From 9b2b07894c0a67302610eb76a8ee341785815f51 Mon Sep 17 00:00:00 2001 From: Clayton Black Date: Tue, 10 Dec 2019 20:42:48 -0500 Subject: [PATCH 1/2] Update cifs add code to check for domain in secrets add code to add domain to $mountOptions if domain in secrets change debugging to use bool variable instead of comments. This makes it easier to include debug logging through out the script. --- cifs | 38 +++++++++++++++++++++++++++++++++++--- 1 file changed, 35 insertions(+), 3 deletions(-) diff --git a/cifs b/cifs index 040674e..e0d5480 100755 --- a/cifs +++ b/cifs @@ -50,9 +50,13 @@ set -u # -------------------------------------------------------------------- # Uncomment the following lines to see how this plugin is called: -# echo >> /tmp/cifs.log -# date >> /tmp/cifs.log -# echo "$@" >> /tmp/cifs.log +debug=false + +if [ "$debug" = true ] ; then + echo >> /tmp/cifs.log + date >> /tmp/cifs.log + echo "$@" >> /tmp/cifs.log +fi init() { assertBinaryInstalled mount.cifs cifs-utils @@ -106,6 +110,34 @@ doMount() { if [[ $? -ne 0 ]] ; then errorExit "cifs mount: password not found. the flexVolume definition must contain a secretRef to a secret with username and password." fi + + if ! cifsDomainBase64="$(jq --raw-output -e '.["kubernetes.io/secret/domain"]' <<< "$json" 2>/dev/null)" ; then + errorExit "cifs mount: error retrieving domain from secret" + fi + + if [[ -n "$cifsDomainBase64" ]] ; then + if [ "$debug" = true ] ; then + echo "cifsDomainBase64: $cifsDomainBase64" >> /tmp/cifs.log + fi + + if ! cifsDomain="$(base64 --decode <<< "$cifsDomainBase64" 2>/dev/null)" ; then + errorExit "cifs mount: domain secret is not base64 encoded." + fi + + if [ "$debug" = true ] ; then + echo "cifsDomain: $cifsDomain" >> /tmp/cifs.log + echo "mountOptions before adding domain: $mountOptions" >> /tmp/cifs.log + fi + + if ! mountOptions="${mountOptions},domain=${cifsDomain}" ; then + errorExit "cifs mount: error appending domain to mountOptions" + fi + + if [ "$debug" = true ] ; then + echo "mountOptions: $mountOptions" >> /tmp/cifs.log + fi + fi + cifsUsername="$(base64 --decode <<< "$cifsUsernameBase64" 2>/dev/null)" if [[ $? -ne 0 ]] ; then errorExit "cifs mount: username secret is not base64 encoded." From 568155ba054e80ff1c7d912cffcae630cac571ad Mon Sep 17 00:00:00 2001 From: Clayton Black Date: Wed, 11 Dec 2019 09:31:02 -0500 Subject: [PATCH 2/2] Update README.md update README.md to include domain options. --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2f10481..155748f 100644 --- a/README.md +++ b/README.md @@ -44,14 +44,15 @@ It should output a JSON string containing `"status": "Success"`. This command is Running ------- -The plugin takes the CIFS username and password from a [Kubernetes Secret][15]. To create the secret, you first have to convert your username and password to base64 encoding: +The plugin takes the CIFS username, password, and optionally domain from a [Kubernetes Secret][15]. To create the secret, you first have to convert your username, domain, and password to base64 encoding: ```bash echo -n username | base64 echo -n password | base64 +echo -n domain | base64 # optional ``` -Then, create a file `secret.yml` and use the ouput of the above commands as username and password: +Then, create a file `secret.yml` and use the ouput of the above commands as username, domain, and password: ```yaml apiVersion: v1 @@ -63,6 +64,7 @@ type: fstab/cifs data: username: 'ZXhhbXBsZQ==' password: 'bXktc2VjcmV0LXBhc3N3b3Jk' + domain: 'ZG9tYWluLmNvbQ==' # optional ``` Apply the secret: