Why don't some CSI requests have [parameters] or [secrets]?

Question

Why don't some CSI requests have [parameters] or [secrets]?

lambdaS-zh opened this issue 4 years ago · 5 comments

Referring to secrets requirements, secrets MAY be required by plugin to complete a RPC request. My understanding is that all volume operations in one SP context(e.g. StorageClass in k8s) share the same parameters or secrets, while all snapshot operations share another pack of parameters or secrets.

So why don't some CSI requests have parameters or secrets? I found that NodeUnstageVolumeRequest, NodeUnpublishVolumeRequest, ListVolumesRequest and some others don't have the 2 fields. By comparison, all snapshot requests have the field secrets.

Answer 1 · 2021-06-22T03:43:34.000Z

Do you have a use case that is blocked by the current API?

…

On Mon, Jun 21, 2021, 9:51 PM thonic ***@***.***> wrote: Referring to secrets requirements <https://github.com/container-storage-interface/spec/blob/master/spec.md#secrets-requirements>, secrets MAY be required by plugin to complete a RPC request. My understanding is that all volume operations in one SP context(e.g. StorageClass in k8s) share the same parameters or secrets, while all snapshot operations share another pack of parameters or secrets. So why don't some CSI requests have parameters or secrets? I found that NodeUnstageVolumeRequest, NodeUnpublishVolumeRequest, ListVolumesRequest and some others don't have the 2 fields. By comparison, all snapshot requests have the field secrets. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#484>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAR5KLDULMETCE7HMFEQB5TTT7UAHANCNFSM47CWJRXA> .

Answer 2 · 2021-06-22T05:32:06.000Z

@jdef not yet. But someone else may meet problems. For example, storage vendors may expect their plugin serves in front of multiple storage backends which have different credentials(#461). This may require all volume operations contain those informations.
I'm confused CreateVolumeRequest has those fields while ListVolumesRequest does not.
Personally, I just think it's better to keep the same style as those in snapshot.

Answer 3 · 2021-06-22T05:48:48.000Z

@jdef On the other hand, also I'm not sure whether this use case should be supported. Maybe this should be solved by storage backends themselves.

Answer 4 · 2021-06-22T09:10:09.000Z

For the 3 API calls you mention explicitly, I believe it was intentional to exclude per volume parameters and/or secrets. Credentials/parameters needed to access a SP backend API, that are not volume specific, should be provided at plug-in deploy-time by the operator and/or process that runs the plug-in itself. If there is no blocked use case, please close this ticket.

…

On Tue, Jun 22, 2021, 1:49 AM thonic ***@***.***> wrote: @jdef <https://github.com/jdef> On the other hand, also I'm not sure whether this use case should be supported. Maybe this should be solved by storage backends themselves. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#484 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAR5KLDHRONCC5X4AN4QMX3TUAP45ANCNFSM47CWJRXA> .

Answer 5 · 2021-06-22T09:31:19.000Z

@jdef By the same logic, is the secrets of ListSnapshotsRequest snapshot specific?