in server/server.go [81:196]
func (s *CSIDriverProviderServer) Mount(ctx context.Context, req *v1alpha1.MountRequest) (response *v1alpha1.MountResponse, e error) {
// Log out the write mode
if s.driverWriteSecrets {
klog.Infof("Driver is configured to write secrets")
} else {
klog.Infof("Provider is configured to write secrets")
}
// Basic sanity check
if len(req.GetTargetPath()) == 0 {
return nil, fmt.Errorf("Missing mount path")
}
mountDir := req.GetTargetPath()
// Unpack the request.
var attrib map[string]string
err := json.Unmarshal([]byte(req.GetAttributes()), &attrib)
if err != nil {
return nil, fmt.Errorf("failed to unmarshal attributes, error: %+v", err)
}
// Get the mount attributes.
nameSpace := attrib[namespaceAttrib]
svcAcct := attrib[acctAttrib]
podName := attrib[podnameAttrib]
region := attrib[regionAttrib]
translate := attrib[transAttrib]
failoverRegion := attrib[failoverRegionAttrib]
usePodIdentityStr := attrib[usePodIdentityAttrib]
preferredAddressType := attrib[preferredAddressTypeAttrib]
// Make a map of the currently mounted versions (if any)
curVersions := req.GetCurrentObjectVersion()
curVerMap := make(map[string]*v1alpha1.ObjectVersion)
for _, ver := range curVersions {
curVerMap[ver.Id] = ver
}
// Unpack the file permission to use.
var filePermission os.FileMode
err = json.Unmarshal([]byte(req.GetPermission()), &filePermission)
if err != nil {
return nil, fmt.Errorf("failed to unmarshal file permission, error: %+v", err)
}
// Set the default file permission
provider.SetDefaultFilePermission(filePermission)
regions, err := s.getAwsRegions(region, failoverRegion, nameSpace, podName, ctx)
if err != nil {
klog.ErrorS(err, "Failed to initialize AWS session")
return nil, err
}
klog.Infof("Servicing mount request for pod %s in namespace %s using service account %s with region(s) %s", podName, nameSpace, svcAcct, strings.Join(regions, ", "))
// Default to use IRSA if usePodIdentity parameter is not set in the mount request
usePodIdentity := false
if usePodIdentityStr != "" {
var err error
usePodIdentity, err = strconv.ParseBool(usePodIdentityStr)
if err != nil {
return nil, fmt.Errorf("failed to parse usePodIdentity value, error: %+v", err)
}
}
awsSessions, err := s.getAwsSessions(nameSpace, svcAcct, ctx, regions, usePodIdentity, podName, preferredAddressType)
if err != nil {
return nil, err
}
if len(awsSessions) > 2 {
klog.Errorf("Max number of region(s) exceeded: %s", strings.Join(regions, ", "))
return nil, err
}
// Get the list of secrets to mount. These will be grouped together by type
// in a map of slices (map[string][]*SecretDescriptor) keyed by secret type
// so that requests can be batched if the implementation allows it.
descriptors, err := provider.NewSecretDescriptorList(mountDir, translate, attrib[secProvAttrib], regions)
if err != nil {
klog.Errorf("Failure reading descriptor list: %s", err)
return nil, err
}
providerFactory := s.secretProviderFactory(awsSessions, regions)
var fetchedSecrets []*provider.SecretValue
for sType := range descriptors { // Iterate over each secret type.
// Fetch all the secrets and update the curVerMap
provider := providerFactory.GetSecretProvider(sType)
secrets, err := provider.GetSecretValues(ctx, descriptors[sType], curVerMap)
if err != nil {
klog.Errorf("Failure getting secret values from provider type %s: %s", sType, err)
return nil, err
}
fetchedSecrets = append(fetchedSecrets, secrets...) // Build up the list of all secrets
}
// Write out the secrets to the mount point after everything is fetched.
var files []*v1alpha1.File
for _, secret := range fetchedSecrets {
file, err := s.writeFile(secret, secret.Descriptor.GetFilePermission())
if err != nil {
return nil, err
}
if file != nil {
files = append(files, file)
}
}
// Build the version response from the current version map and return it.
var ov []*v1alpha1.ObjectVersion
for id := range curVerMap {
ov = append(ov, curVerMap[id])
}
return &v1alpha1.MountResponse{Files: files, ObjectVersion: ov}, nil
}