diff --git a/cmd/cephcsi.go b/cmd/cephcsi.go index 6bf476a79a41..d62c0ecc0362 100644 --- a/cmd/cephcsi.go +++ b/cmd/cephcsi.go @@ -46,7 +46,7 @@ const ( pollTime = 60 // seconds probeTimeout = 3 // seconds - // use default namespace if namespace is not set + // use default namespace if namespace is not set. defaultNS = "default" ) diff --git a/e2e/ceph_user.go b/e2e/ceph_user.go index cecfef1bc51e..b9ab0f781dc8 100644 --- a/e2e/ceph_user.go +++ b/e2e/ceph_user.go @@ -9,14 +9,14 @@ import ( // #nosec because of the word `Secret` const ( - // ceph user names + // ceph user names. keyringRBDProvisionerUsername = "cephcsi-rbd-provisioner" keyringRBDNodePluginUsername = "cephcsi-rbd-node" keyringRBDNamespaceProvisionerUsername = "cephcsi-rbd-ns-provisioner" keyringRBDNamespaceNodePluginUsername = "cephcsi-rbd-ns-node" keyringCephFSProvisionerUsername = "cephcsi-cephfs-provisioner" keyringCephFSNodePluginUsername = "cephcsi-cephfs-node" - // secret names + // secret names. rbdNodePluginSecretName = "cephcsi-rbd-node" rbdProvisionerSecretName = "cephcsi-rbd-provisioner" rbdNamespaceNodePluginSecretName = "cephcsi-rbd-ns-node" diff --git a/e2e/rbd.go b/e2e/rbd.go index ae0c06927700..0d030068844f 100644 --- a/e2e/rbd.go +++ b/e2e/rbd.go @@ -30,7 +30,7 @@ var ( rbdDeploymentName = "csi-rbdplugin-provisioner" rbdDaemonsetName = "csi-rbdplugin" defaultRBDPool = "replicapool" - // Topology related variables + // Topology related variables. nodeRegionLabel = "test.failure-domain/region" regionValue = "testregion" nodeZoneLabel = "test.failure-domain/zone" @@ -40,7 +40,7 @@ var ( rbdTopologyPool = "newrbdpool" rbdTopologyDataPool = "replicapool" // NOTE: should be different than rbdTopologyPool for test to be effective - // yaml files required for deployment + // yaml files required for deployment. pvcPath = rbdExamplePath + "pvc.yaml" appPath = rbdExamplePath + "pod.yaml" rawPvcPath = rbdExamplePath + "raw-block-pvc.yaml" @@ -56,7 +56,7 @@ var ( ) func deployRBDPlugin() { - // delete objects deployed by rook + // delete objects deployed by rook. data, err := replaceNamespaceInTemplate(rbdDirPath + rbdProvisionerRBAC) if err != nil { e2elog.Failf("failed to read content from %s with error %v", rbdDirPath+rbdProvisionerRBAC, err) @@ -172,7 +172,7 @@ func validateRBDImageCount(f *framework.Framework, count int, pool string) { var _ = Describe("RBD", func() { f := framework.NewDefaultFramework("rbd") var c clientset.Interface - // deploy RBD CSI + // deploy RBD CSI. BeforeEach(func() { if !testRBD || upgradeTesting { Skip("Skipping RBD E2E") @@ -207,7 +207,7 @@ var _ = Describe("RBD", func() { e2elog.Failf("failed to create storageclass with error %v", err) } } - // create rbd provisioner secret + // create rbd provisioner secret. key, err := createCephUser(f, keyringRBDProvisionerUsername, rbdProvisionerCaps("", "")) if err != nil { e2elog.Failf("failed to create user %s with error %v", keyringRBDProvisionerUsername, err) @@ -216,7 +216,7 @@ var _ = Describe("RBD", func() { if err != nil { e2elog.Failf("failed to create provisioner secret with error %v", err) } - // create rbd plugin secret + // create rbd plugin secret. key, err = createCephUser(f, keyringRBDNodePluginUsername, rbdNodePluginCaps("", "")) if err != nil { e2elog.Failf("failed to create user %s with error %v", keyringRBDNodePluginUsername, err) diff --git a/e2e/utils.go b/e2e/utils.go index 16e3dc9ac6e9..dc88798f2f73 100644 --- a/e2e/utils.go +++ b/e2e/utils.go @@ -28,7 +28,7 @@ import ( const ( defaultNs = "default" defaultSCName = "" - // vaultBackendPath is the default VAULT_BACKEND_PATH for secrets + // vaultBackendPath is the default VAULT_BACKEND_PATH for secrets. vaultBackendPath = "secret/" // vaultPassphrasePath is an advanced configuration option, only // available for the VaultKMS (not VaultTokensKMS) provider. @@ -40,11 +40,11 @@ const ( retainPolicy = v1.PersistentVolumeReclaimRetain // deletePolicy is the default policy in E2E. deletePolicy = v1.PersistentVolumeReclaimDelete - // Default key and label for Listoptions + // Default key and label for Listoptions. appKey = "app" appLabel = "write-data-in-pod" - // vaultTokens KMS type + // vaultTokens KMS type. vaultTokens = "vaulttokens" noError = "" @@ -52,7 +52,7 @@ const ( ) var ( - // cli flags + // cli flags. deployTimeout int deployCephFS bool deployRBD bool diff --git a/internal/cephfs/driver.go b/internal/cephfs/driver.go index 174f68cdaa9f..8e68b2705b8b 100644 --- a/internal/cephfs/driver.go +++ b/internal/cephfs/driver.go @@ -25,10 +25,10 @@ import ( ) const ( - // volIDVersion is the version number of volume ID encoding scheme + // volIDVersion is the version number of volume ID encoding scheme. volIDVersion uint16 = 1 - // RADOS namespace to store CSI specific objects and keys + // RADOS namespace to store CSI specific objects and keys. radosNamespace = "csi" ) @@ -43,15 +43,15 @@ type Driver struct { var ( // CSIInstanceID is the instance ID that is unique to an instance of CSI, used when sharing - // ceph clusters across CSI instances, to differentiate omap names per CSI instance + // ceph clusters across CSI instances, to differentiate omap names per CSI instance. CSIInstanceID = "default" // volJournal is used to maintain RADOS based journals for CO generated - // VolumeName to backing CephFS subvolumes + // VolumeName to backing CephFS subvolumes. volJournal *journal.Config // snapJournal is used to maintain RADOS based journals for CO generated - // SnapshotName to backing CephFS subvolumes + // SnapshotName to backing CephFS subvolumes. snapJournal *journal.Config ) @@ -100,11 +100,11 @@ func (fs *Driver) Run(conf *util.Config) { util.FatalLogMsg("failed to write ceph configuration file: %v", err) } - // Use passed in instance ID, if provided for omap suffix naming + // Use passed in instance ID, if provided for omap suffix naming. if conf.InstanceID != "" { CSIInstanceID = conf.InstanceID } - // Create an instance of the volume journal + // Create an instance of the volume journal. volJournal = journal.NewCSIVolumeJournalWithNamespace(CSIInstanceID, radosNamespace) snapJournal = journal.NewCSISnapshotJournalWithNamespace(CSIInstanceID, radosNamespace) diff --git a/internal/cephfs/errors.go b/internal/cephfs/errors.go index 03f0f5b4b77e..e70d4a467889 100644 --- a/internal/cephfs/errors.go +++ b/internal/cephfs/errors.go @@ -27,10 +27,10 @@ const ( ) var ( - // ErrCloneInProgress is returned when snapshot clone state is `in progress` + // ErrCloneInProgress is returned when snapshot clone state is `in progress`. ErrCloneInProgress = errors.New("clone from snapshot is already in progress") - // ErrClonePending is returned when snapshot clone state is `pending` + // ErrClonePending is returned when snapshot clone state is `pending`. ErrClonePending = errors.New("clone from snapshot is pending") // ErrInvalidVolID is returned when a CSI passed VolumeID is not conformant to any known volume ID @@ -40,7 +40,7 @@ var ( // statically provisioned. ErrNonStaticVolume = errors.New("volume not static") - // ErrSnapProtectionExist is returned when the snapshot is already protected + // ErrSnapProtectionExist is returned when the snapshot is already protected. ErrSnapProtectionExist = errors.New("snapshot protection already exists") // ErrSnapNotFound is returned when snap name passed is not found in the list @@ -50,7 +50,7 @@ var ( // ErrVolumeNotFound is returned when a subvolume is not found in CephFS. ErrVolumeNotFound = errors.New("volume not found") - // ErrInvalidCommand is returned when a command is not known to the cluster + // ErrInvalidCommand is returned when a command is not known to the cluster. ErrInvalidCommand = errors.New("invalid command") // ErrVolumeHasSnapshots is returned when a subvolume has snapshots. diff --git a/internal/cephfs/volumemounter.go b/internal/cephfs/volumemounter.go index 20390fd9052d..2e0e53549573 100644 --- a/internal/cephfs/volumemounter.go +++ b/internal/cephfs/volumemounter.go @@ -39,7 +39,7 @@ const ( var ( availableMounters []string - // maps a mountpoint to PID of its FUSE daemon + // maps a mountpoint to PID of its FUSE daemon. fusePidMap = make(map[string]int) fusePidMapMtx sync.Mutex diff --git a/internal/rbd/driver.go b/internal/rbd/driver.go index 3d1437a186a4..681c692dea68 100644 --- a/internal/rbd/driver.go +++ b/internal/rbd/driver.go @@ -26,7 +26,7 @@ import ( ) const ( - // volIDVersion is the version number of volume ID encoding scheme + // volIDVersion is the version number of volume ID encoding scheme. volIDVersion uint16 = 1 ) @@ -43,19 +43,19 @@ type Driver struct { var ( // CSIInstanceID is the instance ID that is unique to an instance of CSI, used when sharing - // ceph clusters across CSI instances, to differentiate omap names per CSI instance + // ceph clusters across CSI instances, to differentiate omap names per CSI instance. CSIInstanceID = "default" // volJournal and snapJournal are used to maintain RADOS based journals for CO generated - // VolumeName to backing RBD images + // VolumeName to backing RBD images. volJournal *journal.Config snapJournal *journal.Config // rbdHardMaxCloneDepth is the hard limit for maximum number of nested volume clones that are taken before a flatten - // occurs + // occurs. rbdHardMaxCloneDepth uint // rbdSoftMaxCloneDepth is the soft limit for maximum number of nested volume clones that are taken before a flatten - // occurs + // occurs. rbdSoftMaxCloneDepth uint maxSnapshotsOnImage uint minSnapshotsOnImageToStartFlatten uint @@ -104,27 +104,27 @@ func (r *Driver) Run(conf *util.Config) { var err error var topology map[string]string - // Create ceph.conf for use with CLI commands + // Create ceph.conf for use with CLI commands. if err = util.WriteCephConfig(); err != nil { util.FatalLogMsg("failed to write ceph configuration file (%v)", err) } - // Use passed in instance ID, if provided for omap suffix naming + // Use passed in instance ID, if provided for omap suffix naming. if conf.InstanceID != "" { CSIInstanceID = conf.InstanceID } - // update clone soft and hard limit + // update clone soft and hard limit. rbdHardMaxCloneDepth = conf.RbdHardMaxCloneDepth rbdSoftMaxCloneDepth = conf.RbdSoftMaxCloneDepth skipForceFlatten = conf.SkipForceFlatten maxSnapshotsOnImage = conf.MaxSnapshotsOnImage minSnapshotsOnImageToStartFlatten = conf.MinSnapshotsOnImage - // Create instances of the volume and snapshot journal + // Create instances of the volume and snapshot journal. volJournal = journal.NewCSIVolumeJournal(CSIInstanceID) snapJournal = journal.NewCSISnapshotJournal(CSIInstanceID) - // Initialize default library driver + // Initialize default library driver. r.cd = csicommon.NewCSIDriver(conf.DriverName, util.DriverVersion, conf.NodeID) if r.cd == nil { util.FatalLogMsg("Failed to initialize CSI Driver.") @@ -140,13 +140,13 @@ func (r *Driver) Run(conf *util.Config) { // general // In addition, we want to add the remaining modes like MULTI_NODE_READER_ONLY, // MULTI_NODE_SINGLE_WRITER etc, but need to do some verification of RO modes first - // will work those as follow up features + // will work those as follow up features. r.cd.AddVolumeCapabilityAccessModes( []csi.VolumeCapability_AccessMode_Mode{csi.VolumeCapability_AccessMode_SINGLE_NODE_WRITER, csi.VolumeCapability_AccessMode_MULTI_NODE_MULTI_WRITER}) } - // Create GRPC servers + // Create GRPC servers. r.ids = NewIdentityServer(r.cd) if conf.IsNodeServer { diff --git a/internal/rbd/encryption.go b/internal/rbd/encryption.go index 8047b44099fc..877701b27136 100644 --- a/internal/rbd/encryption.go +++ b/internal/rbd/encryption.go @@ -49,10 +49,10 @@ const ( // rbdImageRequiresEncryption has been deprecated, it is used only for // volumes that have been created with an old provisioner, were never // attached/mounted and now get staged by a new node-plugin - // TODO: remove this backwards compatibility support + // TODO: remove this backwards compatibility support. rbdImageRequiresEncryption = rbdEncryptionState("requiresEncryption") - // image metadata key for encryption + // image metadata key for encryption. encryptionMetaKey = ".rbd.csi.ceph.com/encrypted" // metadataDEK is the key in the image metadata where the (encrypted) @@ -121,7 +121,7 @@ func (ri *rbdImage) copyEncryptionConfig(cp *rbdImage) error { "set!? Call stack: %s", ri, cp, ri.VolID, util.CallStack()) } - // get the unencrypted passphrase + // get the unencrypted passphrase. passphrase, err := ri.encryption.GetCryptoPassphrase(ri.VolID) if err != nil { return fmt.Errorf("failed to fetch passphrase for %q: %w", @@ -133,14 +133,14 @@ func (ri *rbdImage) copyEncryptionConfig(cp *rbdImage) error { cp.encryption.SetDEKStore(cp) } - // re-encrypt the plain passphrase for the cloned volume + // re-encrypt the plain passphrase for the cloned volume. err = cp.encryption.StoreCryptoPassphrase(cp.VolID, passphrase) if err != nil { return fmt.Errorf("failed to store passphrase for %q: %w", cp, err) } - // copy encryption status for the original volume + // copy encryption status for the original volume. status, err := ri.checkRbdImageEncrypted(context.TODO()) if err != nil { return fmt.Errorf("failed to get encryption status for %q: %w", @@ -162,10 +162,10 @@ func (ri *rbdImage) repairEncryptionConfig(dest *rbdImage) error { return nil } - // if ri is encrypted, copy its configuration in case it is missing + // if ri is encrypted, copy its configuration in case it is missing. if !dest.isEncrypted() { // dest needs to be connected to the cluster, otherwise it will - // not be possible to write any metadata + // not be possible to write any metadata. if dest.conn == nil { dest.conn = ri.conn.Copy() } @@ -276,7 +276,7 @@ func (ri *rbdImage) configureEncryption(kmsID string, credentials map[string]str ri.encryption, err = util.NewVolumeEncryption(kmsID, kms) // if the KMS can not store the DEK itself, we'll store it in the - // metadata of the RBD image itself + // metadata of the RBD image itself. if errors.Is(err, util.ErrDEKStoreNeeded) { ri.encryption.SetDEKStore(ri) } diff --git a/internal/rbd/nodeserver.go b/internal/rbd/nodeserver.go index fefb99085d24..17121a479c2f 100644 --- a/internal/rbd/nodeserver.go +++ b/internal/rbd/nodeserver.go @@ -61,7 +61,7 @@ type stageTransaction struct { } const ( - // values for xfsHasReflink + // values for xfsHasReflink. xfsReflinkUnset int = iota xfsReflinkNoSupport xfsReflinkSupport @@ -92,7 +92,7 @@ var ( } // xfsHasReflink is set by xfsSupportsReflink(), use the function when - // checking the support for reflink + // checking the support for reflink. xfsHasReflink = xfsReflinkUnset ) diff --git a/internal/rbd/rbd_attach.go b/internal/rbd/rbd_attach.go index 158a96d42a98..e58abf4d990a 100644 --- a/internal/rbd/rbd_attach.go +++ b/internal/rbd/rbd_attach.go @@ -43,7 +43,7 @@ const ( // Output strings returned during invocation of "rbd unmap --device-type... " when // image is not found to be mapped. Used to ignore errors when attempting to unmap such images. // The %s format specifier should contain the string - // NOTE: When using devicePath instead of imageSpec, the error strings are different + // NOTE: When using devicePath instead of imageSpec, the error strings are different. rbdUnmapCmdkRbdMissingMap = "rbd: %s: not a mapped image or snapshot" rbdUnmapCmdNbdMissingMap = "rbd-nbd: %s is not mapped" rbdMapConnectionTimeout = "Connection timed out" @@ -102,7 +102,7 @@ func rbdGetDeviceList(ctx context.Context, accessType string) ([]rbdDeviceInfo, err) } - // convert output to a rbdDeviceInfo list for consumers + // convert output to a rbdDeviceInfo list for consumers. if accessType == accessTypeNbd { for _, device := range nbdDeviceList { rbdDeviceList = append( diff --git a/internal/util/aws_metadata.go b/internal/util/aws_metadata.go index 4e8166a3d096..3aadca739ed3 100644 --- a/internal/util/aws_metadata.go +++ b/internal/util/aws_metadata.go @@ -51,9 +51,9 @@ const ( // // #nosec:G101, no hardcoded secrets, only configuration keys. awsAccessKey = "AWS_ACCESS_KEY_ID" - // #nosec:G101 + // #nosec:G101. awsSecretAccessKey = "AWS_SECRET_ACCESS_KEY" - // #nosec:G101 + // #nosec:G101. awsSessionToken = "AWS_SESSION_TOKEN" awsCMK = "AWS_CMK_ARN" ) diff --git a/internal/util/cephconf.go b/internal/util/cephconf.go index b33c828de2db..cea694c2f384 100644 --- a/internal/util/cephconf.go +++ b/internal/util/cephconf.go @@ -37,7 +37,7 @@ fuse_big_writes = true const ( cephConfigRoot = "/etc/ceph" - // CephConfigPath ceph configuration file + // CephConfigPath ceph configuration file. CephConfigPath = "/etc/ceph/ceph.conf" keyRing = "/etc/ceph/keyring" diff --git a/internal/util/connection.go b/internal/util/connection.go index 6d17697d9388..c5cca7357ee0 100644 --- a/internal/util/connection.go +++ b/internal/util/connection.go @@ -40,7 +40,7 @@ type ClusterConnection struct { var ( // large interval and timeout, it should be longer than the maximum // time an operation can take (until refcounting of the connections is - // available) + // available). cpInterval = 15 * time.Minute cpExpiry = 10 * time.Minute connPool = NewConnPool(cpInterval, cpExpiry) diff --git a/internal/util/crypto.go b/internal/util/crypto.go index 83adc354d0de..f55e6aef4069 100644 --- a/internal/util/crypto.go +++ b/internal/util/crypto.go @@ -31,7 +31,7 @@ const ( mapperFilePrefix = "luks-rbd-" mapperFilePathPrefix = "/dev/mapper" - // kmsConfigPath is the location of the vault config file + // kmsConfigPath is the location of the vault config file. kmsConfigPath = "/etc/ceph-csi-encryption-kms-config/config.json" // Passphrase size - 20 bytes is 160 bits to satisfy: diff --git a/internal/util/csiconfig.go b/internal/util/csiconfig.go index 10e05e6e1795..51b1d397a0c7 100644 --- a/internal/util/csiconfig.go +++ b/internal/util/csiconfig.go @@ -29,7 +29,7 @@ const ( // This was hardcoded once and defaults to the old value to keep backward compatibility. defaultCsiSubvolumeGroup = "csi" - // CsiConfigFile is the location of the CSI config file + // CsiConfigFile is the location of the CSI config file. CsiConfigFile = "/etc/ceph-csi-config/config.json" ) diff --git a/internal/util/idlocker.go b/internal/util/idlocker.go index adf8486ccfda..2f56ee529b0b 100644 --- a/internal/util/idlocker.go +++ b/internal/util/idlocker.go @@ -21,10 +21,10 @@ import ( ) const ( - // VolumeOperationAlreadyExistsFmt string format to return for concurrent operation + // VolumeOperationAlreadyExistsFmt string format to return for concurrent operation. VolumeOperationAlreadyExistsFmt = "an operation with the given Volume ID %s already exists" - // SnapshotOperationAlreadyExistsFmt string format to return for concurrent operation + // SnapshotOperationAlreadyExistsFmt string format to return for concurrent operation. SnapshotOperationAlreadyExistsFmt = "an operation with the given Snapshot ID %s already exists" ) diff --git a/internal/util/kms.go b/internal/util/kms.go index 660ccac8854c..ba7dc07a1892 100644 --- a/internal/util/kms.go +++ b/internal/util/kms.go @@ -35,14 +35,14 @@ const ( // options. kmsTypeKey = "encryptionKMSType" - // podNamespaceEnv ENV should be set in the cephcsi container + // podNamespaceEnv ENV should be set in the cephcsi container. podNamespaceEnv = "POD_NAMESPACE" - // kmsConfigMapEnv env to read a ConfigMap by name + // kmsConfigMapEnv env to read a ConfigMap by name. kmsConfigMapEnv = "KMS_CONFIGMAP_NAME" // defaultKMSConfigMapName default ConfigMap name to fetch kms - // connection details + // connection details. defaultKMSConfigMapName = "csi-kms-connection-details" ) diff --git a/internal/util/secretskms.go b/internal/util/secretskms.go index 15dda80c643a..4ec70e4b0fde 100644 --- a/internal/util/secretskms.go +++ b/internal/util/secretskms.go @@ -29,10 +29,10 @@ import ( ) const ( - // Encryption passphrase location in K8s secrets + // Encryption passphrase location in K8s secrets. encryptionPassphraseKey = "encryptionPassphrase" - // Default KMS type + // Default KMS type. defaultKMSType = "default" // kmsTypeSecretsMetadata is the SecretsKMS with per-volume encryption, diff --git a/internal/util/util.go b/internal/util/util.go index 5039b03ba458..9faec49b2553 100644 --- a/internal/util/util.go +++ b/internal/util/util.go @@ -58,9 +58,9 @@ func RoundOffBytes(bytes int64) int64 { // variables which will be set during the build time. var ( - // GitCommit tell the latest git commit image is built from + // GitCommit tell the latest git commit image is built from. GitCommit string - // DriverVersion which will be driver version + // DriverVersion which will be driver version. DriverVersion string ) diff --git a/internal/util/vault.go b/internal/util/vault.go index fc66c39867d6..f7d0b5336751 100644 --- a/internal/util/vault.go +++ b/internal/util/vault.go @@ -37,7 +37,7 @@ const ( // #nosec serviceAccountTokenPath = "/var/run/secrets/kubernetes.io/serviceaccount/token" - // vault configuration defaults + // vault configuration defaults. vaultDefaultAuthPath = "/v1/auth/kubernetes/login" vaultDefaultRole = "csi-kubernetes" vaultDefaultNamespace = ""