Add TLS cipher suites in the mount options (#263)

* update versions

Signed-off-by: Ashima-Ashima1 <[email protected]>

* set cipher suites from secrets in mount options

Signed-off-by: Ashima-Ashima1 <[email protected]>

* set cipher suites from secrets in mount options

Signed-off-by: Ashima-Ashima1 <[email protected]>

* set cipher suites from secrets in mount options

Signed-off-by: Ashima-Ashima1 <[email protected]>

* set cipher suites from secrets in mount options

Signed-off-by: Ashima-Ashima1 <[email protected]>

* publish v0.9.2

Signed-off-by: Ashima-Ashima1 <[email protected]>

* set cipher suites from secrets in mount options

Signed-off-by: Ashima-Ashima1 <[email protected]>

* publish v0.9.6

Signed-off-by: Ashima-Ashima1 <[email protected]>

* set cipher suites from secrets in mount options

Signed-off-by: Ashima-Ashima1 <[email protected]>

* set cipher suites from secrets in mount options

Signed-off-by: Ashima-Ashima1 <[email protected]>

* renaming

Signed-off-by: Ashima-Ashima1 <[email protected]>

* set cipher suites from secrets in mount options

Signed-off-by: Ashima-Ashima1 <[email protected]>

* set cipher suites from secrets in mount options

Signed-off-by: Ashima-Ashima1 <[email protected]>

* set cipher suites from secrets in mount options

Signed-off-by: Ashima-Ashima1 <[email protected]>

* set cipher suites from secrets in mount options

Signed-off-by: Ashima-Ashima1 <[email protected]>

* set cipher suites from secrets in mount options

Signed-off-by: Ashima-Ashima1 <[email protected]>

* uts

Signed-off-by: Ashima-Ashima1 <[email protected]>

* set cipher suites from secrets in mount options

Signed-off-by: Ashima-Ashima1 <[email protected]>

---------

Signed-off-by: Ashima-Ashima1 <[email protected]>

Author: ashimagarg27

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2025-08-25T02:32:44Z",
+  "generated_at": "2025-09-04T09:22:05Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -218,7 +218,7 @@
       {
         "hashed_secret": "2e7a7ee14caebf378fc32d6cf6f557f347c96773",
         "is_verified": false,
-        "line_number": 20,
+        "line_number": 21,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -270,7 +270,7 @@
       {
         "hashed_secret": "c7c6508b19455e3e8040e60e9833fbede92e5d8e",
         "is_verified": false,
-        "line_number": 368,
+        "line_number": 376,
         "type": "Secret Keyword",
         "verified_result": null
       }

go.mod

@@ -14,8 +14,8 @@ require (
 	github.com/google/uuid v1.6.0
 	github.com/kubernetes-csi/csi-test/v5 v5.3.1
 	github.com/mitchellh/go-ps v1.0.0
-	github.com/onsi/ginkgo/v2 v2.24.0
-	github.com/onsi/gomega v1.38.0
+	github.com/onsi/ginkgo/v2 v2.25.1
+	github.com/onsi/gomega v1.38.1
 	github.com/prometheus/client_golang v1.23.0
 	github.com/stretchr/testify v1.10.0
 	go.uber.org/zap v1.27.0
@@ -35,7 +35,7 @@ require (
 	github.com/BurntSushi/toml v1.0.0 // indirect
 	github.com/IBM/secret-utils-lib v1.1.14 // indirect
 	github.com/JeffAshton/win_pdh v0.0.0-20161109143554-76bb4ee9f0ab // indirect
-	github.com/Masterminds/semver/v3 v3.3.1 // indirect
+	github.com/Masterminds/semver/v3 v3.4.0 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
@@ -85,7 +85,7 @@ require (
 	github.com/google/cel-go v0.23.2 // indirect
 	github.com/google/gnostic-models v0.6.9 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
-	github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 // indirect
+	github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6 // indirect
 	github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
@@ -142,6 +142,7 @@ require (
 	go.opentelemetry.io/proto/otlp v1.4.0 // indirect
 	go.uber.org/automaxprocs v1.6.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
+	go.yaml.in/yaml/v3 v3.0.4 // indirect
 	golang.org/x/arch v0.8.0 // indirect
 	golang.org/x/crypto v0.41.0 // indirect
 	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect

go.sum

@@ -16,8 +16,8 @@ github.com/IBM/secret-utils-lib v1.1.14 h1:Gv5Ca2hZTQMr9+PkOq7AE2lUUnNEeQJ0uiKax
 github.com/IBM/secret-utils-lib v1.1.14/go.mod h1:wAAmS6JOrgcASOuyDkclmxWdKMcbVxshW5QWlMn21X8=
 github.com/JeffAshton/win_pdh v0.0.0-20161109143554-76bb4ee9f0ab h1:UKkYhof1njT1/xq4SEg5z+VpTgjmNeHwPGRQl7takDI=
 github.com/JeffAshton/win_pdh v0.0.0-20161109143554-76bb4ee9f0ab/go.mod h1:3VYc5hodBMJ5+l/7J4xAyMeuM2PNuepvHlGs8yilUCA=
-github.com/Masterminds/semver/v3 v3.3.1 h1:QtNSWtVZ3nBfk8mAOu/B6v7FMJ+NHTIgUPi7rj+4nv4=
-github.com/Masterminds/semver/v3 v3.3.1/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
+github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0=
+github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
 github.com/antlr4-go/antlr/v4 v4.13.0 h1:lxCg3LAv+EUK6t1i0y1V6/SLeUi0eKEKdhQAlS8TVTI=
@@ -146,8 +146,8 @@ github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 h1:BHT72Gu3keYf3ZEu2J0b1vyeLSOYI8bm5wbJM/8yDe8=
-github.com/google/pprof v0.0.0-20250403155104-27863c87afa6/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
+github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6 h1:EEHtgt9IwisQ2AZ4pIsMjahcegHh6rmhqxzIRQIyepY=
+github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo=
@@ -230,10 +230,10 @@ github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
-github.com/onsi/ginkgo/v2 v2.24.0 h1:obZz8LAnHicNdbBqvG3ytAFx8fgza+i1IDpBVcHT2YE=
-github.com/onsi/ginkgo/v2 v2.24.0/go.mod h1:ppTWQ1dh9KM/F1XgpeRqelR+zHVwV81DGRSDnFxK7Sk=
-github.com/onsi/gomega v1.38.0 h1:c/WX+w8SLAinvuKKQFh77WEucCnPk4j2OTUr7lt7BeY=
-github.com/onsi/gomega v1.38.0/go.mod h1:OcXcwId0b9QsE7Y49u+BTrL4IdKOBOKnD6VQNTJEB6o=
+github.com/onsi/ginkgo/v2 v2.25.1 h1:Fwp6crTREKM+oA6Cz4MsO8RhKQzs2/gOIVOUscMAfZY=
+github.com/onsi/ginkgo/v2 v2.25.1/go.mod h1:ppTWQ1dh9KM/F1XgpeRqelR+zHVwV81DGRSDnFxK7Sk=
+github.com/onsi/gomega v1.38.1 h1:FaLA8GlcpXDwsb7m0h2A9ew2aTk3vnZMlzFgg5tz/pk=
+github.com/onsi/gomega v1.38.1/go.mod h1:LfcV8wZLvwcYRwPiJysphKAEsmcFnLMK/9c+PjvlX8g=
 github.com/opencontainers/cgroups v0.0.1 h1:MXjMkkFpKv6kpuirUa4USFBas573sSAY082B4CiHEVA=
 github.com/opencontainers/cgroups v0.0.1/go.mod h1:s8lktyhlGUqM7OSRL5P7eAW6Wb+kWPNvt4qvVfzA5vs=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
@@ -327,6 +327,8 @@ go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
 go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
+go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
+go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
 golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
 golang.org/x/arch v0.8.0 h1:3wRIsP3pM4yUptoR96otTUOXI367OS0+c9eeRi9doIc=
 golang.org/x/arch v0.8.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=

pkg/constants/constants.go

@@ -48,6 +48,8 @@ const (
 	IsNodeServer         = "IS_NODE_SERVER"
 	KubeNodeName         = "KUBE_NODE_NAME"
 	MaxVolumesPerNodeEnv = "MAX_VOLUMES_PER_NODE"
+
+	CipherSuitesKey = "cipher_suites"
 )
 
 var (

pkg/driver/nodeserver.go

@@ -39,6 +39,7 @@ type NodeServerConfig struct {
 	Region            string
 	Zone              string
 	NodeID            string
+	TLSCipherSuite    string
 }
 
 func (ns *nodeServer) NodeStageVolume(_ context.Context, req *csi.NodeStageVolumeRequest) (*csi.NodeStageVolumeResponse, error) {
@@ -161,7 +162,11 @@ func (ns *nodeServer) NodePublishVolume(_ context.Context, req *csi.NodePublishV
 		secretMap["bucketName"] = tempBucketName
 	}
 
-	mounterObj := ns.Mounter.NewMounter(attrib, secretMap, mountFlags)
+	var defaultParamsMap = map[string]string{
+		constants.CipherSuitesKey: ns.TLSCipherSuite,
+	}
+
+	mounterObj := ns.Mounter.NewMounter(attrib, secretMap, mountFlags, defaultParamsMap)
 
 	klog.Info("-NodePublishVolume-: Mount")
 	if err = mounterObj.Mount("", targetPath); err != nil {
@@ -192,7 +197,7 @@ func (ns *nodeServer) NodeUnpublishVolume(_ context.Context, req *csi.NodeUnpubl
 		return nil, status.Error(codes.NotFound, "Failed to get PV details")
 	}
 
-	mounterObj := ns.Mounter.NewMounter(attrib, nil, nil)
+	mounterObj := ns.Mounter.NewMounter(attrib, nil, nil, nil)
 
 	klog.Info("-NodeUnpublishVolume-: Unmount")
 	if err = mounterObj.Unmount(targetPath); err != nil {

pkg/driver/s3-driver.go

@@ -14,6 +14,7 @@ import (
 	"fmt"
 	"os"
 	"strconv"
+	"strings"
 
 	"github.com/IBM/ibm-csi-common/pkg/utils"
 	"github.com/IBM/ibm-object-csi-driver/pkg/constants"
@@ -140,7 +141,7 @@ func newNodeServer(d *S3Driver, statsUtil pkgUtils.StatsUtils, nodeID string, mo
 		return nil, fmt.Errorf("KUBE_NODE_NAME env variable not set")
 	}
 
-	region, zone, err := statsUtil.GetRegionAndZone(nodeName)
+	data, err := statsUtil.GetClusterNodeData(nodeName)
 	if err != nil {
 		return nil, err
 	}
@@ -157,12 +158,18 @@ func newNodeServer(d *S3Driver, statsUtil pkgUtils.StatsUtils, nodeID string, mo
 		maxVolumesPerNode = int64(constants.DefaultVolumesPerNode)
 	}
 
+	ciphersuite := "default"
+	if strings.Contains(strings.ToLower(data.OS), "ubuntu") {
+		ciphersuite = "AESGCM"
+	}
+
 	return &nodeServer{
-		S3Driver:         d,
-		Stats:            statsUtil,
-		NodeServerConfig: NodeServerConfig{MaxVolumesPerNode: maxVolumesPerNode, Region: region, Zone: zone, NodeID: nodeID},
-		Mounter:          mountObj,
-		MounterUtils:     mounterUtil,
+		S3Driver: d,
+		Stats:    statsUtil,
+		NodeServerConfig: NodeServerConfig{MaxVolumesPerNode: maxVolumesPerNode, Region: data.Region, Zone: data.Zone,
+			NodeID: nodeID, TLSCipherSuite: ciphersuite},
+		Mounter:      mountObj,
+		MounterUtils: mounterUtil,
 	}, nil
 }
 

pkg/driver/s3-driver_test.go

@@ -119,7 +119,13 @@ func TestNewNodeServer(t *testing.T) {
 				constants.MaxVolumesPerNodeEnv: "10",
 			},
 			statsUtils: utils.NewFakeStatsUtilsImpl(utils.FakeStatsUtilsFuncStruct{
-				GetRegionAndZoneFn: func(nodeName string) (string, string, error) { return testRegion, testZone, nil },
+				GetClusterNodeDataFn: func(nodeName string) (*utils.ClusterNodeData, error) {
+					return &utils.ClusterNodeData{
+						Region: testRegion,
+						Zone:   testZone,
+						OS:     "ubuntu",
+					}, nil
+				},
 			}),
 			verifyResult: func(t *testing.T, ns *nodeServer, err error) {
 				assert.NoError(t, err)
@@ -149,8 +155,8 @@ func TestNewNodeServer(t *testing.T) {
 				constants.MaxVolumesPerNodeEnv: "",
 			},
 			statsUtils: utils.NewFakeStatsUtilsImpl(utils.FakeStatsUtilsFuncStruct{
-				GetRegionAndZoneFn: func(nodeName string) (string, string, error) {
-					return "", "", errors.New("unable to load in-cluster configuration")
+				GetClusterNodeDataFn: func(nodeName string) (*utils.ClusterNodeData, error) {
+					return nil, errors.New("unable to load in-cluster configuration")
 				},
 			}),
 			verifyResult: func(t *testing.T, ns *nodeServer, err error) {
@@ -165,8 +171,11 @@ func TestNewNodeServer(t *testing.T) {
 				constants.MaxVolumesPerNodeEnv: "invalid",
 			},
 			statsUtils: utils.NewFakeStatsUtilsImpl(utils.FakeStatsUtilsFuncStruct{
-				GetRegionAndZoneFn: func(nodeName string) (string, string, error) {
-					return testRegion, testZone, nil
+				GetClusterNodeDataFn: func(nodeName string) (*utils.ClusterNodeData, error) {
+					return &utils.ClusterNodeData{
+						Region: testRegion,
+						Zone:   testZone,
+					}, nil
 				},
 			}),
 			verifyResult: func(t *testing.T, ns *nodeServer, err error) {
@@ -181,7 +190,12 @@ func TestNewNodeServer(t *testing.T) {
 				constants.MaxVolumesPerNodeEnv: "",
 			},
 			statsUtils: utils.NewFakeStatsUtilsImpl(utils.FakeStatsUtilsFuncStruct{
-				GetRegionAndZoneFn: func(nodeName string) (string, string, error) { return testRegion, testZone, nil },
+				GetClusterNodeDataFn: func(nodeName string) (*utils.ClusterNodeData, error) {
+					return &utils.ClusterNodeData{
+						Region: testRegion,
+						Zone:   testZone,
+					}, nil
+				},
 			}),
 			verifyResult: func(t *testing.T, ns *nodeServer, err error) {
 				assert.NoError(t, err)
@@ -270,7 +284,12 @@ func TestNewS3CosDriver(t *testing.T) {
 				GetEndpointsFn: func() (string, string, error) {
 					return constants.PublicIAMEndpoint, "", nil
 				},
-				GetRegionAndZoneFn: func(nodeName string) (string, string, error) { return testRegion, testZone, nil },
+				GetClusterNodeDataFn: func(nodeName string) (*utils.ClusterNodeData, error) {
+					return &utils.ClusterNodeData{
+						Region: testRegion,
+						Zone:   testZone,
+					}, nil
+				},
 			}),
 			verifyResult: func(t *testing.T, driver *S3Driver, err error) {
 				assert.NoError(t, err)
@@ -287,7 +306,12 @@ func TestNewS3CosDriver(t *testing.T) {
 				GetEndpointsFn: func() (string, string, error) {
 					return constants.PublicIAMEndpoint, "", nil
 				},
-				GetRegionAndZoneFn: func(nodeName string) (string, string, error) { return testRegion, testZone, nil },
+				GetClusterNodeDataFn: func(nodeName string) (*utils.ClusterNodeData, error) {
+					return &utils.ClusterNodeData{
+						Region: testRegion,
+						Zone:   testZone,
+					}, nil
+				},
 			}),
 			verifyResult: func(t *testing.T, driver *S3Driver, err error) {
 				assert.NoError(t, err)

pkg/mounter/fake_mounter.go

@@ -17,7 +17,7 @@ type FakeMounterFactory struct {
 	IsFailedUnmount bool
 }
 
-func (f *FakeMounterFactory) NewMounter(attrib map[string]string, secretMap map[string]string, mountFlags []string) Mounter {
+func (f *FakeMounterFactory) NewMounter(attrib map[string]string, secretMap map[string]string, mountFlags []string, defaultParams map[string]string) Mounter {
 	switch f.Mounter {
 	case constants.S3FS:
 		return fakenewS3fsMounter(f.IsFailedMount, f.IsFailedUnmount)

pkg/mounter/mounter-s3fs.go

@@ -50,7 +50,7 @@ var (
 	removeFile    = removeS3FSCredFile
 )
 
-func NewS3fsMounter(secretMap map[string]string, mountOptions []string, mounterUtils utils.MounterUtils) Mounter {
+func NewS3fsMounter(secretMap map[string]string, mountOptions []string, mounterUtils utils.MounterUtils, defaultParams map[string]string) Mounter {
 	klog.Info("-newS3fsMounter-")
 
 	var (
@@ -103,7 +103,7 @@ func NewS3fsMounter(secretMap map[string]string, mountOptions []string, mounterU
 	klog.Infof("newS3fsMounter args:\n\tbucketName: [%s]\n\tobjPath: [%s]\n\tendPoint: [%s]\n\tlocationConstraint: [%s]\n\tauthType: [%s]\n\tkpRootKeyCrn: [%s]",
 		mounter.BucketName, mounter.ObjPath, mounter.EndPoint, mounter.LocConstraint, mounter.AuthType, mounter.KpRootKeyCrn)
 
-	updatedOptions := updateS3FSMountOptions(mountOptions, secretMap)
+	updatedOptions := updateS3FSMountOptions(mountOptions, secretMap, defaultParams)
 	mounter.MountOptions = updatedOptions
 
 	mounter.MounterUtils = mounterUtils
@@ -208,7 +208,7 @@ func (s3fs *S3fsMounter) Unmount(target string) error {
 	return nil
 }
 
-func updateS3FSMountOptions(defaultMountOp []string, secretMap map[string]string) []string {
+func updateS3FSMountOptions(defaultMountOp []string, secretMap map[string]string, defaultParams map[string]string) []string {
 	mountOptsMap := make(map[string]string)
 
 	// Create map out of array
@@ -285,6 +285,12 @@ func updateS3FSMountOptions(defaultMountOp []string, secretMap map[string]string
 		updatedOptions = append(updatedOptions, option)
 	}
 
+	// Mount options which are not present in secret mountOptions and need to be set by nodeserver
+	if _, ok := mountOptsMap[constants.CipherSuitesKey]; !ok {
+		option := fmt.Sprintf("%s=%s", constants.CipherSuitesKey, defaultParams[constants.CipherSuitesKey])
+		updatedOptions = append(updatedOptions, option)
+	}
+
 	klog.Infof("updated S3fsMounter Options: %v", updatedOptions)
 	return updatedOptions
 }

pkg/mounter/mounter-s3fs_test.go

@@ -5,6 +5,7 @@ import (
 	"os"
 	"testing"
 
+	"github.com/IBM/ibm-object-csi-driver/pkg/constants"
 	mounterUtils "github.com/IBM/ibm-object-csi-driver/pkg/mounter/utils"
 	"github.com/stretchr/testify/assert"
 )
@@ -26,7 +27,7 @@ var (
 )
 
 func TestNewS3fsMounter_Success(t *testing.T) {
-	mounter := NewS3fsMounter(secretMap, mountOptions, mounterUtils.NewFakeMounterUtilsImpl(mounterUtils.FakeMounterUtilsFuncStruct{}))
+	mounter := NewS3fsMounter(secretMap, mountOptions, mounterUtils.NewFakeMounterUtilsImpl(mounterUtils.FakeMounterUtilsFuncStruct{}), map[string]string{constants.CipherSuitesKey: "default"})
 
 	s3fsMounter, ok := mounter.(*S3fsMounter)
 	assert.True(t, ok)
@@ -55,7 +56,7 @@ func TestNewS3fsMounter_Success_Hmac(t *testing.T) {
 
 	mountOptions := []string{"opt1=val1", "opt2=val2", " ", "opt3"}
 
-	mounter := NewS3fsMounter(secretMap, mountOptions, mounterUtils.NewFakeMounterUtilsImpl(mounterUtils.FakeMounterUtilsFuncStruct{}))
+	mounter := NewS3fsMounter(secretMap, mountOptions, mounterUtils.NewFakeMounterUtilsImpl(mounterUtils.FakeMounterUtilsFuncStruct{}), nil)
 
 	s3fsMounter, ok := mounter.(*S3fsMounter)
 	assert.True(t, ok)