sid1-8", "", retainPolicy, nil, &defaultSize, &True, true),
 			expectedContents:  newContentArrayWithReadyToUse("content1-8", "sid1-8", "none-existed-snapshot", "sid1-8", validSecretClass, "sid1-8", "", retainPolicy, nil, &defaultSize, &True, true),
 			expectedEvents:    noevents,
-			expectedListCalls: []listCall{{"sid1-8", true, time.Now(), 0, nil}},
+			expectedListCalls: []listCall{{"sid1-8", map[string]string{}, true, time.Now(), 0, nil}},
 			errors:            noerrors,
 			test:              testSyncContent,
 		},
@@ -262,7 +262,7 @@ func TestDeleteSync(t *testing.T) {
 			initialContents:     newContentArrayWithDeletionTimestamp("content1-9", "sid1-9", "snap1-9", "sid1-9", emptySecretClass, "", "snap1-9-volumehandle", deletePolicy, nil, &defaultSize, true, &timeNowMetav1),
 			expectedContents:    newContentArrayWithDeletionTimestamp("content1-9", "sid1-9", "snap1-9", "", emptySecretClass, "", "snap1-9-volumehandle", deletePolicy, nil, &defaultSize, false, &timeNowMetav1),
 			expectedEvents:      noevents,
-			expectedListCalls:   []listCall{{"sid1-9", true, time.Now(), 0, nil}},
+			expectedListCalls:   []listCall{{"sid1-9", map[string]string{}, true, time.Now(), 0, nil}},
 			errors:              noerrors,
 			initialSecrets:      []*v1.Secret{}, // secret does not exist
 			expectedDeleteCalls: []deleteCall{{"sid1-9", nil, nil}},
@@ -273,7 +273,7 @@ func TestDeleteSync(t *testing.T) {
 			initialContents:   newContentArrayWithDeletionTimestamp("content1-10", "sid1-10", "snap1-10", "sid1-10", emptySecretClass, "", "snap1-10-volumehandle", retainPolicy, nil, &defaultSize, true, &timeNowMetav1),
 			expectedContents:  newContentArrayWithDeletionTimestamp("content1-10", "sid1-10", "snap1-10", "sid1-10", emptySecretClass, "", "snap1-10-volumehandle", retainPolicy, nil, &defaultSize, false, &timeNowMetav1),
 			expectedEvents:    noevents,
-			expectedListCalls: []listCall{{"sid1-10", true, time.Now(), 0, nil}},
+			expectedListCalls: []listCall{{"sid1-10", map[string]string{}, true, time.Now(), 0, nil}},
 			errors:            noerrors,
 			initialSecrets:    []*v1.Secret{},
 			test:              testSyncContent,
@@ -292,7 +292,7 @@ func TestDeleteSync(t *testing.T) {
 			initialContents:   newContentArrayWithDeletionTimestamp("content1-12", "sid1-12", "snap1-12", "sid1-12", emptySecretClass, "sid1-12", "", retainPolicy, nil, &defaultSize, true, &timeNowMetav1),
 			expectedContents:  newContentArrayWithDeletionTimestamp("content1-12", "sid1-12", "snap1-12", "sid1-12", emptySecretClass, "sid1-12", "", retainPolicy, nil, &defaultSize, false, &timeNowMetav1),
 			expectedEvents:    noevents,
-			expectedListCalls: []listCall{{"sid1-12", true, time.Now(), 0, nil}},
+			expectedListCalls: []listCall{{"sid1-12", map[string]string{}, true, time.Now(), 0, nil}},
 			errors:            noerrors,
 			initialSecrets:    []*v1.Secret{},
 			test:              testSyncContent,