Merge pull request #908 from kubernetes-csi/revert-906-fix-password

andyzhangx · web-flow · commit 7dcb9ea40de0 · 2025-01-22T22:00:49.000+08:00
Revert "feat: support base64password field in secret"
diff --git a/Makefile b/Makefile
@@ -246,7 +246,7 @@ endif
 .PHONY: install-smb-provisioner
 install-smb-provisioner:
 	kubectl delete secret smbcreds --ignore-not-found -n default
-	kubectl create secret generic smbcreds --from-literal username=USERNAME --from-literal password="PASSWORD" --from-literal base64password="UEFTU1dPUkQ=" --from-literal mountOptions="dir_mode=0777,file_mode=0777,uid=0,gid=0,mfsymlinks" -n default
+	kubectl create secret generic smbcreds --from-literal username=USERNAME --from-literal password="PASSWORD" --from-literal mountOptions="dir_mode=0777,file_mode=0777,uid=0,gid=0,mfsymlinks" -n default
 ifdef TEST_WINDOWS
 	kubectl apply -f deploy/example/smb-provisioner/smb-server-lb.yaml
 else
diff --git a/pkg/smb/nodeserver.go b/pkg/smb/nodeserver.go
@@ -183,7 +183,7 @@ func (d *Driver) NodeStageVolume(ctx context.Context, req *csi.NodeStageVolumeRe
 	}
 	defer d.volumeLocks.Release(lockKey)
 
-	var username, password, base64Password, domain string
+	var username, password, domain string
 	for k, v := range secrets {
 		switch strings.ToLower(k) {
 		case usernameField:
@@ -192,20 +192,9 @@ func (d *Driver) NodeStageVolume(ctx context.Context, req *csi.NodeStageVolumeRe
 			password = strings.TrimSpace(v)
 		case domainField:
 			domain = strings.TrimSpace(v)
-		case base64PasswordField:
-			base64Password = strings.TrimSpace(v)
 		}
 	}
 
-	if base64Password != "" {
-		klog.V(2).Infof("NodeStageVolume: decoding password from base64 string")
-		decodePassword, err := base64.StdEncoding.DecodeString(base64Password)
-		if err != nil {
-			return nil, status.Error(codes.InvalidArgument, "error base64 decoding password")
-		}
-		password = string(decodePassword)
-	}
-
 	if ephemeralVol {
 		mountFlags = strings.Split(ephemeralVolMountOptions, ",")
 	}
diff --git a/pkg/smb/nodeserver_test.go b/pkg/smb/nodeserver_test.go
@@ -92,11 +92,6 @@ func TestNodeStageVolume(t *testing.T) {
 		passwordField: "test_password",
 		domainField:   "test_doamin",
 	}
-	secretsWithBase64Password := map[string]string{
-		usernameField: "test_username",
-		passwordField: base64.StdEncoding.EncodeToString([]byte("test_password")),
-		domainField:   "test_doamin",
-	}
 
 	tests := []struct {
 		desc        string
@@ -235,18 +230,6 @@ func TestNodeStageVolume(t *testing.T) {
 				strings.Replace(testSource, "\\", "\\\\", -1), sourceTest, testSource, sourceTest),
 			expectedErr: testutil.TestError{},
 		},
-		{
-			desc: "[Success] Valid request with base64 encoded password",
-			req: &csi.NodeStageVolumeRequest{VolumeId: "vol_1##", StagingTargetPath: sourceTest,
-				VolumeCapability: &stdVolCap,
-				VolumeContext:    volContext,
-				Secrets:          secretsWithBase64Password},
-			skipOnWindows: true,
-			flakyWindowsErrorMessage: fmt.Sprintf("rpc error: code = Internal desc = volume(vol_1##) mount \"%s\" on %#v failed with "+
-				"NewSmbGlobalMapping(%s, %s) failed with error: rpc error: code = Unknown desc = NewSmbGlobalMapping failed.",
-				strings.Replace(testSource, "\\", "\\\\", -1), sourceTest, testSource, sourceTest),
-			expectedErr: testutil.TestError{},
-		},
 	}
 
 	// Setup
diff --git a/pkg/smb/smb.go b/pkg/smb/smb.go
@@ -18,7 +18,6 @@ package smb
 
 import (
 	"context"
-	"encoding/base64"
 	"errors"
 	"fmt"
 	"net"
@@ -50,7 +49,6 @@ const (
 	sourceField               = "source"
 	subDirField               = "subdir"
 	domainField               = "domain"
-	base64PasswordField       = "base64password"
 	mountOptionsField         = "mountoptions"
 	secretNameField           = "secretname"
 	secretNamespaceField      = "secretnamespace"
@@ -234,15 +232,6 @@ func (d *Driver) GetUserNamePasswordFromSecret(ctx context.Context, secretName,
 	username := strings.TrimSpace(string(secret.Data[usernameField][:]))
 	password := strings.TrimSpace(string(secret.Data[passwordField][:]))
 	domain := strings.TrimSpace(string(secret.Data[domainField][:]))
-	base64Password := strings.TrimSpace(string(secret.Data[base64PasswordField][:]))
-	if base64Password != "" {
-		klog.V(2).Infof("decoding password from base64 string")
-		decodePassword, err := base64.StdEncoding.DecodeString(base64Password)
-		if err != nil {
-			return "", "", "", fmt.Errorf("could not decode password from base64 string: %v", err)
-		}
-		password = string(decodePassword)
-	}
 	return username, password, domain, nil
 }
 
diff --git a/pkg/smb/smb_test.go b/pkg/smb/smb_test.go
@@ -17,7 +17,6 @@ limitations under the License.
 package smb
 
 import (
-	"context"
 	"fmt"
 	"os"
 	"path/filepath"
@@ -521,33 +520,6 @@ users:
 	}
 }
 
-func TestGetUserNamePasswordFromSecret(t *testing.T) {
-	tests := []struct {
-		desc             string
-		secretName       string
-		secretNamespace  string
-		expectedUsername string
-		expectedPassword string
-		expectedDomain   string
-		expectedError    error
-	}{
-		{
-			desc:          "kubeclient is nil",
-			secretName:    "secretName",
-			expectedError: fmt.Errorf("could not username and password from secret(secretName): KubeClient is nil"),
-		},
-	}
-
-	d := NewFakeDriver()
-	for _, test := range tests {
-		username, password, domain, err := d.GetUserNamePasswordFromSecret(context.Background(), test.secretName, test.secretNamespace)
-		assert.Equal(t, test.expectedUsername, username, "test[%s]: unexpected username", test.desc)
-		assert.Equal(t, test.expectedPassword, password, "test[%s]: unexpected password", test.desc)
-		assert.Equal(t, test.expectedDomain, domain, "test[%s]: unexpected domain", test.desc)
-		assert.Equal(t, test.expectedError, err, "test[%s]: unexpected error", test.desc)
-	}
-}
-
 func createTestFile(path string) error {
 	f, err := os.Create(path)
 	if err != nil {
