k8s.io/kubernetes@v1.29.3/pkg/api/v1/persistentvolume/util.go (about) 1 /* 2 Copyright 2017 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package persistentvolume 18 19 import ( 20 corev1 "k8s.io/api/core/v1" 21 ) 22 23 func getClaimRefNamespace(pv *corev1.PersistentVolume) string { 24 if pv.Spec.ClaimRef != nil { 25 return pv.Spec.ClaimRef.Namespace 26 } 27 return "" 28 } 29 30 // Visitor is called with each object's namespace and name, and returns true if visiting should continue 31 type Visitor func(namespace, name string, kubeletVisible bool) (shouldContinue bool) 32 33 func skipEmptyNames(visitor Visitor) Visitor { 34 return func(namespace, name string, kubeletVisible bool) bool { 35 if len(name) == 0 { 36 // continue visiting 37 return true 38 } 39 // delegate to visitor 40 return visitor(namespace, name, kubeletVisible) 41 } 42 } 43 44 // VisitPVSecretNames invokes the visitor function with the name of every secret 45 // referenced by the PV spec. If visitor returns false, visiting is short-circuited. 46 // Returns true if visiting completed, false if visiting was short-circuited. 47 func VisitPVSecretNames(pv *corev1.PersistentVolume, visitor Visitor) bool { 48 visitor = skipEmptyNames(visitor) 49 source := &pv.Spec.PersistentVolumeSource 50 switch { 51 case source.AzureFile != nil: 52 if source.AzureFile.SecretNamespace != nil && len(*source.AzureFile.SecretNamespace) > 0 { 53 if len(source.AzureFile.SecretName) > 0 && !visitor(*source.AzureFile.SecretNamespace, source.AzureFile.SecretName, true /* kubeletVisible */) { 54 return false 55 } 56 } else { 57 if len(source.AzureFile.SecretName) > 0 && !visitor(getClaimRefNamespace(pv), source.AzureFile.SecretName, true /* kubeletVisible */) { 58 return false 59 } 60 } 61 return true 62 case source.CephFS != nil: 63 if source.CephFS.SecretRef != nil { 64 // previously persisted PV objects use claimRef namespace 65 ns := getClaimRefNamespace(pv) 66 if len(source.CephFS.SecretRef.Namespace) > 0 { 67 // use the secret namespace if namespace is set 68 ns = source.CephFS.SecretRef.Namespace 69 } 70 if !visitor(ns, source.CephFS.SecretRef.Name, true /* kubeletVisible */) { 71 return false 72 } 73 } 74 case source.Cinder != nil: 75 if source.Cinder.SecretRef != nil && !visitor(source.Cinder.SecretRef.Namespace, source.Cinder.SecretRef.Name, true /* kubeletVisible */) { 76 return false 77 } 78 case source.FlexVolume != nil: 79 if source.FlexVolume.SecretRef != nil { 80 // previously persisted PV objects use claimRef namespace 81 ns := getClaimRefNamespace(pv) 82 if len(source.FlexVolume.SecretRef.Namespace) > 0 { 83 // use the secret namespace if namespace is set 84 ns = source.FlexVolume.SecretRef.Namespace 85 } 86 if !visitor(ns, source.FlexVolume.SecretRef.Name, true /* kubeletVisible */) { 87 return false 88 } 89 } 90 case source.RBD != nil: 91 if source.RBD.SecretRef != nil { 92 // previously persisted PV objects use claimRef namespace 93 ns := getClaimRefNamespace(pv) 94 if len(source.RBD.SecretRef.Namespace) > 0 { 95 // use the secret namespace if namespace is set 96 ns = source.RBD.SecretRef.Namespace 97 } 98 if !visitor(ns, source.RBD.SecretRef.Name, true /* kubeletVisible */) { 99 return false 100 } 101 } 102 case source.ScaleIO != nil: 103 if source.ScaleIO.SecretRef != nil { 104 ns := getClaimRefNamespace(pv) 105 if source.ScaleIO.SecretRef != nil && len(source.ScaleIO.SecretRef.Namespace) > 0 { 106 ns = source.ScaleIO.SecretRef.Namespace 107 } 108 if !visitor(ns, source.ScaleIO.SecretRef.Name, true /* kubeletVisible */) { 109 return false 110 } 111 } 112 case source.ISCSI != nil: 113 if source.ISCSI.SecretRef != nil { 114 // previously persisted PV objects use claimRef namespace 115 ns := getClaimRefNamespace(pv) 116 if len(source.ISCSI.SecretRef.Namespace) > 0 { 117 // use the secret namespace if namespace is set 118 ns = source.ISCSI.SecretRef.Namespace 119 } 120 if !visitor(ns, source.ISCSI.SecretRef.Name, true /* kubeletVisible */) { 121 return false 122 } 123 } 124 case source.StorageOS != nil: 125 if source.StorageOS.SecretRef != nil && !visitor(source.StorageOS.SecretRef.Namespace, source.StorageOS.SecretRef.Name, true /* kubeletVisible */) { 126 return false 127 } 128 case source.CSI != nil: 129 if source.CSI.ControllerPublishSecretRef != nil { 130 if !visitor(source.CSI.ControllerPublishSecretRef.Namespace, source.CSI.ControllerPublishSecretRef.Name, false /* kubeletVisible */) { 131 return false 132 } 133 } 134 if source.CSI.ControllerExpandSecretRef != nil { 135 if !visitor(source.CSI.ControllerExpandSecretRef.Namespace, source.CSI.ControllerExpandSecretRef.Name, false /* kubeletVisible */) { 136 return false 137 } 138 } 139 140 if source.CSI.NodePublishSecretRef != nil { 141 if !visitor(source.CSI.NodePublishSecretRef.Namespace, source.CSI.NodePublishSecretRef.Name, true /* kubeletVisible */) { 142 return false 143 } 144 } 145 if source.CSI.NodeStageSecretRef != nil { 146 if !visitor(source.CSI.NodeStageSecretRef.Namespace, source.CSI.NodeStageSecretRef.Name, true /* kubeletVisible */) { 147 return false 148 } 149 } 150 if source.CSI.NodeExpandSecretRef != nil { 151 if !visitor(source.CSI.NodeExpandSecretRef.Namespace, source.CSI.NodeExpandSecretRef.Name, true /* kubeletVisible */) { 152 return false 153 } 154 } 155 } 156 return true 157 }