csigrpc: test with updated CSI spec

This is a copy of the CSI 1.0.0 spec and build rules with more fields
added that test various special cases, in particular the addition of
secrets in nested data structures (simple structs, lists, maps).

Author: pohly

pkg/csigrpc/secrets_test.go

@@ -21,6 +21,7 @@ import (
 	"testing"
 
 	"github.com/container-storage-interface/spec/lib/go/csi"
+	"github.com/kubernetes-csi/csi-lib-utils/test/pkg/csi-spec/csitest"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -72,13 +73,50 @@ func TestStripSecrets(t *testing.T) {
 		{false, "false"},
 		{&csi.CreateVolumeRequest{}, `{}`},
 		{createVolume, `{"accessibility_requirements":{"requisite":[{"segments":{"foo":"bar","x":"y"}},{"segments":{"a":"b"}}]},"capacity_range":{"required_bytes":1024},"name":"foo","secrets":"***stripped***","volume_capabilities":[{"AccessType":{"Mount":{"fs_type":"ext4"}}}]}`},
-
-		// There is currently no test case that can verify
-		// that recursive stripping works, because there is no
-		// message where that is necessary. The code
-		// nevertheless implements it and it has been verified
-		// manually that it recurses properly for single and
-		// repeated values. One-of might require further work.
+		{&csitest.CreateVolumeRequest{}, `{}`},
+		{&csitest.CreateVolumeRequest{
+			CapacityRange: &csitest.CapacityRange{
+				RequiredBytes: 1024,
+			},
+			MaybeSecretMap: map[int64]*csitest.VolumeCapability{
+				1: &csitest.VolumeCapability{ArraySecret: "aaa"},
+				2: &csitest.VolumeCapability{ArraySecret: "bbb"},
+			},
+			Name:         "foo",
+			NewSecretInt: 42,
+			Seecreets: map[string]string{
+				secretName:   secretValue,
+				"secret-xyz": "987",
+			},
+			VolumeCapabilities: []*csitest.VolumeCapability{
+				&csitest.VolumeCapability{
+					AccessType: &csitest.VolumeCapability_Mount{
+						Mount: &csitest.VolumeCapability_MountVolume{
+							FsType: "ext4",
+						},
+					},
+					ArraySecret: "knock knock",
+				},
+				&csitest.VolumeCapability{
+					ArraySecret: "Who's there?",
+				},
+			},
+			VolumeContentSource: &csitest.VolumeContentSource{
+				Type: &csitest.VolumeContentSource_Volume{
+					Volume: &csitest.VolumeContentSource_VolumeSource{
+						VolumeId:         "abc",
+						OneofSecretField: "hello",
+					},
+				},
+				NestedSecretField: "world",
+			},
+		},
+			// Secrets are *not* removed from all fields yet. This will have to be fixed one way or another
+			// before the CSI spec can start using secrets there (currently it doesn't).
+			// The test is still useful because it shows that also complicated fields get serialized.
+			// `{"capacity_range":{"required_bytes":1024},"maybe_secret_map":{"1":{"AccessType":null,"array_secret":"***stripped***"},"2":{"AccessType":null,"array_secret":"***stripped***"}},"name":"foo","new_secret_int":"***stripped***","seecreets":"***stripped***","volume_capabilities":[{"AccessType":{"Mount":{"fs_type":"ext4"}},"array_secret":"***stripped***"},{"AccessType":null,"array_secret":"***stripped***"}],"volume_content_source":{"Type":{"Volume":{"oneof_secret_field":"***stripped***","volume_id":"abc"}},"nested_secret_field":"***stripped***"}}`,
+			`{"capacity_range":{"required_bytes":1024},"maybe_secret_map":{"1":{"AccessType":null,"array_secret":"aaa"},"2":{"AccessType":null,"array_secret":"bbb"}},"name":"foo","new_secret_int":"***stripped***","seecreets":"***stripped***","volume_capabilities":[{"AccessType":{"Mount":{"fs_type":"ext4"}},"array_secret":"***stripped***"},{"AccessType":null,"array_secret":"***stripped***"}],"volume_content_source":{"Type":{"Volume":{"oneof_secret_field":"hello","volume_id":"abc"}},"nested_secret_field":"***stripped***"}}`,
+		},
 	}
 
 	for _, c := range cases {

test/pkg/csi-spec/.gitignore

@@ -0,0 +1,5 @@
+/protoc
+/protoc-gen-go
+/csi.a
+/.protoc
+.build

test/pkg/csi-spec/Makefile

@@ -0,0 +1,136 @@
+all: build
+
+########################################################################
+##                             GOLANG                                 ##
+########################################################################
+
+# If GOPATH isn't defined then set its default location.
+ifeq (,$(strip $(GOPATH)))
+GOPATH := $(HOME)/go
+else
+# If GOPATH is already set then update GOPATH to be its own
+# first element.
+GOPATH := $(word 1,$(subst :, ,$(GOPATH)))
+endif
+export GOPATH
+
+
+########################################################################
+##                             PROTOC                                 ##
+########################################################################
+
+# Only set PROTOC_VER if it has an empty value.
+ifeq (,$(strip $(PROTOC_VER)))
+PROTOC_VER := 3.5.1
+endif
+
+PROTOC_OS := $(shell uname -s)
+ifeq (Darwin,$(PROTOC_OS))
+PROTOC_OS := osx
+endif
+
+PROTOC_ARCH := $(shell uname -m)
+ifeq (i386,$(PROTOC_ARCH))
+PROTOC_ARCH := x86_32
+endif
+
+PROTOC := ./protoc
+PROTOC_ZIP := protoc-$(PROTOC_VER)-$(PROTOC_OS)-$(PROTOC_ARCH).zip
+PROTOC_URL := https://github.com/google/protobuf/releases/download/v$(PROTOC_VER)/$(PROTOC_ZIP)
+PROTOC_TMP_DIR := .protoc
+PROTOC_TMP_BIN := $(PROTOC_TMP_DIR)/bin/protoc
+
+$(PROTOC):
+	-mkdir -p "$(PROTOC_TMP_DIR)" && \
+	  curl -L $(PROTOC_URL) -o "$(PROTOC_TMP_DIR)/$(PROTOC_ZIP)" && \
+	  unzip "$(PROTOC_TMP_DIR)/$(PROTOC_ZIP)" -d "$(PROTOC_TMP_DIR)" && \
+	  chmod 0755 "$(PROTOC_TMP_BIN)" && \
+	  cp -f "$(PROTOC_TMP_BIN)" "$@"
+	stat "$@" > /dev/null 2>&1
+
+
+########################################################################
+##                          PROTOC-GEN-GO                             ##
+########################################################################
+
+# This is the recipe for getting and installing the go plug-in
+# for protoc
+PROTOC_GEN_GO_PKG := github.com/golang/protobuf/protoc-gen-go
+PROTOC_GEN_GO := protoc-gen-go
+$(PROTOC_GEN_GO): PROTOBUF_PKG := $(dir $(PROTOC_GEN_GO_PKG))
+$(PROTOC_GEN_GO): PROTOBUF_VERSION := v1.2.0
+$(PROTOC_GEN_GO):
+	mkdir -p $(dir $(GOPATH)/src/$(PROTOBUF_PKG))
+	test -d $(GOPATH)/src/$(PROTOBUF_PKG)/.git || git clone https://$(PROTOBUF_PKG) $(GOPATH)/src/$(PROTOBUF_PKG)
+	(cd $(GOPATH)/src/$(PROTOBUF_PKG) && \
+		(test "$$(git describe --tags | head -1)" = "$(PROTOBUF_VERSION)" || \
+			(git fetch && git checkout tags/$(PROTOBUF_VERSION))))
+	(cd $(GOPATH)/src/$(PROTOBUF_PKG) && go get -v -d $$(go list -f '{{ .ImportPath }}' ./...)) && \
+	go build -o "$@" $(PROTOC_GEN_GO_PKG)
+
+
+########################################################################
+##                              PATH                                  ##
+########################################################################
+
+# Update PATH with the current directory. This enables the protoc
+# binary to discover the protoc-gen-go binary, built inside this
+# directory.
+export PATH := $(shell pwd):$(PATH)
+
+
+########################################################################
+##                              BUILD                                 ##
+########################################################################
+CSI_PROTO := ./csitest.proto
+CSI_PKG_ROOT := github.com/kubernetes-csi/csi-lib-utils/test/pkg/csi-spec
+CSI_PKG_SUB := $(shell cat $(CSI_PROTO) | sed -n -e 's/^package.\([^;]*\).v[0-9]\+;$$/\1/p'|tr '.' '/')
+CSI_BUILD := $(CSI_PKG_SUB)/.build
+CSI_GO := $(CSI_PKG_SUB)/csitest.pb.go
+CSI_A := csi.a
+CSI_GO_TMP := $(CSI_BUILD)/$(CSI_PKG_ROOT)/csitest.pb.go
+
+# This recipe generates the go language bindings to a temp area.
+$(CSI_GO_TMP): HERE := $(shell pwd)
+$(CSI_GO_TMP): PTYPES_PKG := github.com/golang/protobuf/ptypes
+$(CSI_GO_TMP): GO_OUT := plugins=grpc
+$(CSI_GO_TMP): GO_OUT := $(GO_OUT),Mgoogle/protobuf/descriptor.proto=github.com/golang/protobuf/protoc-gen-go/descriptor
+$(CSI_GO_TMP): GO_OUT := $(GO_OUT),Mgoogle/protobuf/wrappers.proto=$(PTYPES_PKG)/wrappers
+$(CSI_GO_TMP): GO_OUT := $(GO_OUT):"$(HERE)/$(CSI_BUILD)"
+$(CSI_GO_TMP): INCLUDE := -I$(GOPATH)/src -I$(HERE)/$(PROTOC_TMP_DIR)/include
+$(CSI_GO_TMP): $(CSI_PROTO) | $(PROTOC) $(PROTOC_GEN_GO)
+	@mkdir -p "$(@D)"
+	(cd "$(GOPATH)/src" && \
+		$(HERE)/$(PROTOC) $(INCLUDE) --go_out=$(GO_OUT) "$(CSI_PKG_ROOT)/$(<F)")
+
+# The temp language bindings are compared to the ones that are
+# versioned. If they are different then it means the language
+# bindings were not updated prior to being committed.
+$(CSI_GO): $(CSI_GO_TMP)
+ifeq (true,$(TRAVIS))
+	diff "$@" "$?"
+else
+	@mkdir -p "$(@D)"
+	diff "$@" "$?" > /dev/null 2>&1 || cp -f "$?" "$@"
+endif
+
+# This recipe builds the Go archive from the sources in three steps:
+#
+#   1. Go get any missing dependencies.
+#   2. Cache the packages.
+#   3. Build the archive file.
+$(CSI_A): $(CSI_GO)
+	go get -v -d ./...
+	go install ./$(CSI_PKG_SUB)
+	go build -o "$@" ./$(CSI_PKG_SUB)
+
+build: $(CSI_A)
+
+clean:
+	go clean -i ./...
+	rm -rf "$(CSI_A)" "$(CSI_GO)" "$(CSI_BUILD)"
+
+clobber: clean
+	rm -fr "$(PROTOC)" "$(PROTOC_GEN_GO)" "$(CSI_PKG_SUB)" "$(PROTOC_TMP_DIR)"
+
+.PHONY: clean clobber

test/pkg/csi-spec/README.md

@@ -0,0 +1,2 @@
+This is a *modified* version of the CSI 1.0.0 spec. It's only purpose is
+to test the stripping of secret fields.