From f1ee18bef2c81cbd5f19a4c31924d1eb4915c5f3 Mon Sep 17 00:00:00 2001 From: Tim Gross Date: Wed, 23 Mar 2022 11:10:36 -0400 Subject: [PATCH] csi: allow -secret flag in `nomad volume snapshot create` command Pass-through the `-secret` flag to allow overriding the secrets we've stored on the CSI volume in the state store. --- .changelog/12360.txt | 3 +++ command/volume_snapshot_create.go | 20 +++++++++++++++++++ nomad/csi_endpoint.go | 8 +++++++- .../docs/commands/volume/snapshot-create.mdx | 5 +++++ 4 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 .changelog/12360.txt diff --git a/.changelog/12360.txt b/.changelog/12360.txt new file mode 100644 index 000000000000..9ebde4f5cae6 --- /dev/null +++ b/.changelog/12360.txt @@ -0,0 +1,3 @@ +```release-note:improvement +csi: Added `-secret` flag to `volume snapshot create` command +``` diff --git a/command/volume_snapshot_create.go b/command/volume_snapshot_create.go index 4fcfdcd73455..0b612336e86d 100644 --- a/command/volume_snapshot_create.go +++ b/command/volume_snapshot_create.go @@ -6,6 +6,7 @@ import ( "github.com/hashicorp/nomad/api" "github.com/hashicorp/nomad/api/contexts" + flaghelper "github.com/hashicorp/nomad/helper/flags" "github.com/posener/complete" ) @@ -30,6 +31,14 @@ Usage: nomad volume snapshot create [snapshot_name] When ACLs are enabled, this command requires a token with the 'csi-write-volume' capability for the volume's namespace. + +Snapshot Create Options: + + -secret + Secrets to pass to the plugin to list snapshots. Accepts multiple + flags in the form -secret key=value + + General Options: ` + generalOptionsUsage(usageOptsDefault) + ` @@ -70,7 +79,9 @@ func (c *VolumeSnapshotCreateCommand) Run(args []string) int { flags.Usage = func() { c.Ui.Output(c.Help()) } var verbose bool + var secretsArgs flaghelper.StringFlag flags.BoolVar(&verbose, "verbose", false, "") + flags.Var(&secretsArgs, "secret", "secrets for snapshot, ex. -secret key=value") if err := flags.Parse(args); err != nil { c.Ui.Error(fmt.Sprintf("Error parsing arguments %s", err)) @@ -97,9 +108,18 @@ func (c *VolumeSnapshotCreateCommand) Run(args []string) int { return 1 } + secrets := api.CSISecrets{} + for _, kv := range secretsArgs { + s := strings.Split(kv, "=") + if len(s) == 2 { + secrets[s[0]] = s[1] + } + } + snaps, _, err := client.CSIVolumes().CreateSnapshot(&api.CSISnapshot{ SourceVolumeID: volID, Name: snapshotName, + Secrets: secrets, }, nil) if err != nil { c.Ui.Error(fmt.Sprintf("Error snapshotting volume: %s", err)) diff --git a/nomad/csi_endpoint.go b/nomad/csi_endpoint.go index add9c3cd8b80..4043955cc2d3 100644 --- a/nomad/csi_endpoint.go +++ b/nomad/csi_endpoint.go @@ -1195,10 +1195,16 @@ func (v *CSIVolume) CreateSnapshot(args *structs.CSISnapshotCreateRequest, reply continue } + secrets := vol.Secrets + for k, v := range snap.Secrets { + // merge request secrets onto volume secrets + secrets[k] = v + } + cReq := &cstructs.ClientCSIControllerCreateSnapshotRequest{ ExternalSourceVolumeID: vol.ExternalID, Name: snap.Name, - Secrets: vol.Secrets, + Secrets: secrets, Parameters: snap.Parameters, } cReq.PluginID = pluginID diff --git a/website/content/docs/commands/volume/snapshot-create.mdx b/website/content/docs/commands/volume/snapshot-create.mdx index 241e18e0ee7a..c7a58c0c9f62 100644 --- a/website/content/docs/commands/volume/snapshot-create.mdx +++ b/website/content/docs/commands/volume/snapshot-create.mdx @@ -35,6 +35,11 @@ When ACLs are enabled, this command requires a token with the @include 'general_options.mdx' +## Snapshot Create Options + +- `-secret`: Secrets to pass to the plugin to list snapshots. Accepts + multiple flags in the form `-secret key=value` + ## Examples Snapshot a volume: