diff --git a/docs/manila-csi-plugin/using-manila-csi-plugin.md b/docs/manila-csi-plugin/using-manila-csi-plugin.md index 412a5f0265..f582322afc 100644 --- a/docs/manila-csi-plugin/using-manila-csi-plugin.md +++ b/docs/manila-csi-plugin/using-manila-csi-plugin.md @@ -50,6 +50,7 @@ Parameter | Required | Description `availability` | _no_ | Manila availability zone of the provisioned share. If none is provided, the default Manila zone will be used. Note that this parameter is opaque to the CO and does not influence placement of workloads that will consume this share, meaning they may be scheduled onto any node of the cluster. If the specified Manila AZ is not equally accessible from all compute nodes of the cluster, use [Topology-aware dynamic provisioning](#topology-aware-dynamic-provisioning). `appendShareMetadata` | _no_ | Append user-defined metadata to the provisioned share. If not empty, this field must be a string with a valid JSON object. The object must consist of key-value pairs of type string. Example: `"{..., \"key\": \"value\"}"`. `cephfs-mounter` | _no_ | Relevant for CephFS Manila shares. Specifies which mounting method to use with the CSI CephFS driver. Available options are `kernel` and `fuse`, defaults to `fuse`. See [CSI CephFS docs](https://github.com/ceph/ceph-csi/blob/csi-v1.0/docs/deploy-cephfs.md#configuration) for further information. +`cephfs-clientID` | _no_ | Relevant for CephFS Manila shares. Specifies the cephx client ID when creating an access rule for the provisioned share. The same cephx client ID may be shared with multiple Manila shares. If no value is provided, client ID for the provisioned Manila share will be set to some unique value (PersistentVolume name). `nfs-shareClient` | _no_ | Relevant for NFS Manila shares. Specifies what address has access to the NFS share. Defaults to `0.0.0.0/0`, i.e. anyone. ### Node Service volume context diff --git a/pkg/csi/manila/options/shareoptions.go b/pkg/csi/manila/options/shareoptions.go index e4d94a5116..4d744d9422 100644 --- a/pkg/csi/manila/options/shareoptions.go +++ b/pkg/csi/manila/options/shareoptions.go @@ -30,6 +30,7 @@ type ControllerVolumeContext struct { // Adapter options CephfsMounter string `name:"cephfs-mounter" value:"default:fuse" matches:"^kernel|fuse$"` + CephfsClientID string `name:"cephfs-clientID" value:"optional"` NFSShareClient string `name:"nfs-shareClient" value:"default:0.0.0.0/0"` } diff --git a/pkg/csi/manila/shareadapters/cephfs.go b/pkg/csi/manila/shareadapters/cephfs.go index f1a2c5ee71..5ff1bafec0 100644 --- a/pkg/csi/manila/shareadapters/cephfs.go +++ b/pkg/csi/manila/shareadapters/cephfs.go @@ -36,6 +36,11 @@ func (Cephfs) GetOrGrantAccess(args *GrantAccessArgs) (accessRight *shares.Acces var rights []shares.AccessRight + accessTo := args.Options.CephfsClientID + if accessTo == "" { + accessTo = args.Share.Name + } + rights, err = args.ManilaClient.GetAccessRights(args.Share.ID) if err != nil { if _, ok := err.(gophercloud.ErrResourceNotFound); !ok { @@ -45,7 +50,7 @@ func (Cephfs) GetOrGrantAccess(args *GrantAccessArgs) (accessRight *shares.Acces // Try to find the access right for _, r := range rights { - if r.AccessTo == args.Share.Name && r.AccessType == "cephx" && r.AccessLevel == "rw" { + if r.AccessTo == accessTo && r.AccessType == "cephx" && r.AccessLevel == "rw" { klog.V(4).Infof("cephx access right for share %s already exists", args.Share.Name) accessRight = &r @@ -60,7 +65,7 @@ func (Cephfs) GetOrGrantAccess(args *GrantAccessArgs) (accessRight *shares.Acces accessRight, err = args.ManilaClient.GrantAccess(args.Share.ID, shares.GrantAccessOpts{ AccessType: "cephx", AccessLevel: "rw", - AccessTo: args.Share.Name, + AccessTo: accessTo, }) if err != nil { @@ -90,7 +95,7 @@ func (Cephfs) GetOrGrantAccess(args *GrantAccessArgs) (accessRight *shares.Acces var accessRight *shares.AccessRight for i := range rights { - if rights[i].AccessTo == args.Share.Name { + if rights[i].AccessTo == accessTo { accessRight = &rights[i] break }