in server/server.go [77:178]
func (s *CSIDriverProviderServer) Mount(ctx context.Context, req *v1alpha1.MountRequest) (response *v1alpha1.MountResponse, e error) {
// Basic sanity check
if len(req.GetTargetPath()) == 0 {
return nil, fmt.Errorf("Missing mount path")
}
mountDir := req.GetTargetPath()
// Unpack the request.
var attrib map[string]string
err := json.Unmarshal([]byte(req.GetAttributes()), &attrib)
if err != nil {
return nil, fmt.Errorf("failed to unmarshal attributes, error: %+v", err)
}
// Get the mount attributes.
nameSpace := attrib[namespaceAttrib]
svcAcct := attrib[acctAttrib]
podName := attrib[podnameAttrib]
region := attrib[regionAttrib]
translate := attrib[transAttrib]
// Lookup the region if one was not specified.
if len(region) <= 0 {
region, err = s.getRegionFromNode(ctx, nameSpace, podName)
if err != nil {
return nil, fmt.Errorf("failed to retrieve region from node. error %+v", err)
}
}
klog.Infof("Servicing mount request for pod %s in namespace %s using service account %s with region %s", podName, nameSpace, svcAcct, region)
// Make a map of the currently mounted versions (if any)
curVersions := req.GetCurrentObjectVersion()
curVerMap := make(map[string]*v1alpha1.ObjectVersion)
for _, ver := range curVersions {
curVerMap[ver.Id] = ver
}
// Unpack the file permission to use.
var filePermission os.FileMode
err = json.Unmarshal([]byte(req.GetPermission()), &filePermission)
if err != nil {
return nil, fmt.Errorf("failed to unmarshal file permission, error: %+v", err)
}
// Get the pod's AWS creds.
oidcAuth, err := auth.NewAuth(ctx, region, nameSpace, svcAcct, s.k8sClient)
if err != nil {
return nil, err
}
awsSession, err := oidcAuth.GetAWSSession()
if err != nil {
klog.ErrorS(err, "Failed to initialize AWS session")
return nil, err
}
// Get the list of secrets to mount. These will be grouped together by type
// in a map of slices (map[string][]*SecretDescriptor) keyed by secret type
// so that requests can be batched if the implementation allows it.
descriptors, err := provider.NewSecretDescriptorList(mountDir, translate, attrib[secProvAttrib])
if err != nil {
return nil, err
}
// Fetch all secrets before saving so we write nothing on failure.
providerFactory := s.secretProviderFactory(region, awsSession)
var fetchedSecrets []*provider.SecretValue
for sType := range descriptors { // Iterate over each secret type.
// Fetch all the the secrets and update the curVerMap
provider := providerFactory.GetSecretProvider(sType)
secrets, err := provider.GetSecretValues(ctx, descriptors[sType], curVerMap)
if err != nil {
return nil, err
}
fetchedSecrets = append(fetchedSecrets, secrets...) // Build up the list of all secrets
}
// Write out the secrets to the mount point after everything is fetched.
var files []*v1alpha1.File
for _, secret := range fetchedSecrets {
file, err := s.writeFile(secret, filePermission)
if err != nil {
return nil, err
}
if file != nil {
files = append(files, file)
}
}
// Build the version response from the current version map and return it.
var ov []*v1alpha1.ObjectVersion
for id := range curVerMap {
ov = append(ov, curVerMap[id])
}
return &v1alpha1.MountResponse{Files: files, ObjectVersion: ov}, nil
}