[manila-csi-plugin] Add cephfs-clientID to volume parameters (kuberne…

…tes#1519)

* added cephfs-clientID to ControllerVolumeContext options

* cephfs: try to create access rules with access_to=cephfs-clientID

* updated docs

docs/manila-csi-plugin/using-manila-csi-plugin.md

@@ -50,6 +50,7 @@ Parameter | Required | Description
 `availability` | _no_ | Manila availability zone of the provisioned share. If none is provided, the default Manila zone will be used. Note that this parameter is opaque to the CO and does not influence placement of workloads that will consume this share, meaning they may be scheduled onto any node of the cluster. If the specified Manila AZ is not equally accessible from all compute nodes of the cluster, use [Topology-aware dynamic provisioning](#topology-aware-dynamic-provisioning).
 `appendShareMetadata` | _no_ | Append user-defined metadata to the provisioned share. If not empty, this field must be a string with a valid JSON object. The object must consist of key-value pairs of type string. Example: `"{..., \"key\": \"value\"}"`.
 `cephfs-mounter` | _no_ | Relevant for CephFS Manila shares. Specifies which mounting method to use with the CSI CephFS driver. Available options are `kernel` and `fuse`, defaults to `fuse`. See [CSI CephFS docs](https://github.com/ceph/ceph-csi/blob/csi-v1.0/docs/deploy-cephfs.md#configuration) for further information.
+`cephfs-clientID` | _no_ | Relevant for CephFS Manila shares. Specifies the cephx client ID when creating an access rule for the provisioned share. The same cephx client ID may be shared with multiple Manila shares. If no value is provided, client ID for the provisioned Manila share will be set to some unique value (PersistentVolume name).
 `nfs-shareClient` | _no_ | Relevant for NFS Manila shares. Specifies what address has access to the NFS share. Defaults to `0.0.0.0/0`, i.e. anyone. 
 
 ### Node Service volume context

pkg/csi/manila/options/shareoptions.go

@@ -30,6 +30,7 @@ type ControllerVolumeContext struct {
 	// Adapter options
 
 	CephfsMounter  string `name:"cephfs-mounter" value:"default:fuse" matches:"^kernel|fuse$"`
+	CephfsClientID string `name:"cephfs-clientID" value:"optional"`
 	NFSShareClient string `name:"nfs-shareClient" value:"default:0.0.0.0/0"`
 }
 

pkg/csi/manila/shareadapters/cephfs.go

@@ -36,6 +36,11 @@ func (Cephfs) GetOrGrantAccess(args *GrantAccessArgs) (accessRight *shares.Acces
 
 	var rights []shares.AccessRight
 
+	accessTo := args.Options.CephfsClientID
+	if accessTo == "" {
+		accessTo = args.Share.Name
+	}
+
 	rights, err = args.ManilaClient.GetAccessRights(args.Share.ID)
 	if err != nil {
 		if _, ok := err.(gophercloud.ErrResourceNotFound); !ok {
@@ -45,7 +50,7 @@ func (Cephfs) GetOrGrantAccess(args *GrantAccessArgs) (accessRight *shares.Acces
 		// Try to find the access right
 
 		for _, r := range rights {
-			if r.AccessTo == args.Share.Name && r.AccessType == "cephx" && r.AccessLevel == "rw" {
+			if r.AccessTo == accessTo && r.AccessType == "cephx" && r.AccessLevel == "rw" {
 				klog.V(4).Infof("cephx access right for share %s already exists", args.Share.Name)
 
 				accessRight = &r
@@ -60,7 +65,7 @@ func (Cephfs) GetOrGrantAccess(args *GrantAccessArgs) (accessRight *shares.Acces
 		accessRight, err = args.ManilaClient.GrantAccess(args.Share.ID, shares.GrantAccessOpts{
 			AccessType:  "cephx",
 			AccessLevel: "rw",
-			AccessTo:    args.Share.Name,
+			AccessTo:    accessTo,
 		})
 
 		if err != nil {
@@ -90,7 +95,7 @@ func (Cephfs) GetOrGrantAccess(args *GrantAccessArgs) (accessRight *shares.Acces
 		var accessRight *shares.AccessRight
 
 		for i := range rights {
-			if rights[i].AccessTo == args.Share.Name {
+			if rights[i].AccessTo == accessTo {
 				accessRight = &rights[i]
 				break
 			}