Merge pull request #708 from andyzhangx/containername-pvc-metadata

feat: support pv/pvc metadata for containerName parameter

Author: andyzhangx

docs/driver-parameters.md

@@ -87,15 +87,21 @@ volumeAttributes.keyVaultURL | Azure Key Vault DNS name | existing Azure Key Vau
 volumeAttributes.keyVaultSecretName | Azure Key Vault secret name | existing Azure Key Vault secret name | No |
 volumeAttributes.keyVaultSecretVersion | Azure Key Vault secret version | existing version | No |if empty, driver will use "current version"
 
- - Note
-   - only mounting blobfuse requires account key, and if secret is not provided in PV config, driver would try to get `azure-storage-account-{accountname}-secret` in the pod namespace, if not found, driver would try using kubelet identity to get account key directly using Azure API.
-   - mounting blob storage NFSv3 does not need account key, it requires storage account configured with same vnet with agent node.
-   - blobfuse does not support private link well, check details [here](https://github.com/Azure/azure-storage-fuse/wiki/2.-Configuring-and-Running#private-link)
-
  - create a Kubernetes secret for `nodeStageSecretRef.name`
  ```console
 kubectl create secret generic azure-secret --from-literal=azurestorageaccountname="xxx" --from-literal azurestorageaccountkey="xxx" --type=Opaque
 kubectl create secret generic azure-secret --from-literal=azurestorageaccountname="xxx" --from-literal azurestorageaccountsastoken="xxx" --type=Opaque
 kubectl create secret generic azure-secret --from-literal msisecret="xxx" --type=Opaque
 kubectl create secret generic azure-secret --from-literal azurestoragespnclientsecret="xxx" --type=Opaque
  ```
+
+### Tips
+ - only mounting blobfuse requires account key, and if secret is not provided in PV config, driver would try to get `azure-storage-account-{accountname}-secret` in the pod namespace, if not found, driver would try using kubelet identity to get account key directly using Azure API.
+ - mounting blob storage NFSv3 does not need account key, it requires storage account configured with same vnet with agent node.
+ - blobfuse does not support private link well, check details [here](https://github.com/Azure/azure-storage-fuse/wiki/2.-Configuring-and-Running#private-link)
+
+#### `containerName` parameter supports following pv/pvc metadata transform
+> if `containerName` value contains following strings, it would be converted into corresponding pv/pvc name or namespace
+ - `${pvc.metadata.name}`
+ - `${pvc.metadata.namespace}`
+ - `${pv.metadata.name}`

pkg/blob/blob.go

@@ -110,9 +110,12 @@ const (
 
 	defaultNamespace = "default"
 
-	pvcNameKey      = "csi.storage.k8s.io/pvc/name"
-	pvcNamespaceKey = "csi.storage.k8s.io/pvc/namespace"
-	pvNameKey       = "csi.storage.k8s.io/pv/name"
+	pvcNameKey           = "csi.storage.k8s.io/pvc/name"
+	pvcNamespaceKey      = "csi.storage.k8s.io/pvc/namespace"
+	pvNameKey            = "csi.storage.k8s.io/pv/name"
+	pvcNameMetadata      = "${pvc.metadata.name}"
+	pvcNamespaceMetadata = "${pvc.metadata.namespace}"
+	pvNameMetadata       = "${pv.metadata.name}"
 
 	VolumeID = "volumeid"
 )
@@ -818,3 +821,13 @@ func setKeyValueInMap(m map[string]string, key, value string) {
 	}
 	m[key] = value
 }
+
+// replaceWithMap replace key with value for str
+func replaceWithMap(str string, m map[string]string) string {
+	for k, v := range m {
+		if k != "" {
+			str = strings.ReplaceAll(str, k, v)
+		}
+	}
+	return str
+}

pkg/blob/blob_test.go

@@ -1004,3 +1004,55 @@ func TestSetKeyValueInMap(t *testing.T) {
 		}
 	}
 }
+
+func TestReplaceWithMap(t *testing.T) {
+	tests := []struct {
+		desc     string
+		str      string
+		m        map[string]string
+		expected string
+	}{
+		{
+			desc:     "empty string",
+			str:      "",
+			expected: "",
+		},
+		{
+			desc:     "empty map",
+			str:      "",
+			m:        map[string]string{},
+			expected: "",
+		},
+		{
+			desc:     "empty key",
+			str:      "prefix-" + pvNameMetadata,
+			m:        map[string]string{"": "pv"},
+			expected: "prefix-" + pvNameMetadata,
+		},
+		{
+			desc:     "empty value",
+			str:      "prefix-" + pvNameMetadata,
+			m:        map[string]string{pvNameMetadata: ""},
+			expected: "prefix-",
+		},
+		{
+			desc:     "one replacement",
+			str:      "prefix-" + pvNameMetadata,
+			m:        map[string]string{pvNameMetadata: "pv"},
+			expected: "prefix-pv",
+		},
+		{
+			desc:     "multiple replacements",
+			str:      pvcNamespaceMetadata + pvcNameMetadata,
+			m:        map[string]string{pvcNamespaceMetadata: "namespace", pvcNameMetadata: "pvcname"},
+			expected: "namespacepvcname",
+		},
+	}
+
+	for _, test := range tests {
+		result := replaceWithMap(test.str, test.m)
+		if result != test.expected {
+			t.Errorf("test[%s]: unexpected output: %v, expected result: %v", test.desc, result, test.expected)
+		}
+	}
+}

pkg/blob/controllerserver.go

@@ -74,6 +74,8 @@ func (d *Driver) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest)
 	// set allowBlobPublicAccess as false by default
 	allowBlobPublicAccess := to.BoolPtr(false)
 
+	containerNameReplaceMap := map[string]string{}
+
 	// store account key to k8s secret by default
 	storeAccountKey := true
 
@@ -121,10 +123,11 @@ func (d *Driver) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest)
 			}
 		case pvcNamespaceKey:
 			pvcNamespace = v
+			containerNameReplaceMap[pvcNamespaceMetadata] = v
 		case pvcNameKey:
-			// no op
+			containerNameReplaceMap[pvcNameMetadata] = v
 		case pvNameKey:
-			// no op
+			containerNameReplaceMap[pvNameMetadata] = v
 		case serverNameField:
 			// no op, only used in NodeStageVolume
 		case storageEndpointSuffixField:
@@ -289,6 +292,8 @@ func (d *Driver) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest)
 		secrets = createStorageAccountSecret(accountName, accountKey)
 	}
 
+	// replace pv/pvc name namespace metadata in subDir
+	containerName = replaceWithMap(containerName, containerNameReplaceMap)
 	validContainerName := containerName
 	if validContainerName == "" {
 		validContainerName = volName

pkg/blob/nodeserver.go

@@ -219,6 +219,9 @@ func (d *Driver) NodeStageVolume(ctx context.Context, req *csi.NodeStageVolumeRe
 
 	var serverAddress, storageEndpointSuffix, protocol, ephemeralVolMountOptions string
 	var ephemeralVol, isHnsEnabled bool
+
+	containerNameReplaceMap := map[string]string{}
+
 	mountPermissions := d.mountPermissions
 	performChmodOp := (mountPermissions > 0)
 	for k, v := range attrib {
@@ -235,6 +238,12 @@ func (d *Driver) NodeStageVolume(ctx context.Context, req *csi.NodeStageVolumeRe
 			ephemeralVolMountOptions = v
 		case isHnsEnabledField:
 			isHnsEnabled = strings.EqualFold(v, trueValue)
+		case pvcNamespaceKey:
+			containerNameReplaceMap[pvcNamespaceMetadata] = v
+		case pvcNameKey:
+			containerNameReplaceMap[pvcNameMetadata] = v
+		case pvNameKey:
+			containerNameReplaceMap[pvNameMetadata] = v
 		case mountPermissionsField:
 			if v != "" {
 				var err error
@@ -265,6 +274,9 @@ func (d *Driver) NodeStageVolume(ctx context.Context, req *csi.NodeStageVolumeRe
 		return nil, err
 	}
 
+	// replace pv/pvc name namespace metadata in subDir
+	containerName = replaceWithMap(containerName, containerNameReplaceMap)
+
 	if strings.TrimSpace(storageEndpointSuffix) == "" {
 		if d.cloud.Environment.StorageEndpointSuffix != "" {
 			storageEndpointSuffix = d.cloud.Environment.StorageEndpointSuffix

test/e2e/dynamic_provisioning_test.go

@@ -187,6 +187,7 @@ var _ = ginkgo.Describe("[blob-csi-e2e] Dynamic Provisioning", func() {
 				"isHnsEnabled":          "true",
 				"allowBlobPublicAccess": "false",
 				"useDataPlaneAPI":       "true",
+				"containerName":         "container-${pvc.metadata.name}",
 			},
 		}
 		test.Run(cs, ns)
@@ -257,6 +258,7 @@ var _ = ginkgo.Describe("[blob-csi-e2e] Dynamic Provisioning", func() {
 			StorageClassParameters: map[string]string{
 				"skuName":               "Standard_RAGRS",
 				"allowBlobPublicAccess": "false",
+				"containerName":         "container-${pvc.metadata.namespace}",
 			},
 		}
 		if isAzureStackCloud {