refactor: add storageClass parameters for kerberos auth

Author: GamerGirlandCo

pkg/nfs/controllerserver.go

@@ -140,6 +140,8 @@ func (cs *ControllerServer) CreateVolume(ctx context.Context, req *csi.CreateVol
 		case pvcNamespaceKey:
 		case pvcNameKey:
 		case pvNameKey:
+		case paramKrbPrincipal:
+		case paramKrbPasswordSecret:
 			// no op
 		case mountPermissionsField:
 			if v != "" {

pkg/nfs/nfs.go

@@ -73,17 +73,21 @@ const (
 	// The base directory must be a direct child of the root directory.
 	// The root directory is omitted from the string, for example:
 	//     "base" instead of "/base"
-	paramShare            = "share"
-	paramSubDir           = "subdir"
-	paramOnDelete         = "ondelete"
-	mountOptionsField     = "mountoptions"
-	mountPermissionsField = "mountpermissions"
-	pvcNameKey            = "csi.storage.k8s.io/pvc/name"
-	pvcNamespaceKey       = "csi.storage.k8s.io/pvc/namespace"
-	pvNameKey             = "csi.storage.k8s.io/pv/name"
-	pvcNameMetadata       = "${pvc.metadata.name}"
-	pvcNamespaceMetadata  = "${pvc.metadata.namespace}"
-	pvNameMetadata        = "${pv.metadata.name}"
+	paramShare  = "share"
+	paramSubDir = "subdir"
+	// Kerberos principal to use when mounting with `-o sec=krb5*`
+	paramKrbPrincipal = "authprincipal"
+	// name of a secret containing the Kerberos password to use when authenticating
+	paramKrbPasswordSecret = "authpasswordsecret"
+	paramOnDelete          = "ondelete"
+	mountOptionsField      = "mountoptions"
+	mountPermissionsField  = "mountpermissions"
+	pvcNameKey             = "csi.storage.k8s.io/pvc/name"
+	pvcNamespaceKey        = "csi.storage.k8s.io/pvc/namespace"
+	pvNameKey              = "csi.storage.k8s.io/pv/name"
+	pvcNameMetadata        = "${pvc.metadata.name}"
+	pvcNamespaceMetadata   = "${pvc.metadata.namespace}"
+	pvNameMetadata         = "${pv.metadata.name}"
 )
 
 func NewDriver(options *DriverOptions) *Driver {

pkg/nfs/nodeserver.go

@@ -68,6 +68,7 @@ func (ns *NodeServer) NodePublishVolume(_ context.Context, req *csi.NodePublishV
 	}
 
 	var server, baseDir, subDir string
+	var krbPwd, krbPrinc string
 	subDirReplaceMap := map[string]string{}
 
 	mountPermissions := ns.Driver.mountPermissions
@@ -79,6 +80,12 @@ func (ns *NodeServer) NodePublishVolume(_ context.Context, req *csi.NodePublishV
 			baseDir = v
 		case paramSubDir:
 			subDir = v
+		case paramKrbPrincipal:
+			krbPrinc = v
+		case paramKrbPasswordSecret:
+			if v != "" {
+				krbPwd = req.GetSecrets()[v]
+			}
 		case pvcNamespaceKey:
 			subDirReplaceMap[pvcNamespaceMetadata] = v
 		case pvcNameKey: