-
Notifications
You must be signed in to change notification settings - Fork 372
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Secrets in ListVolumes request #461
Comments
@lucianoq how do you handle |
No solutions from this side. We decided to postpone the implementation of the |
I'm not 100% clear on the use case for this. There are secrets for use w/ calls pertaining to singular volumes/snapshots. This looks like it might be the first place where secrets would be added for a "multi volume" call, and the motivation is not clear to me. If the plugin requires credentials to access a backend API then those credentials should be provided to the plugin executable via env or CLI args, etc. What am I missing here? |
Upon further review, it appears the the ListSnapshotsRequest RPC had secrets added recently. Im still not 100% clear on why this was needed vs. passing the credentials to the plugin executable at startup time. It sounds like @saad-ali spent some time thinking on this, and that it was related to different storage pools having different credentials. It's unclear to me how the CO decides which secrets are mapped to which storage pools, but perhaps that's not worth debating here since it's a CO implementation detail? That said/asked, I wonder what other context there might be for this issue. |
There are secrets on single volume requests, in order to check if the requester has the right to perform an action on the single volume (view/attach/mount/delete/...) |
I think you are referring to this comment #370 (comment)
That is why By the same logic I would be fine with adding it to ListVolumes request. |
Formally, I see this is covered by #164, but I think it is good to have it as a separate issue. ListVolumes is the only one we need secrets in right now in order to support that call. |
Just adding another use case here, in csi-s3 you might setup a |
It would be nice to have secrets available in the ListVolumes request.
In our use case, we need to know which volumes the user is allowed to see and which not.
I can attach a PR.
The text was updated successfully, but these errors were encountered: