get aliuid by metadata

kubernetes-sigs · Feb 22, 2024 · 77b1b8a · 77b1b8a
1 parent 5bddf6b
commit 77b1b8a
Show file tree

Hide file tree

Showing 7 changed files with 26 additions and 20 deletions.
diff --git a/pkg/cloud/metadata/ecs.go b/pkg/cloud/metadata/ecs.go
@@ -23,6 +23,7 @@ type InstanceIdentityDocument struct {
 	InstanceID   string `json:"instance-id"`
 	InstanceType string `json:"instance-type"`
 	SerialNumber string `json:"serial-number"`
+	AliUID       string `json:"owner-account-id"`
 }
 
 type ECSMetadata struct {
@@ -87,6 +88,8 @@ func (m *ECSMetadata) Get(key MetadataKey) (string, error) {
 		return m.idDoc.InstanceID, nil
 	case InstanceType:
 		return m.idDoc.InstanceType, nil
+	case AliUID:
+		return m.idDoc.AliUID, nil
 	default:
 		return "", ErrUnknownMetadataKey
 	}
@@ -98,7 +101,7 @@ type EcsFetcher struct {
 
 func (f *EcsFetcher) FetchFor(key MetadataKey) (MetadataProvider, error) {
 	switch key {
-	case RegionID, ZoneID, InstanceID, InstanceType:
+	case RegionID, ZoneID, InstanceID, InstanceType, AliUID:
 	default:
 		return nil, ErrUnknownMetadataKey
 	}

diff --git a/pkg/cloud/metadata/ecs_test.go b/pkg/cloud/metadata/ecs_test.go
@@ -89,6 +89,7 @@ func TestGetEcs(t *testing.T) {
 		ZoneID:       "cn-beijing-k",
 		InstanceID:   "i-2zec1slzwdzrwmvlr4w2",
 		InstanceType: "ecs.g7.xlarge",
+		AliUID:       "112233445566",
 	}
 	for k, v := range expected {
 		value, err := m.Get(k)

diff --git a/pkg/cloud/metadata/env.go b/pkg/cloud/metadata/env.go
@@ -5,7 +5,8 @@ import "os"
 type ENVMetadata struct{}
 
 var MetadataEnv = map[MetadataKey]string{
-	RegionID: "REGION_ID",
+	RegionID:  "REGION_ID",
+	AliUID:    "ALI_UID",
 }
 
 func (m *ENVMetadata) Get(key MetadataKey) (string, error) {

diff --git a/pkg/cloud/metadata/env_test.go b/pkg/cloud/metadata/env_test.go
@@ -8,8 +8,16 @@ import (
 
 func TestGetEnv(t *testing.T) {
 	t.Setenv("REGION_ID", "cn-hangzhou")
+	t.Setenv("ALI_UID", "112233445566")
 	m := &ENVMetadata{}
-	value, err := m.Get(RegionID)
-	assert.NoError(t, err)
-	assert.Equal(t, "cn-hangzhou", value)
+	expected := map[MetadataKey]string{
+		RegionID:  "cn-hangzhou",
+		AliUID:    "112233445566",
+	}
+	for k, v := range expected {
+		value, err := m.Get(k)
+		assert.NoError(t, err)
+		assert.Equal(t, v, value)
+	}
+
 }
diff --git a/pkg/cloud/metadata/metadata.go b/pkg/cloud/metadata/metadata.go
@@ -20,6 +20,7 @@ const (
 	ZoneID       MetadataKey = iota
 	InstanceID   MetadataKey = iota
 	InstanceType MetadataKey = iota
+	AliUID       MetadataKey = iota
 )
 
 func (k MetadataKey) String() string {
@@ -32,6 +33,8 @@ func (k MetadataKey) String() string {
 		return "InstanceID"
 	case InstanceType:
 		return "InstanceType"
+	case AliUID:
+		return "AliUID"
 	default:
 		return fmt.Sprintf("MetadataKey(%d)", k)
 	}

diff --git a/pkg/mounter/helper.go b/pkg/mounter/helper.go
@@ -98,16 +98,6 @@ func ValidateAnnotationsSize(annotations map[string]string) error {
 	return nil
 }
 
-// GetAliUid get aliUid from env or metadata server for RRSA
-func GetAliUid() (aliUid string) {
-	aliUid = os.Getenv("AlI_UID")
-	if aliUid != "" {
-		return
-	}
-	aliUid = utils.RetryGetMetaData(UidResource)
-	return
-}
-
 // GetClusterId get clusterId from env or profile for RRSA
 func GetClusterId() (clusterId string, err error) {
 	clusterId = os.Getenv("CLUSTER_ID")

diff --git a/pkg/mounter/ossfs.go b/pkg/mounter/ossfs.go
@@ -8,8 +8,8 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/kubernetes-sigs/alibaba-cloud-csi-driver/pkg/cloud/metadata"
 	"github.com/alibabacloud-go/tea/tea"
+	"github.com/kubernetes-sigs/alibaba-cloud-csi-driver/pkg/cloud/metadata"
 	"github.com/kubernetes-sigs/alibaba-cloud-csi-driver/pkg/utils"
 	log "github.com/sirupsen/logrus"
 	corev1 "k8s.io/api/core/v1"
@@ -30,9 +30,9 @@ const (
 	OssfsCsiMimeTypesFilePath = "/etc/csi-mime.types"
 
 	defaultRegistry = "registry-cn-hangzhou.ack.aliyuncs.com"
-	
-	CsiSecretStoreDriver      = "secrets-store.csi.k8s.io"
-	SecretProviderClassKey    = "secretProviderClass"
+
+	CsiSecretStoreDriver   = "secrets-store.csi.k8s.io"
+	SecretProviderClassKey = "secretProviderClass"
 )
 
 type fuseOssfs struct {
@@ -61,8 +61,8 @@ func NewFuseOssfs(configmap *corev1.ConfigMap, m metadata.MetadataProvider) Fuse
 		config.Resources.Requests[corev1.ResourceMemory] = resource.MustParse("50Mi")
 	}
 
+	aliUid, _ := m.Get(metadata.AliUID)
 	provider, _ := GetOIDCProvider()
-	aliUid := GetAliUid()
 	if provider == "" || aliUid == "" {
 		log.Warnf("Get OIDC provider: %s, user id: %s, cannot use RRSA to authorize fuse pods", provider, aliUid)
 	}