mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-18 11:00:25 +00:00
nfs: add support for secTypes
parameter in StorageClass
CephNFS can enable different security flavours for exported volumes. This can be configured in the optional `secTypes` parameter in the StorageClass. Signed-off-by: Niels de Vos <ndevos@redhat.com>
This commit is contained in:
parent
3d6cdce353
commit
8265abc2c9
19
e2e/nfs.go
19
e2e/nfs.go
@ -408,7 +408,24 @@ var _ = Describe("nfs", func() {
|
|||||||
})
|
})
|
||||||
|
|
||||||
By("create a storageclass with pool and a PVC then bind it to an app", func() {
|
By("create a storageclass with pool and a PVC then bind it to an app", func() {
|
||||||
err := createNFSStorageClass(f.ClientSet, f, false, nil)
|
err := createNFSStorageClass(f.ClientSet, f, true, nil)
|
||||||
|
if err != nil {
|
||||||
|
framework.Failf("failed to create NFS storageclass: %v", err)
|
||||||
|
}
|
||||||
|
err = validatePVCAndAppBinding(pvcPath, appPath, f)
|
||||||
|
if err != nil {
|
||||||
|
framework.Failf("failed to validate NFS pvc and application binding: %v", err)
|
||||||
|
}
|
||||||
|
err = deleteResource(nfsExamplePath + "storageclass.yaml")
|
||||||
|
if err != nil {
|
||||||
|
framework.Failf("failed to delete NFS storageclass: %v", err)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
|
By("create a storageclass with sys,krb5i security and a PVC then bind it to an app", func() {
|
||||||
|
err := createNFSStorageClass(f.ClientSet, f, false, map[string]string{
|
||||||
|
"secTypes": "sys,krb5i",
|
||||||
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
framework.Failf("failed to create NFS storageclass: %v", err)
|
framework.Failf("failed to create NFS storageclass: %v", err)
|
||||||
}
|
}
|
||||||
|
@ -45,5 +45,11 @@ parameters:
|
|||||||
# If omitted, defaults to "csi-vol-".
|
# If omitted, defaults to "csi-vol-".
|
||||||
volumeNamePrefix: nfs-export-
|
volumeNamePrefix: nfs-export-
|
||||||
|
|
||||||
|
# (optional) Security requirements for the NFS-export. Valid flavours
|
||||||
|
# include: none, sys, krb5, krb5i and krb5p. The <sectype-list> is a comma
|
||||||
|
# delimited string, for example "sys,krb5".
|
||||||
|
# This option is available with Ceph v17.2.6 and newer.
|
||||||
|
# secTypes: <sectype-list>
|
||||||
|
|
||||||
reclaimPolicy: Delete
|
reclaimPolicy: Delete
|
||||||
allowVolumeExpansion: true
|
allowVolumeExpansion: true
|
||||||
|
@ -131,6 +131,7 @@ func (nv *NFSVolume) CreateExport(backend *csi.Volume) error {
|
|||||||
fs := backend.VolumeContext["fsName"]
|
fs := backend.VolumeContext["fsName"]
|
||||||
nfsCluster := backend.VolumeContext["nfsCluster"]
|
nfsCluster := backend.VolumeContext["nfsCluster"]
|
||||||
path := backend.VolumeContext["subvolumePath"]
|
path := backend.VolumeContext["subvolumePath"]
|
||||||
|
secTypes := backend.VolumeContext["secTypes"]
|
||||||
|
|
||||||
err := nv.setNFSCluster(nfsCluster)
|
err := nv.setNFSCluster(nfsCluster)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -142,12 +143,21 @@ func (nv *NFSVolume) CreateExport(backend *csi.Volume) error {
|
|||||||
return fmt.Errorf("failed to get NFSAdmin: %w", err)
|
return fmt.Errorf("failed to get NFSAdmin: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err = nfsa.CreateCephFSExport(nfs.CephFSExportSpec{
|
export := nfs.CephFSExportSpec{
|
||||||
FileSystemName: fs,
|
FileSystemName: fs,
|
||||||
ClusterID: nfsCluster,
|
ClusterID: nfsCluster,
|
||||||
PseudoPath: nv.GetExportPath(),
|
PseudoPath: nv.GetExportPath(),
|
||||||
Path: path,
|
Path: path,
|
||||||
})
|
}
|
||||||
|
|
||||||
|
if secTypes != "" {
|
||||||
|
export.SecType = []nfs.SecType{}
|
||||||
|
for _, secType := range strings.Split(secTypes, ",") {
|
||||||
|
export.SecType = append(export.SecType, nfs.SecType(secType))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err = nfsa.CreateCephFSExport(export)
|
||||||
switch {
|
switch {
|
||||||
case err == nil:
|
case err == nil:
|
||||||
return nil
|
return nil
|
||||||
|
Loading…
Reference in New Issue
Block a user