csi: add -secret and -parameter flag to volume snapshot create

Pass-through the `-secret` and `-parameter` flags to allow setting parameters for the snapshot and overriding the secrets we've stored on the CSI volume in the state store.
hashicorp · Mar 23, 2022 · d2ea348 · d2ea348
1 parent fe65d80
commit d2ea348
Show file tree

Hide file tree

Showing 6 changed files with 57 additions and 2 deletions.
diff --git a/.changelog/12360.txt b/.changelog/12360.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+csi: Added `-secret` and `-parameter` flags to `volume snapshot create` command
+```
diff --git a/api/csi.go b/api/csi.go
@@ -120,6 +120,10 @@ func (v *CSIVolumes) CreateSnapshot(snap *CSISnapshot, w *WriteOptions) (*CSISna
 	req := &CSISnapshotCreateRequest{
 		Snapshots: []*CSISnapshot{snap},
 	}
+	if w == nil {
+		w = &WriteOptions{}
+	}
+	w.SetHeadersFromCSISecrets(snap.Secrets)
 	resp := &CSISnapshotCreateResponse{}
 	meta, err := v.client.write("/v1/volumes/snapshot", req, resp, w)
 	return resp, meta, err

diff --git a/command/volume_snapshot_create.go b/command/volume_snapshot_create.go
@@ -6,6 +6,7 @@ import (
 
 	"github.com/hashicorp/nomad/api"
 	"github.com/hashicorp/nomad/api/contexts"
+	flaghelper "github.com/hashicorp/nomad/helper/flags"
 	"github.com/posener/complete"
 )
 
@@ -30,6 +31,17 @@ Usage: nomad volume snapshot create <volume id> [snapshot_name]
   When ACLs are enabled, this command requires a token with the
   'csi-write-volume' capability for the volume's namespace.
 
+
+Snapshot Create Options:
+
+  -secret
+    Secrets to pass to the plugin to create snapshot. Accepts multiple
+    flags in the form -secret key=value
+
+  -parameter
+    Parameters to pass to the plugin to create a snapshot. Accepts multiple
+    flags in the form -parameter key=value
+
 General Options:
 
   ` + generalOptionsUsage(usageOptsDefault) + `
@@ -70,7 +82,11 @@ func (c *VolumeSnapshotCreateCommand) Run(args []string) int {
 	flags.Usage = func() { c.Ui.Output(c.Help()) }
 
 	var verbose bool
+	var parametersArgs flaghelper.StringFlag
+	var secretsArgs flaghelper.StringFlag
 	flags.BoolVar(&verbose, "verbose", false, "")
+	flags.Var(&parametersArgs, "parameter", "parameters for snapshot, ex. -parameter key=value")
+	flags.Var(&secretsArgs, "secret", "secrets for snapshot, ex. -secret key=value")
 
 	if err := flags.Parse(args); err != nil {
 		c.Ui.Error(fmt.Sprintf("Error parsing arguments %s", err))
@@ -97,9 +113,27 @@ func (c *VolumeSnapshotCreateCommand) Run(args []string) int {
 		return 1
 	}
 
+	secrets := api.CSISecrets{}
+	for _, kv := range secretsArgs {
+		s := strings.Split(kv, "=")
+		if len(s) == 2 {
+			secrets[s[0]] = s[1]
+		}
+	}
+
+	params := map[string]string{}
+	for _, kv := range parametersArgs {
+		p := strings.Split(kv, "=")
+		if len(p) == 2 {
+			params[p[0]] = p[1]
+		}
+	}
+
 	snaps, _, err := client.CSIVolumes().CreateSnapshot(&api.CSISnapshot{
 		SourceVolumeID: volID,
 		Name:           snapshotName,
+		Secrets:        secrets,
+		Parameters:     params,
 	}, nil)
 	if err != nil {
 		c.Ui.Error(fmt.Sprintf("Error snapshotting volume: %s", err))

diff --git a/command/volume_snapshot_delete.go b/command/volume_snapshot_delete.go
@@ -77,7 +77,7 @@ func (c *VolumeSnapshotDeleteCommand) Run(args []string) int {
 	}
 	// Check that we get exactly two arguments
 	args = flags.Args()
-	if l := len(args); l != 2 {
+	if l := len(args); l < 2 {
 		c.Ui.Error("This command takes two arguments: <plugin id> <snapshot id>")
 		c.Ui.Error(commandErrorText(c))
 		return 1

diff --git a/nomad/csi_endpoint.go b/nomad/csi_endpoint.go
@@ -1195,10 +1195,16 @@ func (v *CSIVolume) CreateSnapshot(args *structs.CSISnapshotCreateRequest, reply
 			continue
 		}
 
+		secrets := vol.Secrets
+		for k, v := range snap.Secrets {
+			// merge request secrets onto volume secrets
+			secrets[k] = v
+		}
+
 		cReq := &cstructs.ClientCSIControllerCreateSnapshotRequest{
 			ExternalSourceVolumeID: vol.ExternalID,
 			Name:                   snap.Name,
-			Secrets:                vol.Secrets,
+			Secrets:                secrets,
 			Parameters:             snap.Parameters,
 		}
 		cReq.PluginID = pluginID

diff --git a/website/content/docs/commands/volume/snapshot-create.mdx b/website/content/docs/commands/volume/snapshot-create.mdx
@@ -35,6 +35,14 @@ When ACLs are enabled, this command requires a token with the
 
 @include 'general_options.mdx'
 
+## Snapshot Create Options
+
+- `-parameter`: Parameters to pass to the plugin to create a
+  snapshot. Accepts multiple flags in the form `-parameter key=value`
+
+- `-secret`: Secrets to pass to the plugin to create a snapshot. Accepts
+  multiple flags in the form `-secret key=value`
+
 ## Examples
 
 Snapshot a volume: