Skip to content

Commit fc1868b

Browse files
saad-alisaad-ali
committed
Introduce credentials on create and publish calls
Introduce the ability to pass through end user credentials for authentication/authorization on calls that create and publish calls.
1 parent cf4d31c commit fc1868b

File tree

3 files changed

+375
-263
lines changed

3 files changed

+375
-263
lines changed

csi.proto

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -146,6 +146,11 @@ message CreateVolumeRequest {
146146
// This field is OPTIONAL. The Plugin is responsible for parsing and
147147
// validating these parameters. COs will treat these as opaque.
148148
map<string, string> parameters = 5;
149+
150+
// End user credentials used to authenticate/authorize volume creation
151+
// request.
152+
// This field is OPTIONAL.
153+
Credentials userCredentials = 6;
149154
}
150155

151156
message CreateVolumeResponse {
@@ -264,6 +269,18 @@ message VolumeMetadata {
264269
// each Plugin keeps this information as small as possible.
265270
map<string, string> values = 1;
266271
}
272+
273+
// A standard way to encode credential data. The total bytes of the values in
274+
// the Data field must be less than MaxSecretSize bytes.
275+
message Credentials {
276+
// Data contains the credential data, for example username and password. Each
277+
// key must consist of alphanumeric characters, '-', '_' or '.'. The
278+
// serialized form of the secret data is a base64 encoded string, representing
279+
// the arbitrary (possibly non-string) data value here.
280+
// This information is sensitive and should be treated as such (not logged,
281+
// etc.)
282+
map<string, bytes> Data = 1;
283+
}
267284
////////
268285
////////
269286
message DeleteVolumeRequest {
@@ -309,6 +326,10 @@ message ControllerPublishVolumeRequest {
309326
// Whether to publish the volume in readonly mode. This field is
310327
// REQUIRED.
311328
bool readonly = 5;
329+
330+
// End user credentials used to authenticate/authorize controller publish
331+
// request. This field is OPTIONAL.
332+
Credentials userCredentials = 6;
312333
}
313334

314335
message ControllerPublishVolumeResponse {
@@ -549,6 +570,10 @@ message NodePublishVolumeRequest {
549570
// Whether to publish the volume in readonly mode. This field is
550571
// REQUIRED.
551572
bool readonly = 7;
573+
574+
// End user credentials used to authenticate/authorize node publish request.
575+
// This field is OPTIONAL.
576+
Credentials userCredentials = 8;
552577
}
553578

554579
message NodePublishVolumeResponse {

0 commit comments

Comments
 (0)