@@ -196,18 +196,21 @@ message CreateVolumeRequest {
196196 // validating these parameters. COs will treat these as opaque.
197197 map <string , string > parameters = 5 ;
198198
199- // Credentials used by Controller plugin to authenticate/authorize
200- // volume creation request.
201- // This field contains credential data, for example username and
202- // password. Each key must consist of alphanumeric characters, '-',
203- // '_' or '.'. Each value MUST contain a valid string. An SP MAY
204- // choose to accept binary (non-string) data by using a binary-to-text
205- // encoding scheme, like base64. An SP SHALL advertise the
206- // requirements for credentials in documentation. COs SHALL permit
207- // passing through the required credentials. This information is
208- // sensitive and MUST be treated as such (not logged, etc.) by the CO.
199+ // Secrets required by plugin to complete volume creation request.
200+ // A secret is a string to string map where the key identifies the
201+ // name of the secret (e.g. "username" or "password"), and the value
202+ // contains the secret data (e.g. "bob" or "abc123").
203+ // Each key MUST consist of alphanumeric characters, '-', '_' or '.'.
204+ // Each value MUST contain a valid string. An SP MAY choose to accept
205+ // binary (non-string) data by using a binary-to-text encoding scheme,
206+ // like base64.
207+ // An SP SHALL advertise the requirements for required secret keys and
208+ // values in documentation.
209+ // COs SHALL permit passing through the required secrets.
210+ // This information is sensitive and MUST be treated as such (not
211+ // logged, etc.) by the CO.
209212 // This field is OPTIONAL.
210- map <string , string > controller_create_credentials = 6 ;
213+ map <string , string > provisioner_secrets = 6 ;
211214}
212215
213216message CreateVolumeResponse {
@@ -326,18 +329,21 @@ message DeleteVolumeRequest {
326329 // This field is REQUIRED.
327330 string volume_id = 2 ;
328331
329- // Credentials used by Controller plugin to authenticate/authorize
330- // volume deletion request.
331- // This field contains credential data, for example username and
332- // password. Each key must consist of alphanumeric characters, '-',
333- // '_' or '.'. Each value MUST contain a valid string. An SP MAY
334- // choose to accept binary (non-string) data by using a binary-to-text
335- // encoding scheme, like base64. An SP SHALL advertise the
336- // requirements for credentials in documentation. COs SHALL permit
337- // passing through the required credentials. This information is
338- // sensitive and MUST be treated as such (not logged, etc.) by the CO.
332+ // Secrets required by plugin to complete volume deletion request.
333+ // A secret is a string to string map where the key identifies the
334+ // name of the secret (e.g. "username" or "password"), and the value
335+ // contains the secret data (e.g. "bob" or "abc123").
336+ // Each key MUST consist of alphanumeric characters, '-', '_' or '.'.
337+ // Each value MUST contain a valid string. An SP MAY choose to accept
338+ // binary (non-string) data by using a binary-to-text encoding scheme,
339+ // like base64.
340+ // An SP SHALL advertise the requirements for required secret keys and
341+ // values in documentation.
342+ // COs SHALL permit passing through the required secrets.
343+ // This information is sensitive and MUST be treated as such (not
344+ // logged, etc.) by the CO.
339345 // This field is OPTIONAL.
340- map <string , string > controller_delete_credentials = 3 ;
346+ map <string , string > provisioner_secrets = 3 ;
341347}
342348
343349message DeleteVolumeResponse {}
@@ -363,18 +369,22 @@ message ControllerPublishVolumeRequest {
363369 // REQUIRED.
364370 bool readonly = 5 ;
365371
366- // Credentials used by Controller plugin to authenticate/authorize
367- // controller publish request.
368- // This field contains credential data, for example username and
369- // password. Each key must consist of alphanumeric characters, '-',
370- // '_' or '.'. Each value MUST contain a valid string. An SP MAY
371- // choose to accept binary (non-string) data by using a binary-to-text
372- // encoding scheme, like base64. An SP SHALL advertise the
373- // requirements for credentials in documentation. COs SHALL permit
374- // passing through the required credentials. This information is
375- // sensitive and MUST be treated as such (not logged, etc.) by the CO.
372+ // Secrets required by plugin to complete controller publish volume
373+ // request.
374+ // A secret is a string to string map where the key identifies the
375+ // name of the secret (e.g. "username" or "password"), and the value
376+ // contains the secret data (e.g. "bob" or "abc123").
377+ // Each key MUST consist of alphanumeric characters, '-', '_' or '.'.
378+ // Each value MUST contain a valid string. An SP MAY choose to accept
379+ // binary (non-string) data by using a binary-to-text encoding scheme,
380+ // like base64.
381+ // An SP SHALL advertise the requirements for required secret keys and
382+ // values in documentation.
383+ // COs SHALL permit passing through the required secrets.
384+ // This information is sensitive and MUST be treated as such (not
385+ // logged, etc.) by the CO.
376386 // This field is OPTIONAL.
377- map <string , string > controller_publish_credentials = 6 ;
387+ map <string , string > controller_publish_secrets = 6 ;
378388
379389 // Attributes of the volume to be used on a node. This field is
380390 // OPTIONAL and MUST match the attributes of the Volume identified
@@ -405,18 +415,24 @@ message ControllerUnpublishVolumeRequest {
405415 // the volume from all nodes it is published to.
406416 string node_id = 3 ;
407417
408- // Credentials used by Controller plugin to authenticate/authorize
409- // controller unpublish request.
410- // This field contains credential data, for example username and
411- // password. Each key must consist of alphanumeric characters, '-',
412- // '_' or '.'. Each value MUST contain a valid string. An SP MAY
413- // choose to accept binary (non-string) data by using a binary-to-text
414- // encoding scheme, like base64. An SP SHALL advertise the
415- // requirements for credentials in documentation. COs SHALL permit
416- // passing through the required credentials. This information is
417- // sensitive and MUST be treated as such (not logged, etc.) by the CO.
418+ // Secrets required by plugin to complete controller unpublish volume
419+ // request. This SHOULD be the same secrets passed to the
420+ // ControllerPublishVolume.
421+ // call for the specified volume.
422+ // A secret is a string to string map where the key identifies the
423+ // name of the secret (e.g. "username" or "password"), and the value
424+ // contains the secret data (e.g. "bob" or "abc123").
425+ // Each key MUST consist of alphanumeric characters, '-', '_' or '.'.
426+ // Each value MUST contain a valid string. An SP MAY choose to accept
427+ // binary (non-string) data by using a binary-to-text encoding scheme,
428+ // like base64.
429+ // An SP SHALL advertise the requirements for required secret keys and
430+ // values in documentation.
431+ // COs SHALL permit passing through the required secrets.
432+ // This information is sensitive and MUST be treated as such (not
433+ // logged, etc.) by the CO.
418434 // This field is OPTIONAL.
419- map <string , string > controller_unpublish_credentials = 4 ;
435+ map <string , string > controller_publish_secrets = 4 ;
420436}
421437
422438message ControllerUnpublishVolumeResponse {}
@@ -575,18 +591,21 @@ message NodeStageVolumeRequest {
575591 // This is a REQUIRED field.
576592 VolumeCapability volume_capability = 5 ;
577593
578- // Credentials used by Node plugin to authenticate/authorize node
579- // stage request.
580- // This field contains credential data, for example username and
581- // password. Each key must consist of alphanumeric characters, '-',
582- // '_' or '.'. Each value MUST contain a valid string. An SP MAY
583- // choose to accept binary (non-string) data by using a binary-to-text
584- // encoding scheme, like base64. An SP SHALL advertise the
585- // requirements for credentials in documentation. COs SHALL permit
586- // passing through the required credentials. This information is
587- // sensitive and MUST be treated as such (not logged, etc.) by the CO.
594+ // Secrets required by plugin to complete node stage volume request.
595+ // A secret is a string to string map where the key identifies the
596+ // name of the secret (e.g. "username" or "password"), and the value
597+ // contains the secret data (e.g. "bob" or "abc123").
598+ // Each key MUST consist of alphanumeric characters, '-', '_' or '.'.
599+ // Each value MUST contain a valid string. An SP MAY choose to accept
600+ // binary (non-string) data by using a binary-to-text encoding scheme,
601+ // like base64.
602+ // An SP SHALL advertise the requirements for required secret keys and
603+ // values in documentation.
604+ // COs SHALL permit passing through the required secrets.
605+ // This information is sensitive and MUST be treated as such (not
606+ // logged, etc.) by the CO.
588607 // This field is OPTIONAL.
589- map <string , string > node_stage_credentials = 6 ;
608+ map <string , string > node_stage_secrets = 6 ;
590609
591610 // Attributes of the volume to publish. This field is OPTIONAL and
592611 // MUST match the attributes of the VolumeInfo identified by
@@ -608,19 +627,6 @@ message NodeUnstageVolumeRequest {
608627 // path in the root filesystem of the process serving this request.
609628 // This is a REQUIRED field.
610629 string staging_target_path = 3 ;
611-
612- // Credentials used by Node plugin to authenticate/authorize node
613- // unstage request.
614- // This field contains credential data, for example username and
615- // password. Each key must consist of alphanumeric characters, '-',
616- // '_' or '.'. Each value MUST contain a valid string. An SP MAY
617- // choose to accept binary (non-string) data by using a binary-to-text
618- // encoding scheme, like base64. An SP SHALL advertise the
619- // requirements for credentials in documentation. COs SHALL permit
620- // passing through the required credentials. This information is
621- // sensitive and MUST be treated as such (not logged, etc.) by the CO.
622- // This field is OPTIONAL.
623- map <string , string > node_unstage_credentials = 4 ;
624630}
625631
626632message NodeUnstageVolumeResponse {}
@@ -664,19 +670,21 @@ message NodePublishVolumeRequest {
664670 // REQUIRED.
665671 bool readonly = 7 ;
666672
667- // Credentials used by Node plugin to authenticate/authorize node
668- // publish request.
669- // This field contains credential data, for example username and
670- // password. Each key must consist of alphanumeric characters, '-',
671- // '_' or '.'. Each value MUST contain a valid string. An SP MAY
672- // choose to accept binary (non-string) data by using a binary-to-text
673- // encoding scheme, like base64. An SP SHALL advertise the
674- // requirements for credentials in documentation. COs SHALL permit
675- // passing through the required credentials. This information is
676- // sensitive and MUST be treated as such (not logged, etc.) by the CO.
673+ // Secrets required by plugin to complete node publish volume request.
674+ // A secret is a string to string map where the key identifies the
675+ // name of the secret (e.g. "username" or "password"), and the value
676+ // contains the secret data (e.g. "bob" or "abc123").
677+ // Each key MUST consist of alphanumeric characters, '-', '_' or '.'.
678+ // Each value MUST contain a valid string. An SP MAY choose to accept
679+ // binary (non-string) data by using a binary-to-text encoding scheme,
680+ // like base64.
681+ // An SP SHALL advertise the requirements for required secret keys and
682+ // values in documentation.
683+ // COs SHALL permit passing through the required secrets.
684+ // This information is sensitive and MUST be treated as such (not
685+ // logged, etc.) by the CO.
677686 // This field is OPTIONAL.
678- map <string , string > node_publish_credentials = 8 ;
679-
687+ map <string , string > node_publish_secrets = 8 ;
680688
681689 // Attributes of the volume to publish. This field is OPTIONAL and
682690 // MUST match the attributes of the Volume identified by
@@ -698,19 +706,6 @@ message NodeUnpublishVolumeRequest {
698706 // path in the root filesystem of the process serving this request.
699707 // This is a REQUIRED field.
700708 string target_path = 3 ;
701-
702- // Credentials used by Node plugin to authenticate/authorize node
703- // unpublish request.
704- // This field contains credential data, for example username and
705- // password. Each key must consist of alphanumeric characters, '-',
706- // '_' or '.'. Each value MUST contain a valid string. An SP MAY
707- // choose to accept binary (non-string) data by using a binary-to-text
708- // encoding scheme, like base64. An SP SHALL advertise the
709- // requirements for credentials in documentation. COs SHALL permit
710- // passing through the required credentials. This information is
711- // sensitive and MUST be treated as such (not logged, etc.) by the CO.
712- // This field is OPTIONAL.
713- map <string , string > node_unpublish_credentials = 4 ;
714709}
715710
716711message NodeUnpublishVolumeResponse {}
0 commit comments