Move CredentialProvider into its own package

Signed-off-by: Burak Varlı <[email protected]>
awslabs · Jan 30, 2025 · 49f7629 · 49f7629
1 parent ede6473
commit 49f7629
Show file tree

Hide file tree

Showing 23 changed files with 1,883 additions and 1,581 deletions.
diff --git a/pkg/driver/driver.go b/pkg/driver/driver.go
@@ -21,12 +21,11 @@ import (
 	"fmt"
 	"net"
 	"os"
-	"time"
 
 	"github.com/awslabs/aws-s3-csi-driver/pkg/driver/node"
+	"github.com/awslabs/aws-s3-csi-driver/pkg/driver/node/credentialprovider"
 	"github.com/awslabs/aws-s3-csi-driver/pkg/driver/node/mounter"
 	"github.com/awslabs/aws-s3-csi-driver/pkg/driver/version"
-	"github.com/awslabs/aws-s3-csi-driver/pkg/util"
 	"github.com/container-storage-interface/spec/lib/go/csi"
 	"google.golang.org/grpc"
 	"k8s.io/client-go/kubernetes"
@@ -35,15 +34,11 @@ import (
 )
 
 const (
-	driverName          = "s3.csi.aws.com"
-	webIdentityTokenEnv = "AWS_WEB_IDENTITY_TOKEN_FILE"
+	driverName = "s3.csi.aws.com"
 
 	grpcServerMaxReceiveMessageSize = 1024 * 1024 * 2 // 2MB
 
 	unixSocketPerm = os.FileMode(0700) // only owner can write and read.
-
-	// This is the plugin directory for CSI driver mounted in the container.
-	containerPluginDir = "/csi"
 )
 
 type Driver struct {
@@ -74,13 +69,13 @@ func NewDriver(endpoint string, mpVersion string, nodeID string) (*Driver, error
 	klog.Infof("Driver version: %v, Git commit: %v, build date: %v, nodeID: %v, mount-s3 version: %v, kubernetes version: %v",
 		version.DriverVersion, version.GitCommit, version.BuildDate, nodeID, mpVersion, kubernetesVersion)
 
-	systemd_mounter, err := mounter.NewSystemdMounter(mpVersion, kubernetesVersion)
+	credProvider := credentialprovider.New(clientset.CoreV1(), credentialprovider.RegionFromIMDSOnce)
+	systemdMounter, err := mounter.NewSystemdMounter(credProvider, mpVersion, kubernetesVersion)
 	if err != nil {
 		klog.Fatalln(err)
 	}
 
-	credentialProvider := mounter.NewCredentialProvider(clientset.CoreV1(), containerPluginDir, mounter.RegionFromIMDSOnce)
-	nodeServer := node.NewS3NodeServer(nodeID, systemd_mounter, credentialProvider)
+	nodeServer := node.NewS3NodeServer(nodeID, systemdMounter)
 
 	return &Driver{
 		Endpoint:   endpoint,
@@ -90,14 +85,6 @@ func NewDriver(endpoint string, mpVersion string, nodeID string) (*Driver, error
 }
 
 func (d *Driver) Run() error {
-	ctx, cancel := context.WithCancel(context.Background())
-	defer cancel()
-	tokenFile := os.Getenv(webIdentityTokenEnv)
-	if tokenFile != "" {
-		klog.Infof("Found AWS_WEB_IDENTITY_TOKEN_FILE, syncing token")
-		go tokenFileTender(ctx, tokenFile, "/csi/token")
-	}
-
 	scheme, addr, err := ParseEndpoint(d.Endpoint)
 	if err != nil {
 		return err
@@ -150,22 +137,6 @@ func (d *Driver) Stop() {
 	d.Srv.Stop()
 }
 
-func tokenFileTender(ctx context.Context, sourcePath string, destPath string) {
-	for {
-		timer := time.After(10 * time.Second)
-		err := util.ReplaceFile(destPath, sourcePath, 0600)
-		if err != nil {
-			klog.Infof("Failed to sync AWS web token file: %v", err)
-		}
-		select {
-		case <-timer:
-			continue
-		case <-ctx.Done():
-			return
-		}
-	}
-}
-
 func kubernetesVersion(clientset *kubernetes.Clientset) (string, error) {
 	version, err := clientset.ServerVersion()
 	if err != nil {

diff --git a/pkg/driver/node/awsprofile/aws_profile.go b/pkg/driver/node/awsprofile/aws_profile.go
diff --git a/pkg/driver/node/awsprofile/aws_profile_test.go b/pkg/driver/node/awsprofile/aws_profile_test.go