ceph · mergify · Jan 8, 2025 · Dec 9, 2024 · Dec 9, 2024 · Dec 9, 2024
diff --git a/charts/ceph-csi-cephfs/README.md b/charts/ceph-csi-cephfs/README.md
@@ -232,10 +232,8 @@ charts and their default values.
 | `storageClass.mountOptions`                    | Specifies the mount options                                                                                                                          | `[]`                                               |
 | `secret.create`                                | Specifies whether the secret should be created                                                                                                       | `false`                                            |
 | `secret.name`                                  | Specifies the cephFS secret name                                                                                                                     | `csi-cephfs-secret`                                |
-| `secret.adminID`                               | Specifies the admin ID of the cephFS secret                                                                                                          | `<plaintext ID>`                                   |
-| `secret.adminKey`                              | Specifies the key that corresponds to the adminID                                                                                                    | `""`                                               |
-| `secret.userID`                                | Specifies the user ID of the cephFS secret. Optional, used for static provisioned PVC.                                                               | `""`                                               |
-| `secret.userKey`                               | Specifies the key that corresponds to the userID. Optional, used for static  provisioned PVC.                                                        | `<Ceph auth key corresponding to ID above>`        |
+| `secret.userID`                                | Specifies the user ID of the cephFS secret.                                                                                                          | `""`                                               |
+| `secret.userKey`                               | Specifies the key that corresponds to the userID.                                                                                                    | `<Ceph auth key corresponding to ID above>`        |
 | `selinuxMount`                                | Mount the host /etc/selinux inside pods to support selinux-enabled filesystems                                                                                                      | `true`                                            |
 | `CSIDriver.fsGroupPolicy` | Specifies the fsGroupPolicy for the CSI driver object | `File` |
 | `CSIDriver.seLinuxMount` | Specify for efficient SELinux volume relabeling | `true` |

diff --git a/charts/ceph-csi-cephfs/templates/secret.yaml b/charts/ceph-csi-cephfs/templates/secret.yaml
@@ -14,12 +14,6 @@ metadata:
     heritage: {{ .Release.Service }}
     {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
 stringData:
-  {{- if .Values.secret.userID }}
   userID: {{ .Values.secret.userID }}
-  {{- end }}
-  {{- if .Values.secret.userKey }}
   userKey: {{ .Values.secret.userKey }}
-  {{- end }}
-  adminID: {{ .Values.secret.adminID }}
-  adminKey: {{ .Values.secret.adminKey }}
 {{- end -}}
diff --git a/charts/ceph-csi-cephfs/values.yaml b/charts/ceph-csi-cephfs/values.yaml
@@ -383,11 +383,8 @@ secret:
   # Key values correspond to a user name and its key, as defined in the
   # ceph cluster. User ID should have required access to the 'pool'
   # specified in the storage class
-  adminID: <plaintext ID>
-  adminKey: <Ceph auth key corresponding to ID above>
-  # User credentials are required for the static provisioned PVC.
-  userID: ""
-  userKey: ""
+  userID: <plaintext ID>
+  userKey: <Ceph auth key corresponding to the userID above>
 
 # This is a sample configmap that helps define a Ceph configuration as required
 # by the CSI plugins.

diff --git a/docs/cephfs/deploy.md b/docs/cephfs/deploy.md
@@ -90,12 +90,6 @@ to use the output of `ceph fsid` of the Ceph cluster to be used for
 provisioning.
 
 **Required secrets for provisioning:**
-Admin credentials are required for provisioning new volumes
-
-* `adminID`: ID of an admin client
-* `adminKey`: key of the admin client
-
-**Required secrets for statically provisioned volumes:**
 User credentials with access to an existing volume
 
 * `userID`: ID of a user client

diff --git a/e2e/cephfs_helper.go b/e2e/cephfs_helper.go
@@ -127,6 +127,9 @@ func createCephfsSecret(f *framework.Framework, secretName, userName, userKey st
 	if secretName != "" {
 		sc.Name = secretName
 	}
+	// TODO: Update the secrets to use userID and userKey once
+	// the version used for upgrade testing does not depend on
+	// adminID and adminKey.
 	sc.StringData["adminID"] = userName
 	sc.StringData["adminKey"] = userKey
 	delete(sc.StringData, "userID")

diff --git a/examples/cephfs/secret.yaml b/examples/cephfs/secret.yaml
@@ -5,13 +5,9 @@ metadata:
   name: csi-cephfs-secret
   namespace: default
 stringData:
-  # Required for statically provisioned volumes
+  # Required for statically and dynamically provisioned volumes
   userID: <plaintext ID>
   userKey: <Ceph auth key corresponding to ID above>
 
-  # Required for dynamically provisioned volumes
-  adminID: <plaintext ID>
-  adminKey: <Ceph auth key corresponding to ID above>
-
   # Encryption passphrase
   encryptionPassphrase: test_passphrase
diff --git a/internal/util/credentials.go b/internal/util/credentials.go
@@ -20,6 +20,8 @@ import (
 	"errors"
 	"fmt"
 	"os"
+
+	"github.com/ceph/ceph-csi/internal/util/log"
 )
 
 const (
@@ -110,6 +112,12 @@ func NewUserCredentials(secrets map[string]string) (*Credentials, error) {
 
 // NewAdminCredentials creates new admin credentials from secret.
 func NewAdminCredentials(secrets map[string]string) (*Credentials, error) {
+	// Use userID and userKey if found else fallback to adminID and adminKey
+	if cred, err := newCredentialsFromSecret(credUserID, credUserKey, secrets); err == nil {
+		return cred, nil
+	}
+	log.WarningLogMsg("adminID and adminKey are deprecated, please use userID and userKey instead")
+
 	return newCredentialsFromSecret(credAdminID, credAdminKey, secrets)
 }
 

diff --git a/scripts/install-helm.sh b/scripts/install-helm.sh
@@ -172,7 +172,7 @@ install_cephcsi_helm_charts() {
     if [ "${DEPLOY_SECRET}" -eq 1 ]; then
         fetch_template_values
         RBD_SECRET_TEMPLATE_VALUES="--set secret.create=true --set secret.userID=admin --set secret.userKey=${ADMIN_KEY}"
-        CEPHFS_SECRET_TEMPLATE_VALUES="--set secret.create=true --set secret.adminID=admin --set secret.adminKey=${ADMIN_KEY}"
+        CEPHFS_SECRET_TEMPLATE_VALUES="--set secret.create=true --set secret.userID=admin --set secret.userKey=${ADMIN_KEY}"
     fi
     # enable read affinity
     if [ "${ENABLE_READ_AFFINITY}" -eq 1 ]; then
@@ -232,16 +232,14 @@ if ! helm_loc="$(type -p "helm")" || [[ -z ${helm_loc} ]]; then
     HELM="${TEMP}/${dist}-${arch}/helm"
 fi
 
-if [ "$#" -le 2 ]
-then
+if [ "$#" -le 2 ]; then
     ACTION=$1
     NAMESPACE=$2
     SKIP_PARSE="true"
 fi
 
 if [ ${#SKIP_PARSE} -eq 0 ]; then
-    while [ "$1" != "" ]
-    do
+    while [ "$1" != "" ]; do
         case $1 in
         up)
             shift