Skip to content

Clarify wording and naming of credentials in CSI #201

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Feb 23, 2018
Merged

Clarify wording and naming of credentials in CSI #201

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
199 changes: 106 additions & 93 deletions csi.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -196,18 +196,24 @@ message CreateVolumeRequest {
// validating these parameters. COs will treat these as opaque.
map<string, string> parameters = 5;

// Credentials used by Controller plugin to authenticate/authorize
// volume creation request.
// This field contains credential data, for example username and
// password. Each key must consist of alphanumeric characters, '-',
// '_' or '.'. Each value MUST contain a valid string. An SP MAY
// choose to accept binary (non-string) data by using a binary-to-text
// encoding scheme, like base64. An SP SHALL advertise the
// requirements for credentials in documentation. COs SHALL permit
// passing through the required credentials. This information is
// sensitive and MUST be treated as such (not logged, etc.) by the CO.
// Secrets required by plugin to complete volume creation request.
// A secret is a string to string map where the key identifies the
// name of the secret (e.g. "username" or "password"), and the value
// contains the secret data (e.g. "bob" or "abc123").
// Each key MUST consist of alphanumeric characters, '-', '_' or '.'.
// Each value MUST contain a valid string. An SP MAY choose to accept
// binary (non-string) data by using a binary-to-text encoding scheme,
// like base64.
// An SP SHALL advertise the requirements for required secret keys and
// values in documentation.
// CO SHALL permit passing through the required secrets.
// A CO MAY pass the same secrets to all RPCs, therefore the keys for
// all unique secrets that an SP expects must be unique across all CSI
// operations.
// This information is sensitive and MUST be treated as such (not
// logged, etc.) by the CO.
// This field is OPTIONAL.
map<string, string> controller_create_credentials = 6;
map<string, string> controller_create_secrets = 6;
}

message CreateVolumeResponse {
Expand Down Expand Up @@ -326,18 +332,24 @@ message DeleteVolumeRequest {
// This field is REQUIRED.
string volume_id = 2;

// Credentials used by Controller plugin to authenticate/authorize
// volume deletion request.
// This field contains credential data, for example username and
// password. Each key must consist of alphanumeric characters, '-',
// '_' or '.'. Each value MUST contain a valid string. An SP MAY
// choose to accept binary (non-string) data by using a binary-to-text
// encoding scheme, like base64. An SP SHALL advertise the
// requirements for credentials in documentation. COs SHALL permit
// passing through the required credentials. This information is
// sensitive and MUST be treated as such (not logged, etc.) by the CO.
// Secrets required by plugin to complete volume deletion request.
// A secret is a string to string map where the key identifies the
// name of the secret (e.g. "username" or "password"), and the value
// contains the secret data (e.g. "bob" or "abc123").
// Each key MUST consist of alphanumeric characters, '-', '_' or '.'.
// Each value MUST contain a valid string. An SP MAY choose to accept
// binary (non-string) data by using a binary-to-text encoding scheme,
// like base64.
// An SP SHALL advertise the requirements for required secret keys and
// values in documentation.
// CO SHALL permit passing through the required secrets.
// A CO MAY pass the same secrets to all RPCs, therefore the keys for
// all unique secrets that an SP expects must be unique across all CSI
// operations.
// This information is sensitive and MUST be treated as such (not
// logged, etc.) by the CO.
// This field is OPTIONAL.
map<string, string> controller_delete_credentials = 3;
map<string, string> controller_delete_secrets = 3;
}

message DeleteVolumeResponse {}
Expand All @@ -363,18 +375,25 @@ message ControllerPublishVolumeRequest {
// REQUIRED.
bool readonly = 5;

// Credentials used by Controller plugin to authenticate/authorize
// controller publish request.
// This field contains credential data, for example username and
// password. Each key must consist of alphanumeric characters, '-',
// '_' or '.'. Each value MUST contain a valid string. An SP MAY
// choose to accept binary (non-string) data by using a binary-to-text
// encoding scheme, like base64. An SP SHALL advertise the
// requirements for credentials in documentation. COs SHALL permit
// passing through the required credentials. This information is
// sensitive and MUST be treated as such (not logged, etc.) by the CO.
// Secrets required by plugin to complete controller publish volume
// request.
// A secret is a string to string map where the key identifies the
// name of the secret (e.g. "username" or "password"), and the value
// contains the secret data (e.g. "bob" or "abc123").
// Each key MUST consist of alphanumeric characters, '-', '_' or '.'.
// Each value MUST contain a valid string. An SP MAY choose to accept
// binary (non-string) data by using a binary-to-text encoding scheme,
// like base64.
// An SP SHALL advertise the requirements for required secret keys and
// values in documentation.
// CO SHALL permit passing through the required secrets.
// A CO MAY pass the same secrets to all RPCs, therefore the keys for
// all unique secrets that an SP expects must be unique across all CSI
// operations.
// This information is sensitive and MUST be treated as such (not
// logged, etc.) by the CO.
// This field is OPTIONAL.
map<string, string> controller_publish_credentials = 6;
map<string, string> controller_publish_secrets = 6;

// Attributes of the volume to be used on a node. This field is
// OPTIONAL and MUST match the attributes of the Volume identified
Expand Down Expand Up @@ -405,18 +424,27 @@ message ControllerUnpublishVolumeRequest {
// the volume from all nodes it is published to.
string node_id = 3;

// Credentials used by Controller plugin to authenticate/authorize
// controller unpublish request.
// This field contains credential data, for example username and
// password. Each key must consist of alphanumeric characters, '-',
// '_' or '.'. Each value MUST contain a valid string. An SP MAY
// choose to accept binary (non-string) data by using a binary-to-text
// encoding scheme, like base64. An SP SHALL advertise the
// requirements for credentials in documentation. COs SHALL permit
// passing through the required credentials. This information is
// sensitive and MUST be treated as such (not logged, etc.) by the CO.
// Secrets required by plugin to complete controller unpublish volume
// request. This SHOULD be the same secrets passed to the
// ControllerPublishVolume.
// call for the specified volume.
// A secret is a string to string map where the key identifies the
// name of the secret (e.g. "username" or "password"), and the value
// contains the secret data (e.g. "bob" or "abc123").
// Each key MUST consist of alphanumeric characters, '-', '_' or '.'.
// Each value MUST contain a valid string. An SP MAY choose to accept
// binary (non-string) data by using a binary-to-text encoding scheme,
// like base64.
// An SP SHALL advertise the requirements for required secret keys and
// values in documentation.
// CO SHALL permit passing through the required secrets.
// A CO MAY pass the same secrets to all RPCs, therefore the keys for
// all unique secrets that an SP expects must be unique across all CSI
// operations.
// This information is sensitive and MUST be treated as such (not
// logged, etc.) by the CO.
// This field is OPTIONAL.
map<string, string> controller_unpublish_credentials = 4;
map<string, string> controller_unpublish_secrets = 4;
}

message ControllerUnpublishVolumeResponse {}
Expand Down Expand Up @@ -575,18 +603,24 @@ message NodeStageVolumeRequest {
// This is a REQUIRED field.
VolumeCapability volume_capability = 5;

// Credentials used by Node plugin to authenticate/authorize node
// stage request.
// This field contains credential data, for example username and
// password. Each key must consist of alphanumeric characters, '-',
// '_' or '.'. Each value MUST contain a valid string. An SP MAY
// choose to accept binary (non-string) data by using a binary-to-text
// encoding scheme, like base64. An SP SHALL advertise the
// requirements for credentials in documentation. COs SHALL permit
// passing through the required credentials. This information is
// sensitive and MUST be treated as such (not logged, etc.) by the CO.
// Secrets required by plugin to complete node stage volume request.
// A secret is a string to string map where the key identifies the
// name of the secret (e.g. "username" or "password"), and the value
// contains the secret data (e.g. "bob" or "abc123").
// Each key MUST consist of alphanumeric characters, '-', '_' or '.'.
// Each value MUST contain a valid string. An SP MAY choose to accept
// binary (non-string) data by using a binary-to-text encoding scheme,
// like base64.
// An SP SHALL advertise the requirements for required secret keys and
// values in documentation.
// CO SHALL permit passing through the required secrets.
// A CO MAY pass the same secrets to all RPCs, therefore the keys for
// all unique secrets that an SP expects must be unique across all CSI
// operations.
// This information is sensitive and MUST be treated as such (not
// logged, etc.) by the CO.
// This field is OPTIONAL.
map<string, string> node_stage_credentials = 6;
map<string, string> node_stage_secrets = 6;

// Attributes of the volume to publish. This field is OPTIONAL and
// MUST match the attributes of the VolumeInfo identified by
Expand All @@ -608,19 +642,6 @@ message NodeUnstageVolumeRequest {
// path in the root filesystem of the process serving this request.
// This is a REQUIRED field.
string staging_target_path = 3;

// Credentials used by Node plugin to authenticate/authorize node
// unstage request.
// This field contains credential data, for example username and
// password. Each key must consist of alphanumeric characters, '-',
// '_' or '.'. Each value MUST contain a valid string. An SP MAY
// choose to accept binary (non-string) data by using a binary-to-text
// encoding scheme, like base64. An SP SHALL advertise the
// requirements for credentials in documentation. COs SHALL permit
// passing through the required credentials. This information is
// sensitive and MUST be treated as such (not logged, etc.) by the CO.
// This field is OPTIONAL.
map<string, string> node_unstage_credentials = 4;
}

message NodeUnstageVolumeResponse {}
Expand Down Expand Up @@ -664,19 +685,24 @@ message NodePublishVolumeRequest {
// REQUIRED.
bool readonly = 7;

// Credentials used by Node plugin to authenticate/authorize node
// publish request.
// This field contains credential data, for example username and
// password. Each key must consist of alphanumeric characters, '-',
// '_' or '.'. Each value MUST contain a valid string. An SP MAY
// choose to accept binary (non-string) data by using a binary-to-text
// encoding scheme, like base64. An SP SHALL advertise the
// requirements for credentials in documentation. COs SHALL permit
// passing through the required credentials. This information is
// sensitive and MUST be treated as such (not logged, etc.) by the CO.
// Secrets required by plugin to complete node publish volume request.
// A secret is a string to string map where the key identifies the
// name of the secret (e.g. "username" or "password"), and the value
// contains the secret data (e.g. "bob" or "abc123").
// Each key MUST consist of alphanumeric characters, '-', '_' or '.'.
// Each value MUST contain a valid string. An SP MAY choose to accept
// binary (non-string) data by using a binary-to-text encoding scheme,
// like base64.
// An SP SHALL advertise the requirements for required secret keys and
// values in documentation.
// CO SHALL permit passing through the required secrets.
// A CO MAY pass the same secrets to all RPCs, therefore the keys for
// all unique secrets that an SP expects must be unique across all CSI
// operations.
// This information is sensitive and MUST be treated as such (not
// logged, etc.) by the CO.
// This field is OPTIONAL.
map<string, string> node_publish_credentials = 8;

map<string, string> node_publish_secrets = 8;

// Attributes of the volume to publish. This field is OPTIONAL and
// MUST match the attributes of the Volume identified by
Expand All @@ -698,19 +724,6 @@ message NodeUnpublishVolumeRequest {
// path in the root filesystem of the process serving this request.
// This is a REQUIRED field.
string target_path = 3;

// Credentials used by Node plugin to authenticate/authorize node
// unpublish request.
// This field contains credential data, for example username and
// password. Each key must consist of alphanumeric characters, '-',
// '_' or '.'. Each value MUST contain a valid string. An SP MAY
// choose to accept binary (non-string) data by using a binary-to-text
// encoding scheme, like base64. An SP SHALL advertise the
// requirements for credentials in documentation. COs SHALL permit
// passing through the required credentials. This information is
// sensitive and MUST be treated as such (not logged, etc.) by the CO.
// This field is OPTIONAL.
map<string, string> node_unpublish_credentials = 4;
}

message NodeUnpublishVolumeResponse {}
Expand Down
Loading