Add a new field for storing volume expansion secrets

Fix pv secret visitor tests Allow SecretRef for resizing to be set if not already set
2025-09-27 13:15:36 +00:00 · 2019-05-06 11:49:19 -04:00
parent 851afa0bea
commit 69393291b6
15 changed files with 1798 additions and 1535 deletions
--- a/pkg/api/persistentvolume/util.go
+++ b/pkg/api/persistentvolume/util.go
@@ -28,6 +28,23 @@ func DropDisabledFields(pvSpec *api.PersistentVolumeSpec, oldPVSpec *api.Persist
 	if !utilfeature.DefaultFeatureGate.Enabled(features.BlockVolume) && !volumeModeInUse(oldPVSpec) {
 		pvSpec.VolumeMode = nil
 	}
+
+	if !utilfeature.DefaultFeatureGate.Enabled(features.ExpandCSIVolumes) && !hasExpansionSecrets(oldPVSpec) {
+		if pvSpec.CSI != nil {
+			pvSpec.CSI.ControllerExpandSecretRef = nil
+		}
+	}
+}
+
+func hasExpansionSecrets(oldPVSpec *api.PersistentVolumeSpec) bool {
+	if oldPVSpec == nil || oldPVSpec.CSI == nil {
+		return false
+	}
+
+	if oldPVSpec.CSI.ControllerExpandSecretRef != nil {
+		return true
+	}
+	return false
 }

 func volumeModeInUse(oldPVSpec *api.PersistentVolumeSpec) bool {
--- a/pkg/api/persistentvolume/util_test.go
+++ b/pkg/api/persistentvolume/util_test.go
@@ -32,14 +32,20 @@ func TestDropDisabledFields(t *testing.T) {
 		return &api.PersistentVolumeSpec{VolumeMode: mode}
 	}

+	secretRef := &api.SecretReference{
+		Name:      "expansion-secret",
+		Namespace: "default",
+	}
+
 	modeBlock := api.PersistentVolumeBlock

 	tests := map[string]struct {
-		oldSpec       *api.PersistentVolumeSpec
-		newSpec       *api.PersistentVolumeSpec
-		expectOldSpec *api.PersistentVolumeSpec
-		expectNewSpec *api.PersistentVolumeSpec
-		blockEnabled  bool
+		oldSpec             *api.PersistentVolumeSpec
+		newSpec             *api.PersistentVolumeSpec
+		expectOldSpec       *api.PersistentVolumeSpec
+		expectNewSpec       *api.PersistentVolumeSpec
+		blockEnabled        bool
+		csiExpansionEnabled bool
 	}{
 		"disabled block clears new": {
 			blockEnabled:  false,
@@ -84,11 +90,47 @@ func TestDropDisabledFields(t *testing.T) {
 			oldSpec:       specWithMode(&modeBlock),
 			expectOldSpec: specWithMode(&modeBlock),
 		},
+		"disabled csi expansion clears secrets": {
+			csiExpansionEnabled: false,
+			newSpec:             specWithCSISecrets(secretRef),
+			expectNewSpec:       specWithCSISecrets(nil),
+			oldSpec:             nil,
+			expectOldSpec:       nil,
+		},
+		"enabled csi expansion preserve secrets": {
+			csiExpansionEnabled: true,
+			newSpec:             specWithCSISecrets(secretRef),
+			expectNewSpec:       specWithCSISecrets(secretRef),
+			oldSpec:             nil,
+			expectOldSpec:       nil,
+		},
+		"enabled csi expansion preserve secrets when both old and new have it": {
+			csiExpansionEnabled: true,
+			newSpec:             specWithCSISecrets(secretRef),
+			expectNewSpec:       specWithCSISecrets(secretRef),
+			oldSpec:             specWithCSISecrets(secretRef),
+			expectOldSpec:       specWithCSISecrets(secretRef),
+		},
+		"disabled csi expansion old pv had secrets": {
+			csiExpansionEnabled: false,
+			newSpec:             specWithCSISecrets(secretRef),
+			expectNewSpec:       specWithCSISecrets(secretRef),
+			oldSpec:             specWithCSISecrets(secretRef),
+			expectOldSpec:       specWithCSISecrets(secretRef),
+		},
+		"enabled csi expansion preserves secrets when old pv did not had secrets": {
+			csiExpansionEnabled: true,
+			newSpec:             specWithCSISecrets(secretRef),
+			expectNewSpec:       specWithCSISecrets(secretRef),
+			oldSpec:             specWithCSISecrets(nil),
+			expectOldSpec:       specWithCSISecrets(nil),
+		},
 	}

 	for name, tc := range tests {
 		t.Run(name, func(t *testing.T) {
 			defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.BlockVolume, tc.blockEnabled)()
+			defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.ExpandCSIVolumes, tc.csiExpansionEnabled)()

 			DropDisabledFields(tc.newSpec, tc.oldSpec)
 			if !reflect.DeepEqual(tc.newSpec, tc.expectNewSpec) {
@@ -100,3 +142,19 @@ func TestDropDisabledFields(t *testing.T) {
 		})
 	}
 }
+
+func specWithCSISecrets(secret *api.SecretReference) *api.PersistentVolumeSpec {
+	pvSpec := &api.PersistentVolumeSpec{
+		PersistentVolumeSource: api.PersistentVolumeSource{
+			CSI: &api.CSIPersistentVolumeSource{
+				Driver:       "com.google.gcepd",
+				VolumeHandle: "foobar",
+			},
+		},
+	}
+
+	if secret != nil {
+		pvSpec.CSI.ControllerExpandSecretRef = secret
+	}
+	return pvSpec
+}