Skip to content

Add domain as optional secret to include for cifs mount. #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
cblack34 wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Add domain as optional secret to include for cifs mount. #13

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9b2b078
Update cifs
cblack34 Dec 11, 2019
568155b
Update README.md
cblack34 Dec 11, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,14 +44,15 @@ It should output a JSON string containing `"status": "Success"`. This command is
Running
-------

The plugin takes the CIFS username and password from a [Kubernetes Secret][15]. To create the secret, you first have to convert your username and password to base64 encoding:
The plugin takes the CIFS username, password, and optionally domain from a [Kubernetes Secret][15]. To create the secret, you first have to convert your username, domain, and password to base64 encoding:

```bash
echo -n username | base64
echo -n password | base64
echo -n domain | base64 # optional
```

Then, create a file `secret.yml` and use the ouput of the above commands as username and password:
Then, create a file `secret.yml` and use the ouput of the above commands as username, domain, and password:

```yaml
apiVersion: v1
Expand All @@ -63,6 +64,7 @@ type: fstab/cifs
data:
username: 'ZXhhbXBsZQ=='
password: 'bXktc2VjcmV0LXBhc3N3b3Jk'
domain: 'ZG9tYWluLmNvbQ==' # optional
```

Apply the secret:
Expand Down
38 changes: 35 additions & 3 deletions cifs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,9 +50,13 @@ set -u
# --------------------------------------------------------------------

# Uncomment the following lines to see how this plugin is called:
# echo >> /tmp/cifs.log
# date >> /tmp/cifs.log
# echo "$@" >> /tmp/cifs.log
debug=false

if [ "$debug" = true ] ; then
echo >> /tmp/cifs.log
date >> /tmp/cifs.log
echo "$@" >> /tmp/cifs.log
fi

init() {
assertBinaryInstalled mount.cifs cifs-utils
Expand Down Expand Up @@ -106,6 +110,34 @@ doMount() {
if [[ $? -ne 0 ]] ; then
errorExit "cifs mount: password not found. the flexVolume definition must contain a secretRef to a secret with username and password."
fi

if ! cifsDomainBase64="$(jq --raw-output -e '.["kubernetes.io/secret/domain"]' <<< "$json" 2>/dev/null)" ; then
errorExit "cifs mount: error retrieving domain from secret"
fi

if [[ -n "$cifsDomainBase64" ]] ; then
if [ "$debug" = true ] ; then
echo "cifsDomainBase64: $cifsDomainBase64" >> /tmp/cifs.log
fi

if ! cifsDomain="$(base64 --decode <<< "$cifsDomainBase64" 2>/dev/null)" ; then
errorExit "cifs mount: domain secret is not base64 encoded."
fi

if [ "$debug" = true ] ; then
echo "cifsDomain: $cifsDomain" >> /tmp/cifs.log
echo "mountOptions before adding domain: $mountOptions" >> /tmp/cifs.log
fi

if ! mountOptions="${mountOptions},domain=${cifsDomain}" ; then
errorExit "cifs mount: error appending domain to mountOptions"
fi

if [ "$debug" = true ] ; then
echo "mountOptions: $mountOptions" >> /tmp/cifs.log
fi
fi

cifsUsername="$(base64 --decode <<< "$cifsUsernameBase64" 2>/dev/null)"
if [[ $? -ne 0 ]] ; then
errorExit "cifs mount: username secret is not base64 encoded."
Expand Down