e2e test for sas token

pkg/blob/blob.go

@@ -283,10 +283,10 @@ func GetContainerInfo(id string) (string, string, string, string, error) {
 }
 
 // A container name must be a valid DNS name, conforming to the following naming rules:
-//	1. Container names must start with a letter or number, and can contain only letters, numbers, and the dash (-) character.
-//	2. Every dash (-) character must be immediately preceded and followed by a letter or number; consecutive dashes are not permitted in container names.
-//	3. All letters in a container name must be lowercase.
-//	4. Container names must be from 3 through 63 characters long.
+//  1. Container names must start with a letter or number, and can contain only letters, numbers, and the dash (-) character.
+//  2. Every dash (-) character must be immediately preceded and followed by a letter or number; consecutive dashes are not permitted in container names.
+//  3. All letters in a container name must be lowercase.
+//  4. Container names must be from 3 through 63 characters long.
 //
 // See https://docs.microsoft.com/en-us/rest/api/storageservices/naming-and-referencing-containers--blobs--and-metadata#container-names
 func getValidContainerName(volumeName, protocol string) string {
@@ -317,7 +317,7 @@ func checkContainerNameBeginAndEnd(containerName string) bool {
 
 // isSASToken checks if the key contains the patterns. Because a SAS Token must have these strings, use them to judge.
 func isSASToken(key string) bool {
-	return strings.Contains(key, "?sv=")
+	return strings.HasPrefix(key, "?")
 }
 
 // GetAuthEnv return <accountName, containerName, authEnv, error>
@@ -681,9 +681,9 @@ func setAzureCredentials(kubeClient kubernetes.Interface, accountName, accountKe
 }
 
 // GetStorageAccesskey get Azure storage account key from
-// 	1. secrets (if not empty)
-// 	2. use k8s client identity to read from k8s secret
-// 	3. use cluster identity to get from storage account directly
+//  1. secrets (if not empty)
+//  2. use k8s client identity to read from k8s secret
+//  3. use cluster identity to get from storage account directly
 func (d *Driver) GetStorageAccesskey(ctx context.Context, accountOptions *azure.AccountOptions, secrets map[string]string, secretName, secretNamespace string) (string, string, error) {
 	if len(secrets) > 0 {
 		return getStorageAccount(secrets)

test/e2e/pre_provisioning_test.go

@@ -24,6 +24,7 @@ import (
 	"sigs.k8s.io/blob-csi-driver/test/e2e/driver"
 	"sigs.k8s.io/blob-csi-driver/test/e2e/testsuites"
 
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
 	"github.com/container-storage-interface/spec/lib/go/csi"
 	"github.com/onsi/ginkgo"
 	v1 "k8s.io/api/core/v1"
@@ -290,6 +291,42 @@ var _ = ginkgo.Describe("[blob-csi-e2e] Pre-Provisioned", func() {
 		}
 		test.Run(cs, ns)
 	})
+
+	ginkgo.It("should use SAS token", func() {
+		req := makeCreateVolumeReq("pre-provisioned-sas-token", ns.Name)
+		resp, err := blobDriver.CreateVolume(context.Background(), req)
+		if err != nil {
+			ginkgo.Fail(fmt.Sprintf("create volume error: %v", err))
+		}
+		volumeID = resp.Volume.VolumeId
+		ginkgo.By(fmt.Sprintf("Successfully provisioned blob volume: %q\n", volumeID))
+
+		pods := []testsuites.PodDetails{
+			{
+				Cmd: "echo 'hello world' > /mnt/test-1/data && grep 'hello world' /mnt/test-1/data",
+				Volumes: []testsuites.VolumeDetails{
+					{
+						VolumeID:          volumeID,
+						FSType:            "ext4",
+						ClaimSize:         fmt.Sprintf("%dGi", defaultVolumeSize),
+						ReclaimPolicy:     to.Ptr(v1.PersistentVolumeReclaimRetain),
+						VolumeBindingMode: to.Ptr(storagev1.VolumeBindingImmediate),
+						VolumeMount: testsuites.VolumeMountDetails{
+							NameGenerate:      "test-volume-",
+							MountPathGenerate: "/mnt/test-",
+						},
+					},
+				},
+			},
+		}
+
+		test := testsuites.PreProvisionedSASTokenTest{
+			CSIDriver: testDriver,
+			Pods:      pods,
+			Driver:    blobDriver,
+		}
+		test.Run(cs, ns)
+	})
 })
 
 func makeCreateVolumeReq(volumeName, secretNamespace string) *csi.CreateVolumeRequest {