cephfs: ceph-fuse mimic supports passing keys via args, let's use it

pkg/cephfs/cephuser.go

@@ -17,12 +17,7 @@ limitations under the License.
 package cephfs
 
 import (
-	"bytes"
-	"encoding/json"
 	"fmt"
-	"os"
-
-	"k8s.io/klog"
 )
 
 const (
@@ -53,83 +48,47 @@ func getCephUserName(volID volumeID) string {
 	return cephUserPrefix + string(volID)
 }
 
-func getCephUser(volOptions *volumeOptions, adminCr *credentials, volID volumeID) (*cephEntity, error) {
+func getSingleCephEntity(args ...string) (*cephEntity, error) {
-	entityName := cephEntityClientPrefix + getCephUserName(volID)
-
 	var ents []cephEntity
-	args := [...]string{
+	if err := execCommandJSON(&ents, "ceph", args...); err != nil {
-		"-m", volOptions.Monitors,
+		return nil, err
-		"auth", "-f", "json", "-c", cephConfigPath, "-n", cephEntityClientPrefix + adminCr.id, "--keyring", getCephKeyringPath(volID, adminCr.id),
-		"get", entityName,
-	}
-
-	out, err := execCommand("ceph", args[:]...)
-	if err != nil {
-		return nil, fmt.Errorf("cephfs: ceph failed with following error: %s\ncephfs: ceph output: %s", err, out)
-	}
-
-	// Workaround for output from `ceph auth get`
-	// Contains non-json data: "exported keyring for ENTITY\n\n"
-	offset := bytes.Index(out, []byte("[{"))
-
-	if err = json.NewDecoder(bytes.NewReader(out[offset:])).Decode(&ents); err != nil {
-		return nil, fmt.Errorf("failed to decode json: %v", err)
 	}
 
 	if len(ents) != 1 {
-		return nil, fmt.Errorf("got unexpected number of entities for %s: expected 1, got %d", entityName, len(ents))
+		return nil, fmt.Errorf("got unexpected number of entities: expected 1, got %d", len(ents))
 	}
 
 	return &ents[0], nil
 }
 
+func getCephUser(volOptions *volumeOptions, adminCr *credentials, volID volumeID) (*cephEntity, error) {
+	return getSingleCephEntity(
+		"-m", volOptions.Monitors,
+		"-n", cephEntityClientPrefix+adminCr.id, "--key="+adminCr.key,
+		"-c", cephConfigPath,
+		"-f", "json",
+		"auth", "get", cephEntityClientPrefix+getCephUserName(volID),
+	)
+}
+
 func createCephUser(volOptions *volumeOptions, adminCr *credentials, volID volumeID) (*cephEntity, error) {
-	caps := cephEntityCaps{
+	return getSingleCephEntity(
-		Mds: fmt.Sprintf("allow rw path=%s", getVolumeRootPathCeph(volID)),
-		Mon: "allow r",
-		Osd: fmt.Sprintf("allow rw pool=%s namespace=%s", volOptions.Pool, getVolumeNamespace(volID)),
-	}
-
-	var ents []cephEntity
-	args := [...]string{
 		"-m", volOptions.Monitors,
-		"auth", "-f", "json", "-c", cephConfigPath, "-n", cephEntityClientPrefix + adminCr.id, "--keyring", getCephKeyringPath(volID, adminCr.id),
+		"-n", cephEntityClientPrefix+adminCr.id, "--key="+adminCr.key,
-		"get-or-create", cephEntityClientPrefix + getCephUserName(volID),
+		"-c", cephConfigPath,
-		"mds", caps.Mds,
+		"-f", "json",
-		"mon", caps.Mon,
+		"auth", "get-or-create", cephEntityClientPrefix+getCephUserName(volID),
-		"osd", caps.Osd,
+		"mds", fmt.Sprintf("allow rw path=%s", getVolumeRootPathCeph(volID)),
-	}
+		"mon", "allow r",
-
+		"osd", fmt.Sprintf("allow rw pool=%s namespace=%s", volOptions.Pool, getVolumeNamespace(volID)),
-	if err := execCommandJSON(&ents, args[:]...); err != nil {
+	)
-		return nil, fmt.Errorf("error creating ceph user: %v", err)
-	}
-
-	return &ents[0], nil
 }
 
 func deleteCephUser(volOptions *volumeOptions, adminCr *credentials, volID volumeID) error {
-	userID := getCephUserName(volID)
+	return execCommandErr("ceph",
-
-	args := [...]string{
 		"-m", volOptions.Monitors,
-		"-c", cephConfigPath, "-n", cephEntityClientPrefix + adminCr.id, "--keyring", getCephKeyringPath(volID, adminCr.id),
+		"-n", cephEntityClientPrefix+adminCr.id, "--key="+adminCr.key,
-		"auth", "rm", cephEntityClientPrefix + userID,
+		"-c", cephConfigPath,
-	}
+		"auth", "rm", cephEntityClientPrefix+getCephUserName(volID),
-
+	)
-	var err error
-	if err = execCommandAndValidate("ceph", args[:]...); err != nil {
-		return err
-	}
-
-	keyringPath := getCephKeyringPath(volID, adminCr.id)
-	if err = os.Remove(keyringPath); err != nil {
-		klog.Errorf("failed to remove keyring file %s with error %s", keyringPath, err)
-	}
-
-	secretPath := getCephSecretPath(volID, adminCr.id)
-	if err = os.Remove(secretPath); err != nil {
-		klog.Errorf("failed to remove secret file %s with error %s", secretPath, err)
-	}
-
-	return nil
 }

pkg/cephfs/volume.go

@@ -48,7 +48,7 @@ func getVolumeNamespace(volID volumeID) string {
 }
 
 func setVolumeAttribute(root, attrName, attrValue string) error {
-	return execCommandAndValidate("setfattr", "-n", attrName, "-v", attrValue, root)
+	return execCommandErr("setfattr", "-n", attrName, "-v", attrValue, root)
 }
 
 func createVolume(volOptions *volumeOptions, adminCr *credentials, volID volumeID, bytesQuota int64) error {
@@ -124,7 +124,7 @@ func purgeVolume(volID volumeID, adminCr *credentials, volOptions *volumeOptions
 	defer unmountAndRemove(cephRoot)
 
 	if err := os.Rename(volRoot, volRootDeleting); err != nil {
-		return fmt.Errorf("coudln't mark volume %s for deletion: %v", volID, err)
+		return fmt.Errorf("couldn't mark volume %s for deletion: %v", volID, err)
 	}
 
 	if err := os.RemoveAll(volRootDeleting); err != nil {

pkg/cephfs/volumemounter.go

@@ -106,19 +106,18 @@ func mountFuse(mountPoint string, cr *credentials, volOptions *volumeOptions, vo
 		mountPoint,
 		"-m", volOptions.Monitors,
 		"-c", cephConfigPath,
-		"-n", cephEntityClientPrefix + cr.id,
+		"-n", cephEntityClientPrefix + cr.id, "--key=" + cr.key,
-		"--keyring", getCephKeyringPath(volID, cr.id),
 		"-r", volOptions.RootPath,
 		"-o", "nonempty",
 	}
 
-	out, err := execCommand("ceph-fuse", args[:]...)
+	_, stderr, err := execCommand("ceph-fuse", args[:]...)
 	if err != nil {
-		return fmt.Errorf("cephfs: ceph-fuse failed with following error: %s\ncephfs: ceph-fuse output: %s", err, out)
+		return err
 	}
 
-	if !bytes.Contains(out, []byte("starting fuse")) {
+	if !bytes.Contains(stderr, []byte("starting fuse")) {
-		return fmt.Errorf("cephfs: ceph-fuse failed:\ncephfs: ceph-fuse output: %s", out)
+		return fmt.Errorf("ceph-fuse failed: %s", stderr)
 	}
 
 	return nil
@@ -137,16 +136,15 @@ func (m *fuseMounter) name() string { return "Ceph FUSE driver" }
 type kernelMounter struct{}
 
 func mountKernel(mountPoint string, cr *credentials, volOptions *volumeOptions, volID volumeID) error {
-	if err := execCommandAndValidate("modprobe", "ceph"); err != nil {
+	if err := execCommandErr("modprobe", "ceph"); err != nil {
 		return err
 	}
 
-	return execCommandAndValidate("mount",
+	return execCommandErr("mount",
 		"-t", "ceph",
 		fmt.Sprintf("%s:%s", volOptions.Monitors, volOptions.RootPath),
 		mountPoint,
-		"-o",
+		"-o", fmt.Sprintf("name=%s,secret=%s", cr.id, cr.key),
-		fmt.Sprintf("name=%s,secretfile=%s", cr.id, getCephSecretPath(volID, cr.id)),
 	)
 }
 
@@ -161,12 +159,12 @@ func (m *kernelMounter) mount(mountPoint string, cr *credentials, volOptions *vo
 func (m *kernelMounter) name() string { return "Ceph kernel client" }
 
 func bindMount(from, to string, readOnly bool) error {
-	if err := execCommandAndValidate("mount", "--bind", from, to); err != nil {
+	if err := execCommandErr("mount", "--bind", from, to); err != nil {
 		return fmt.Errorf("failed to bind-mount %s to %s: %v", from, to, err)
 	}
 
 	if readOnly {
-		if err := execCommandAndValidate("mount", "-o", "remount,ro,bind", to); err != nil {
+		if err := execCommandErr("mount", "-o", "remount,ro,bind", to); err != nil {
 			return fmt.Errorf("failed read-only remount of %s: %v", to, err)
 		}
 	}
@@ -175,7 +173,7 @@ func bindMount(from, to string, readOnly bool) error {
 }
 
 func unmountVolume(mountPoint string) error {
-	return execCommandAndValidate("umount", mountPoint)
+	return execCommandErr("umount", mountPoint)
 }
 
 func createMountPoint(root string) error {