fix: harden jindo multi-mount secret projection coverage

Signed-off-by: CAICAIIs <3360776475@qq.com>

Author: CAICAIIs

.github/scripts/build-all-images.sh

@@ -10,6 +10,8 @@ function get_image_tag() {
 }
 
 function build_images() {
+    minio_e2e_img=local/minio-e2e:latest
+    oss_emulator_img=${IMG_REPO}/oss-emulator:e2e
     images=(
         ${IMG_REPO}/dataset-controller:${IMAGE_TAG}
         ${IMG_REPO}/application-controller:${IMAGE_TAG}
@@ -24,9 +26,18 @@ function build_images() {
         ${IMG_REPO}/fluid-csi:${IMAGE_TAG}
         ${IMG_REPO}/fluid-webhook:${IMAGE_TAG}
         ${IMG_REPO}/fluid-crd-upgrader:${IMAGE_TAG}
+        ${minio_e2e_img}
+        ${oss_emulator_img}
     )
 
     make docker-build-all
+    tmpdir=$(mktemp -d)
+    cat > ${tmpdir}/Dockerfile <<'EOF'
+FROM minio/minio:latest
+EOF
+    docker build -t ${minio_e2e_img} ${tmpdir}
+    rm -rf ${tmpdir}
+    docker build -t ${oss_emulator_img} test/gha-e2e/jindo/oss-emulator
 
     for img in ${images[@]}; do
         echo "Loading image $img to kind cluster..."

charts/jindocache/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 appVersion: 6.2.0
-version: 1.0.4
+version: 1.0.5
 description: FileSystem on the cloud based on Aliyun Object Storage aimed for data
   acceleration.
 home: https://help.aliyun.com/document_detail/164207.html

charts/jindocache/templates/_helpers.tpl

@@ -44,7 +44,32 @@ Distribute credential key and values with secret volume mounting on Jindo's pods
 Distribute credential key and values with secret volumes
 */}}
 {{- define "jindofs.cred.secret.volumes" -}}
-{{- if .Values.UseStsToken }}
+{{- if .Values.secretProjections }}
+- name: jindofs-secret-token
+  projected:
+    sources:
+    {{- if and .Values.UseStsToken .Values.secret }}
+    - secret:
+        name: {{ .Values.secret }}
+    {{- else if .Values.secret }}
+    - secret:
+        name: {{ .Values.secret }}
+        items:
+        - key: {{ .Values.secretKey }}
+          path: AccessKeyId
+        - key: {{ .Values.secretValue }}
+          path: AccessKeySecret
+    {{- end }}
+    {{- range .Values.secretProjections }}
+    - secret:
+        name: {{ .name }}
+        items:
+        {{- range .items }}
+        - key: {{ .key }}
+          path: {{ .path }}
+        {{- end }}
+    {{- end }}
+{{- else if .Values.UseStsToken }}
 - name: jindofs-secret-token
   secret:
     secretName: {{ .Values.secret }}

charts/jindocache/templates/fuse/daemonset.yaml

@@ -150,7 +150,7 @@ spec:
               subPath: hdfs-site.xml
           {{- end }}
           {{- end }}
-          {{- if .Values.secret }}
+          {{- if or .Values.secret .Values.secretProjections }}
             {{ include "jindofs.cred.secret.volumeMounts" . | nindent 12 }}
           {{- end }}
           {{- if .Values.ufsVolumes }}
@@ -188,7 +188,7 @@ spec:
           hostPath:
             path: /dev/fuse
             type: CharDevice
-        {{- if .Values.secret }}
+        {{- if or .Values.secret .Values.secretProjections }}
         {{ include "jindofs.cred.secret.volumes" . | nindent 8 }}
         {{- end }}
         {{- if .Values.ufsVolumes }}

charts/jindocache/templates/master/statefulset.yaml

@@ -175,7 +175,7 @@ spec:
               subPath: hdfs-site.xml
           {{- end }}
           {{- end }}
-          {{- if .Values.secret }}
+          {{- if or .Values.secret .Values.secretProjections }}
             {{ include "jindofs.cred.secret.volumeMounts" . | nindent 12 }}
           {{- end }}
           {{- if .Values.ufsVolumes }}
@@ -237,7 +237,7 @@ spec:
             name: {{ .Values.hadoopConfig.configMap }}
         {{- end }}
         {{- end }}
-        {{- if .Values.secret }}
+        {{- if or .Values.secret .Values.secretProjections }}
         {{ include "jindofs.cred.secret.volumes" . | nindent 8 }}
         {{- end }}
         {{- if .Values.master.volumes }}

charts/jindocache/templates/worker/statefulset.yaml

@@ -159,7 +159,7 @@ spec:
               subPath: hdfs-site.xml
           {{- end }}
           {{- end }}
-          {{- if .Values.secret }}
+          {{- if or .Values.secret .Values.secretProjections }}
             {{ include "jindofs.cred.secret.volumeMounts" . | nindent 12 }}
           {{- end }}
           {{- if .Values.ufsVolumes }}
@@ -222,7 +222,7 @@ spec:
             name: {{ .Values.hadoopConfig.configMap }}
         {{- end }}
         {{- end }}
-        {{- if .Values.secret }}
+        {{- if or .Values.secret .Values.secretProjections }}
         {{ include "jindofs.cred.secret.volumes" . | nindent 8 }}
         {{- end }}
         - name: bigboot-config

charts/jindofsx/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 appVersion: 4.6.8
-version: 1.0.4
+version: 1.0.5
 description: FileSystem on the cloud based on Aliyun Object Storage aimed for data
   acceleration.
 home: https://help.aliyun.com/document_detail/164207.html

charts/jindofsx/templates/_helpers.tpl

@@ -44,7 +44,32 @@ Distribute credential key and values with secret volume mounting on Jindo's pods
 Distribute credential key and values with secret volumes
 */}}
 {{- define "jindofs.cred.secret.volumes" -}}
-{{- if .Values.UseStsToken }}
+{{- if .Values.secretProjections }}
+- name: jindofs-secret-token
+  projected:
+    sources:
+    {{- if and .Values.UseStsToken .Values.secret }}
+    - secret:
+        name: {{ .Values.secret }}
+    {{- else if .Values.secret }}
+    - secret:
+        name: {{ .Values.secret }}
+        items:
+        - key: {{ .Values.secretKey }}
+          path: AccessKeyId
+        - key: {{ .Values.secretValue }}
+          path: AccessKeySecret
+    {{- end }}
+    {{- range .Values.secretProjections }}
+    - secret:
+        name: {{ .name }}
+        items:
+        {{- range .items }}
+        - key: {{ .key }}
+          path: {{ .path }}
+        {{- end }}
+    {{- end }}
+{{- else if .Values.UseStsToken }}
 - name: jindofs-secret-token
   secret:
     secretName: {{ .Values.secret }}

charts/jindofsx/templates/fuse/daemonset.yaml

@@ -162,7 +162,7 @@ spec:
               subPath: hdfs-site.xml
           {{- end }}
           {{- end }}
-          {{- if .Values.secret }}
+          {{- if or .Values.secret .Values.secretProjections }}
             {{ include "jindofs.cred.secret.volumeMounts" . | nindent 12 }}
           {{- end }}
           {{- if .Values.ufsVolumes }}
@@ -200,7 +200,7 @@ spec:
           hostPath:
             path: /dev/fuse
             type: CharDevice
-        {{- if .Values.secret }}
+        {{- if or .Values.secret .Values.secretProjections }}
         {{ include "jindofs.cred.secret.volumes" . | nindent 8 }}
         {{- end }}
         {{- if .Values.ufsVolumes }}

charts/jindofsx/templates/master/statefulset.yaml

@@ -187,7 +187,7 @@ spec:
               subPath: hdfs-site.xml
           {{- end }}
           {{- end }}
-          {{- if .Values.secret }}
+          {{- if or .Values.secret .Values.secretProjections }}
             {{ include "jindofs.cred.secret.volumeMounts" . | nindent 12 }}
           {{- end }}
           {{- if .Values.ufsVolumes }}
@@ -249,7 +249,7 @@ spec:
             name: {{ .Values.hadoopConfig.configMap }}
         {{- end }}
         {{- end }}
-        {{- if .Values.secret }}
+        {{- if or .Values.secret .Values.secretProjections }}
         {{ include "jindofs.cred.secret.volumes" . | nindent 8 }}
         {{- end }}
         {{- if .Values.master.volumes }}