scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-02 03:08:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #43396 from rootfs/iscsi-chap

Browse Source 
Automatic merge from submit-queue (batch tested with PRs 44119, 42538, 43802, 42336, 43396)

iSCSI CHAP support

**What this PR does / why we need it**:
To support CHAP authentication in a multi-tenant setup
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
Support iSCSI CHAP authentication
```
This commit is contained in:
Kubernetes Submit Queue
2017-04-07 14:09:42 -07:00
committed by GitHub
parent 0a7fa6926a 8eb6d6cfa7
commit 98a4c6ba7f
46 changed files with 3777 additions and 2614 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/api/pod/util.go
View File

@@ -88,6 +88,10 @@ func VisitPodSecretNames(pod *api.Pod, visitor func(string) bool) bool {
if source.ScaleIO.SecretRef != nil && !visitor(source.ScaleIO.SecretRef.Name) {
return false
}
case source.ISCSI != nil:
if source.ISCSI.SecretRef != nil && !visitor(source.ISCSI.SecretRef.Name) {
return false
}
}
}
return true

7
pkg/api/pod/util_test.go
View File

@@ -85,7 +85,11 @@ func TestPodSecrets(t *testing.T) {
VolumeSource: api.VolumeSource{
ScaleIO: &api.ScaleIOVolumeSource{
SecretRef: &api.LocalObjectReference{
Name: "Spec.Volumes[*].VolumeSource.ScaleIO.SecretRef"}}}}},
Name: "Spec.Volumes[*].VolumeSource.ScaleIO.SecretRef"}}}}, {
VolumeSource: api.VolumeSource{
ISCSI: &api.ISCSIVolumeSource{
SecretRef: &api.LocalObjectReference{
Name: "Spec.Volumes[*].VolumeSource.ISCSI.SecretRef"}}}}},
},
}
extractedNames := sets.NewString()
@@ -114,6 +118,7 @@ func TestPodSecrets(t *testing.T) {
"Spec.Volumes[*].VolumeSource.Secret",
"Spec.Volumes[*].VolumeSource.Secret.SecretName",
"Spec.Volumes[*].VolumeSource.ScaleIO.SecretRef",
"Spec.Volumes[*].VolumeSource.ISCSI.SecretRef",
)
secretPaths := collectSecretPaths(t, nil, "", reflect.TypeOf(&api.Pod{}))
secretPaths = secretPaths.Difference(excludedSecretPaths)

12
pkg/api/types.go
View File

@@ -653,10 +653,20 @@ type ISCSIVolumeSource struct {
// the ReadOnly setting in VolumeMounts.
// +optional
ReadOnly bool
// Required: list of iSCSI target portal ips for high availability.
// Optional: list of iSCSI target portal ips for high availability.
// the portal is either an IP or ip_addr:port if port is other than default (typically TCP ports 860 and 3260)
// +optional
Portals []string
// Optional: whether support iSCSI Discovery CHAP authentication
// +optional
DiscoveryCHAPAuth bool
// Optional: whether support iSCSI Session CHAP authentication
// +optional
SessionCHAPAuth bool
// Optional: CHAP secret for iSCSI target and initiator authentication.
// The secret is used if either DiscoveryCHAPAuth or SessionCHAPAuth is true
// +optional
SecretRef *LocalObjectReference
}
// Represents a Fibre Channel volume.

2430
pkg/api/v1/generated.pb.go
View File

File diff suppressed because it is too large Load Diff

12
pkg/api/v1/generated.proto
View File

@@ -1227,6 +1227,18 @@ message ISCSIVolumeSource {
// is other than default (typically TCP ports 860 and 3260).
// +optional
repeated string portals = 7;
// whether support iSCSI Discovery CHAP authentication
// +optional
optional bool chapAuthDiscovery = 8;
// whether support iSCSI Session CHAP authentication
// +optional
optional bool chapAuthSession = 11;
// CHAP secret for iSCSI target and initiator authentication
// +optional
optional LocalObjectReference secretRef = 10;
}
// Maps a string key to a path within a volume.

5
pkg/api/v1/pod/util.go
View File

@@ -176,7 +176,10 @@ func VisitPodSecretNames(pod *v1.Pod, visitor func(string) bool) bool {
if source.ScaleIO.SecretRef != nil && !visitor(source.ScaleIO.SecretRef.Name) {
return false
}
case source.ISCSI != nil:
if source.ISCSI.SecretRef != nil && !visitor(source.ISCSI.SecretRef.Name) {
return false
}
}
}
return true

7
pkg/api/v1/pod/util_test.go
View File

@@ -253,7 +253,11 @@ func TestPodSecrets(t *testing.T) {
VolumeSource: v1.VolumeSource{
ScaleIO: &v1.ScaleIOVolumeSource{
SecretRef: &v1.LocalObjectReference{
Name: "Spec.Volumes[*].VolumeSource.ScaleIO.SecretRef"}}}}},
Name: "Spec.Volumes[*].VolumeSource.ScaleIO.SecretRef"}}}}, {
VolumeSource: v1.VolumeSource{
ISCSI: &v1.ISCSIVolumeSource{
SecretRef: &v1.LocalObjectReference{
Name: "Spec.Volumes[*].VolumeSource.ISCSI.SecretRef"}}}}},
},
}
extractedNames := sets.NewString()
@@ -282,6 +286,7 @@ func TestPodSecrets(t *testing.T) {
"Spec.Volumes[*].VolumeSource.Secret",
"Spec.Volumes[*].VolumeSource.Secret.SecretName",
"Spec.Volumes[*].VolumeSource.ScaleIO.SecretRef",
"Spec.Volumes[*].VolumeSource.ISCSI.SecretRef",
)
secretPaths := collectSecretPaths(t, nil, "", reflect.TypeOf(&v1.Pod{}))
secretPaths = secretPaths.Difference(excludedSecretPaths)

326
pkg/api/v1/types.generated.go
View File

@@ -15958,16 +15958,19 @@ func (x *ISCSIVolumeSource) CodecEncodeSelf(e *codec1978.Encoder) {
} else {
yysep2 := !z.EncBinary()
yy2arr2 := z.EncBasicHandle().StructToArray
var yyq2 [7]bool
var yyq2 [10]bool
_, _, _ = yysep2, yyq2, yy2arr2
const yyr2 bool = false
yyq2[3] = x.ISCSIInterface != ""
yyq2[4] = x.FSType != ""
yyq2[5] = x.ReadOnly != false
yyq2[6] = len(x.Portals) != 0
yyq2[7] = x.DiscoveryCHAPAuth != false
yyq2[8] = x.SessionCHAPAuth != false
yyq2[9] = x.SecretRef != nil
var yynn2 int
if yyr2 || yy2arr2 {
r.EncodeArrayStart(7)
r.EncodeArrayStart(10)
} else {
yynn2 = 3
for _, b := range yyq2 {
@@ -16143,6 +16146,79 @@ func (x *ISCSIVolumeSource) CodecEncodeSelf(e *codec1978.Encoder) {
}
}
}
if yyr2 || yy2arr2 {
z.EncSendContainerState(codecSelfer_containerArrayElem1234)
if yyq2[7] {
yym25 := z.EncBinary()
_ = yym25
if false {
} else {
r.EncodeBool(bool(x.DiscoveryCHAPAuth))
}
} else {
r.EncodeBool(false)
}
} else {
if yyq2[7] {
z.EncSendContainerState(codecSelfer_containerMapKey1234)
r.EncodeString(codecSelferC_UTF81234, string("chapAuthDiscovery"))
z.EncSendContainerState(codecSelfer_containerMapValue1234)
yym26 := z.EncBinary()
_ = yym26
if false {
} else {
r.EncodeBool(bool(x.DiscoveryCHAPAuth))
}
}
}
if yyr2 || yy2arr2 {
z.EncSendContainerState(codecSelfer_containerArrayElem1234)
if yyq2[8] {
yym28 := z.EncBinary()
_ = yym28
if false {
} else {
r.EncodeBool(bool(x.SessionCHAPAuth))
}
} else {
r.EncodeBool(false)
}
} else {
if yyq2[8] {
z.EncSendContainerState(codecSelfer_containerMapKey1234)
r.EncodeString(codecSelferC_UTF81234, string("chapAuthSession"))
z.EncSendContainerState(codecSelfer_containerMapValue1234)
yym29 := z.EncBinary()
_ = yym29
if false {
} else {
r.EncodeBool(bool(x.SessionCHAPAuth))
}
}
}
if yyr2 || yy2arr2 {
z.EncSendContainerState(codecSelfer_containerArrayElem1234)
if yyq2[9] {
if x.SecretRef == nil {
r.EncodeNil()
} else {
x.SecretRef.CodecEncodeSelf(e)
}
} else {
r.EncodeNil()
}
} else {
if yyq2[9] {
z.EncSendContainerState(codecSelfer_containerMapKey1234)
r.EncodeString(codecSelferC_UTF81234, string("secretRef"))
z.EncSendContainerState(codecSelfer_containerMapValue1234)
if x.SecretRef == nil {
r.EncodeNil()
} else {
x.SecretRef.CodecEncodeSelf(e)
}
}
}
if yyr2 || yy2arr2 {
z.EncSendContainerState(codecSelfer_containerArrayEnd1234)
} else {
@@ -16288,6 +16364,41 @@ func (x *ISCSIVolumeSource) codecDecodeSelfFromMap(l int, d *codec1978.Decoder)
z.F.DecSliceStringX(yyv16, false, d)
}
}
case "chapAuthDiscovery":
if r.TryDecodeAsNil() {
x.DiscoveryCHAPAuth = false
} else {
yyv18 := &x.DiscoveryCHAPAuth
yym19 := z.DecBinary()
_ = yym19
if false {
} else {
*((*bool)(yyv18)) = r.DecodeBool()
}
}
case "chapAuthSession":
if r.TryDecodeAsNil() {
x.SessionCHAPAuth = false
} else {
yyv20 := &x.SessionCHAPAuth
yym21 := z.DecBinary()
_ = yym21
if false {
} else {
*((*bool)(yyv20)) = r.DecodeBool()
}
}
case "secretRef":
if r.TryDecodeAsNil() {
if x.SecretRef != nil {
x.SecretRef = nil
}
} else {
if x.SecretRef == nil {
x.SecretRef = new(LocalObjectReference)
}
x.SecretRef.CodecDecodeSelf(d)
}
default:
z.DecStructFieldNotFound(-1, yys3)
} // end switch yys3
@@ -16299,16 +16410,16 @@ func (x *ISCSIVolumeSource) codecDecodeSelfFromArray(l int, d *codec1978.Decoder
var h codecSelfer1234
z, r := codec1978.GenHelperDecoder(d)
_, _, _ = h, z, r
var yyj18 int
var yyb18 bool
var yyhl18 bool = l >= 0
yyj18++
if yyhl18 {
yyb18 = yyj18 > l
var yyj23 int
var yyb23 bool
var yyhl23 bool = l >= 0
yyj23++
if yyhl23 {
yyb23 = yyj23 > l
} else {
yyb18 = r.CheckBreak()
yyb23 = r.CheckBreak()
}
if yyb18 {
if yyb23 {
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
return
}
@@ -16316,21 +16427,21 @@ func (x *ISCSIVolumeSource) codecDecodeSelfFromArray(l int, d *codec1978.Decoder
if r.TryDecodeAsNil() {
x.TargetPortal = ""
} else {
yyv19 := &x.TargetPortal
yym20 := z.DecBinary()
_ = yym20
yyv24 := &x.TargetPortal
yym25 := z.DecBinary()
_ = yym25
if false {
} else {
*((*string)(yyv19)) = r.DecodeString()
*((*string)(yyv24)) = r.DecodeString()
}
}
yyj18++
if yyhl18 {
yyb18 = yyj18 > l
yyj23++
if yyhl23 {
yyb23 = yyj23 > l
} else {
yyb18 = r.CheckBreak()
yyb23 = r.CheckBreak()
}
if yyb18 {
if yyb23 {
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
return
}
@@ -16338,21 +16449,21 @@ func (x *ISCSIVolumeSource) codecDecodeSelfFromArray(l int, d *codec1978.Decoder
if r.TryDecodeAsNil() {
x.IQN = ""
} else {
yyv21 := &x.IQN
yym22 := z.DecBinary()
_ = yym22
yyv26 := &x.IQN
yym27 := z.DecBinary()
_ = yym27
if false {
} else {
*((*string)(yyv21)) = r.DecodeString()
*((*string)(yyv26)) = r.DecodeString()
}
}
yyj18++
if yyhl18 {
yyb18 = yyj18 > l
yyj23++
if yyhl23 {
yyb23 = yyj23 > l
} else {
yyb18 = r.CheckBreak()
yyb23 = r.CheckBreak()
}
if yyb18 {
if yyb23 {
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
return
}
@@ -16360,21 +16471,21 @@ func (x *ISCSIVolumeSource) codecDecodeSelfFromArray(l int, d *codec1978.Decoder
if r.TryDecodeAsNil() {
x.Lun = 0
} else {
yyv23 := &x.Lun
yym24 := z.DecBinary()
_ = yym24
yyv28 := &x.Lun
yym29 := z.DecBinary()
_ = yym29
if false {
} else {
*((*int32)(yyv23)) = int32(r.DecodeInt(32))
*((*int32)(yyv28)) = int32(r.DecodeInt(32))
}
}
yyj18++
if yyhl18 {
yyb18 = yyj18 > l
yyj23++
if yyhl23 {
yyb23 = yyj23 > l
} else {
yyb18 = r.CheckBreak()
yyb23 = r.CheckBreak()
}
if yyb18 {
if yyb23 {
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
return
}
@@ -16382,21 +16493,21 @@ func (x *ISCSIVolumeSource) codecDecodeSelfFromArray(l int, d *codec1978.Decoder
if r.TryDecodeAsNil() {
x.ISCSIInterface = ""
} else {
yyv25 := &x.ISCSIInterface
yym26 := z.DecBinary()
_ = yym26
yyv30 := &x.ISCSIInterface
yym31 := z.DecBinary()
_ = yym31
if false {
} else {
*((*string)(yyv25)) = r.DecodeString()
*((*string)(yyv30)) = r.DecodeString()
}
}
yyj18++
if yyhl18 {
yyb18 = yyj18 > l
yyj23++
if yyhl23 {
yyb23 = yyj23 > l
} else {
yyb18 = r.CheckBreak()
yyb23 = r.CheckBreak()
}
if yyb18 {
if yyb23 {
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
return
}
@@ -16404,21 +16515,21 @@ func (x *ISCSIVolumeSource) codecDecodeSelfFromArray(l int, d *codec1978.Decoder
if r.TryDecodeAsNil() {
x.FSType = ""
} else {
yyv27 := &x.FSType
yym28 := z.DecBinary()
_ = yym28
yyv32 := &x.FSType
yym33 := z.DecBinary()
_ = yym33
if false {
} else {
*((*string)(yyv27)) = r.DecodeString()
*((*string)(yyv32)) = r.DecodeString()
}
}
yyj18++
if yyhl18 {
yyb18 = yyj18 > l
yyj23++
if yyhl23 {
yyb23 = yyj23 > l
} else {
yyb18 = r.CheckBreak()
yyb23 = r.CheckBreak()
}
if yyb18 {
if yyb23 {
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
return
}
@@ -16426,21 +16537,21 @@ func (x *ISCSIVolumeSource) codecDecodeSelfFromArray(l int, d *codec1978.Decoder
if r.TryDecodeAsNil() {
x.ReadOnly = false
} else {
yyv29 := &x.ReadOnly
yym30 := z.DecBinary()
_ = yym30
yyv34 := &x.ReadOnly
yym35 := z.DecBinary()
_ = yym35
if false {
} else {
*((*bool)(yyv29)) = r.DecodeBool()
*((*bool)(yyv34)) = r.DecodeBool()
}
}
yyj18++
if yyhl18 {
yyb18 = yyj18 > l
yyj23++
if yyhl23 {
yyb23 = yyj23 > l
} else {
yyb18 = r.CheckBreak()
yyb23 = r.CheckBreak()
}
if yyb18 {
if yyb23 {
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
return
}
@@ -16448,26 +16559,91 @@ func (x *ISCSIVolumeSource) codecDecodeSelfFromArray(l int, d *codec1978.Decoder
if r.TryDecodeAsNil() {
x.Portals = nil
} else {
yyv31 := &x.Portals
yym32 := z.DecBinary()
_ = yym32
yyv36 := &x.Portals
yym37 := z.DecBinary()
_ = yym37
if false {
} else {
z.F.DecSliceStringX(yyv31, false, d)
z.F.DecSliceStringX(yyv36, false, d)
}
}
for {
yyj18++
if yyhl18 {
yyb18 = yyj18 > l
yyj23++
if yyhl23 {
yyb23 = yyj23 > l
} else {
yyb23 = r.CheckBreak()
}
if yyb23 {
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
return
}
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
if r.TryDecodeAsNil() {
x.DiscoveryCHAPAuth = false
} else {
yyv38 := &x.DiscoveryCHAPAuth
yym39 := z.DecBinary()
_ = yym39
if false {
} else {
yyb18 = r.CheckBreak()
*((*bool)(yyv38)) = r.DecodeBool()
}
if yyb18 {
}
yyj23++
if yyhl23 {
yyb23 = yyj23 > l
} else {
yyb23 = r.CheckBreak()
}
if yyb23 {
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
return
}
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
if r.TryDecodeAsNil() {
x.SessionCHAPAuth = false
} else {
yyv40 := &x.SessionCHAPAuth
yym41 := z.DecBinary()
_ = yym41
if false {
} else {
*((*bool)(yyv40)) = r.DecodeBool()
}
}
yyj23++
if yyhl23 {
yyb23 = yyj23 > l
} else {
yyb23 = r.CheckBreak()
}
if yyb23 {
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
return
}
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
if r.TryDecodeAsNil() {
if x.SecretRef != nil {
x.SecretRef = nil
}
} else {
if x.SecretRef == nil {
x.SecretRef = new(LocalObjectReference)
}
x.SecretRef.CodecDecodeSelf(d)
}
for {
yyj23++
if yyhl23 {
yyb23 = yyj23 > l
} else {
yyb23 = r.CheckBreak()
}
if yyb23 {
break
}
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
z.DecStructFieldNotFound(yyj18-1, "")
z.DecStructFieldNotFound(yyj23-1, "")
}
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
}

9
pkg/api/v1/types.go
View File

@@ -1047,6 +1047,15 @@ type ISCSIVolumeSource struct {
// is other than default (typically TCP ports 860 and 3260).
// +optional
Portals []string `json:"portals,omitempty" protobuf:"bytes,7,opt,name=portals"`
// whether support iSCSI Discovery CHAP authentication
// +optional
DiscoveryCHAPAuth bool `json:"chapAuthDiscovery,omitempty" protobuf:"varint,8,opt,name=chapAuthDiscovery"`
// whether support iSCSI Session CHAP authentication
// +optional
SessionCHAPAuth bool `json:"chapAuthSession,omitempty" protobuf:"varint,11,opt,name=chapAuthSession"`
// CHAP secret for iSCSI target and initiator authentication
// +optional
SecretRef *LocalObjectReference `json:"secretRef,omitempty" protobuf:"bytes,10,opt,name=secretRef"`
}
// Represents a Fibre Channel volume.

19
pkg/api/v1/types_swagger_doc_generated.go
View File

@@ -650,14 +650,17 @@ func (HostPathVolumeSource) SwaggerDoc() map[string]string {
}
var map_ISCSIVolumeSource = map[string]string{
"": "Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.",
"targetPortal": "iSCSI target portal. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).",
"iqn": "Target iSCSI Qualified Name.",
"lun": "iSCSI target lun number.",
"iscsiInterface": "Optional: Defaults to 'default' (tcp). iSCSI interface name that uses an iSCSI transport.",
"fsType": "Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: http://kubernetes.io/docs/user-guide/volumes#iscsi",
"readOnly": "ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.",
"portals": "iSCSI target portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).",
"": "Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.",
"targetPortal": "iSCSI target portal. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).",
"iqn": "Target iSCSI Qualified Name.",
"lun": "iSCSI target lun number.",
"iscsiInterface": "Optional: Defaults to 'default' (tcp). iSCSI interface name that uses an iSCSI transport.",
"fsType": "Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: http://kubernetes.io/docs/user-guide/volumes#iscsi",
"readOnly": "ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.",
"portals": "iSCSI target portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).",
"chapAuthDiscovery": "whether support iSCSI Discovery CHAP authentication",
"chapAuthSession": "whether support iSCSI Session CHAP authentication",
"secretRef": "CHAP secret for iSCSI target and initiator authentication",
}
func (ISCSIVolumeSource) SwaggerDoc() map[string]string {

6
pkg/api/v1/zz_generated.conversion.go
View File

@@ -1706,6 +1706,9 @@ func autoConvert_v1_ISCSIVolumeSource_To_api_ISCSIVolumeSource(in *ISCSIVolumeSo
out.FSType = in.FSType
out.ReadOnly = in.ReadOnly
out.Portals = *(*[]string)(unsafe.Pointer(&in.Portals))
out.DiscoveryCHAPAuth = in.DiscoveryCHAPAuth
out.SessionCHAPAuth = in.SessionCHAPAuth
out.SecretRef = (*api.LocalObjectReference)(unsafe.Pointer(in.SecretRef))
return nil
}
@@ -1721,6 +1724,9 @@ func autoConvert_api_ISCSIVolumeSource_To_v1_ISCSIVolumeSource(in *api.ISCSIVolu
out.FSType = in.FSType
out.ReadOnly = in.ReadOnly
out.Portals = *(*[]string)(unsafe.Pointer(&in.Portals))
out.DiscoveryCHAPAuth = in.DiscoveryCHAPAuth
out.SessionCHAPAuth = in.SessionCHAPAuth
out.SecretRef = (*LocalObjectReference)(unsafe.Pointer(in.SecretRef))
return nil
}

5
pkg/api/v1/zz_generated.deepcopy.go
View File

@@ -1198,6 +1198,11 @@ func DeepCopy_v1_ISCSIVolumeSource(in interface{}, out interface{}, c *conversio
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.SecretRef != nil {
in, out := &in.SecretRef, &out.SecretRef
*out = new(LocalObjectReference)
**out = **in
}
return nil
}
}

3
pkg/api/validation/validation.go
View File

@@ -622,6 +622,9 @@ func validateISCSIVolumeSource(iscsi *api.ISCSIVolumeSource, fldPath *field.Path
if iscsi.Lun < 0 || iscsi.Lun > 255 {
allErrs = append(allErrs, field.Invalid(fldPath.Child("lun"), iscsi.Lun, validation.InclusiveRangeError(0, 255)))
}
if (iscsi.DiscoveryCHAPAuth || iscsi.SessionCHAPAuth) && iscsi.SecretRef == nil {
allErrs = append(allErrs, field.Required(fldPath.Child("secretRef"), ""))
}
return allErrs
}

36
pkg/api/validation/validation_test.go
View File

@@ -948,6 +948,42 @@ func TestValidateVolumes(t *testing.T) {
errtype: field.ErrorTypeRequired,
errfield: "iscsi.iqn",
},
{
name: "empty secret",
vol: api.Volume{
Name: "iscsi",
VolumeSource: api.VolumeSource{
ISCSI: &api.ISCSIVolumeSource{
TargetPortal: "127.0.0.1",
IQN: "iqn.2015-02.example.com:test",
Lun: 1,
FSType: "ext4",
ReadOnly: false,
DiscoveryCHAPAuth: true,
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "iscsi.secretRef",
},
{
name: "empty secret",
vol: api.Volume{
Name: "iscsi",
VolumeSource: api.VolumeSource{
ISCSI: &api.ISCSIVolumeSource{
TargetPortal: "127.0.0.1",
IQN: "iqn.2015-02.example.com:test",
Lun: 1,
FSType: "ext4",
ReadOnly: false,
SessionCHAPAuth: true,
},
},
},
errtype: field.ErrorTypeRequired,
errfield: "iscsi.secretRef",
},
// Secret
{
name: "valid Secret",

5
pkg/api/zz_generated.deepcopy.go
View File

@@ -1226,6 +1226,11 @@ func DeepCopy_api_ISCSIVolumeSource(in interface{}, out interface{}, c *conversi
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.SecretRef != nil {
in, out := &in.SecretRef, &out.SecretRef
*out = new(LocalObjectReference)
**out = **in
}
return nil
}
}