Closed sijeesh closed 2 months ago
It passes CSI e2e tests, both with and without CHAP details.
However, if the CHAP credential is changed, the new credentail is leaked on the controller driver:
time="2024-04-23T00:50:20Z" level=error msg="Error controller publishing volume pvc-be32e35c-91b9-4495-9cc5-fde775da295d, err: rpc error: code = Internal desc = Failed to add ACL to volume pvc-be32e35c-91b9-4495-9cc5-fde775da295d for node &{ thirty-cpu1 e6d03e85-3685-179a-6837-6c62fcd100ed [0xc00091c2c0] [0xc00091c380 0xc00091c390 0xc00091c3a0 0xc00091c3b0] [] holler 1234567890abcdef} via CSP, err: Request failed with status code 404 and errors Error code (Not Found) and message (HTTP error response from backend {\"code\":17,\"desc\":\"host does not exist\"})" file="controller_server.go:729" time="2024-04-23T00:50:20Z" level=error msg="GRPC error: rpc error: code = Internal desc = Failed to add ACL to volume pvc-be32e35c-91b9-4495-9cc5-fde775da295d for node &{ thirty-cpu1 e6d03e85-3685-179a-6837-6c62fcd100ed [0xc00091c2c0] [0xc00091c380 0xc00091c390 0xc00091c3a0 0xc00091c3b0] [] holler 1234567890abcdef} via CSP, err: Request failed with status code 404 and errors Error code (Not Found) and message (HTTP error response from backend {\"code\":17,\"desc\":\"host does not exist\"})" file="utils.go:73"
The username is "holler" and password "1234567890abcdef" in this example.
Thanks for checking this, updated the logs to avoid logging full data of the node.
Store CHAP username and password in a secret and pass the secret name and namespace through storage class