Update driver to load reverseproxy TLS certificate

go.mod

@@ -19,7 +19,7 @@ require (
 	github.com/dell/gofsutil v1.17.0
 	github.com/dell/goiscsi v1.10.0
 	github.com/dell/gonvme v1.9.0
-	github.com/dell/gopowermax/v2 v2.8.1-0.20241125093918-928d66cb1027
+	github.com/dell/gopowermax/v2 v2.8.1-0.20250107125220-b6e2bd67110b
 	github.com/fsnotify/fsnotify v1.8.0
 	github.com/gorilla/mux v1.8.1
 	github.com/kubernetes-csi/csi-lib-utils v0.11.0

go.sum

@@ -114,8 +114,8 @@ github.com/dell/goiscsi v1.10.0 h1:0U24YZ2aEbjdvcMCx4x8GcXwwonDUwpCjAFP5QJiiXs=
 github.com/dell/goiscsi v1.10.0/go.mod h1:uDXlWSh0w5BdLr5XhPKUyNpkJDTc0jmnz/u6QcPkIyA=
 github.com/dell/gonvme v1.9.0 h1:r/Gs88+NUKypDwyyoL8wzcx9zsqyVbea+oDnA/PPmiI=
 github.com/dell/gonvme v1.9.0/go.mod h1:5IgWNLcuffHzuXSa6YH3APHiET/hROouuj3mg7GPoqQ=
-github.com/dell/gopowermax/v2 v2.8.1-0.20241125093918-928d66cb1027 h1:RE5VVC+ZcW+RdVm1P7ZcqFfKc71Xh1xrdVEHddvOSgo=
-github.com/dell/gopowermax/v2 v2.8.1-0.20241125093918-928d66cb1027/go.mod h1:LAwLBmN44WT/u1ixPf2M0cTXzsMwIFZ6NcTyC0gwvXA=
+github.com/dell/gopowermax/v2 v2.8.1-0.20250107125220-b6e2bd67110b h1:NA/rsaQie+ofLkrAI/kIcDaGgQKe21vgGGaQLTRxSq8=
+github.com/dell/gopowermax/v2 v2.8.1-0.20250107125220-b6e2bd67110b/go.mod h1:LAwLBmN44WT/u1ixPf2M0cTXzsMwIFZ6NcTyC0gwvXA=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=

pkg/symmetrix/powermax_test.go

@@ -22,7 +22,7 @@ import (
 )
 
 func TestGetPowerMaxClient(t *testing.T) {
-	c, err := pmax.NewClientWithArgs("/", "test", true, true)
+	c, err := pmax.NewClientWithArgs("/", "test", true, true, "")
 	if err != nil {
 		t.Fatalf("Faild to create a pmax client: %s", err.Error())
 	}

service/envvars.go

@@ -165,4 +165,7 @@ const (
 
 	// EnvPodmonArrayConnectivityPollRate indicates the polling frequency to check array connectivity
 	EnvPodmonArrayConnectivityPollRate = "X_CSI_PODMON_ARRAY_CONNECTIVITY_POLL_RATE"
+
+	// EnvTLSCertDirName is an env variable that contains the path of reverseproxy tls certificate
+	EnvTLSCertDirName = "X_CSI_REVPROXY_TLS_CERT_DIR"
 )

service/service.go

@@ -21,6 +21,7 @@ import (
 	"math/rand"
 	"net"
 	"os"
+	"path/filepath"
 	"strconv"
 	"strings"
 	"sync"
@@ -70,7 +71,8 @@ const (
 	PortGroups                 = "X_CSI_POWERMAX_PORTGROUPS"
 	Protocol                   = "X_CSI_TRANSPORT_PROTOCOL"
 	// PmaxEndPoint               = "X_CSI_POWERMAX_ENDPOINT"
-	ManagedArrays = "X_CSI_MANAGED_ARRAYS"
+	ManagedArrays   = "X_CSI_MANAGED_ARRAYS"
+	defaultCertFile = "tls.crt"
 )
 
 type contextKey string           // specific string type used for context keys
@@ -141,6 +143,7 @@ type Opts struct {
 	IsPodmonEnabled            bool   // used to indicate that podmon is enabled
 	PodmonPort                 string // to indicates the port to be used for exposing podmon API health
 	PodmonPollingFreq          string // indicates the polling frequency to check array connectivity
+	TLSCertDir                 string
 }
 
 // NodeConfig defines rules for given node
@@ -446,6 +449,10 @@ func (s *service) BeforeServe(
 		opts.PodmonPollingFreq = podmonPollRate
 	}
 
+	if tlsCertDir, ok := csictx.LookupEnv(ctx, EnvTLSCertDirName); ok {
+		opts.TLSCertDir = tlsCertDir
+	}
+
 	opts.TransportProtocol = s.getTransportProtocolFromEnv()
 	opts.ProxyServiceHost, opts.ProxyServicePort, opts.UseProxy = s.getProxySettingsFromEnv()
 	if !opts.UseProxy && !inducedMockReverseProxy {
@@ -694,22 +701,19 @@ func (s *service) getProxySettingsFromEnv() (string, string, bool) {
 	}
 	if proxyServiceName, ok := csictx.LookupEnv(context.Background(), EnvUnisphereProxyServiceName); ok {
 		if proxyServiceName != "none" {
+			serviceHost = proxyServiceName
 			// Change it to uppercase
 			proxyServiceName = strings.ToUpper(proxyServiceName)
 			// Change all "-" to underscores
 			proxyServiceName = strings.Replace(proxyServiceName, "-", "_", -1)
-			serviceHostEnv := fmt.Sprintf("%s_SERVICE_HOST", proxyServiceName)
 			servicePortEnv := fmt.Sprintf("%s_SERVICE_PORT", proxyServiceName)
-			if sh, ok := csictx.LookupEnv(context.Background(), serviceHostEnv); ok {
-				serviceHost = sh
-				if sp, ok := csictx.LookupEnv(context.Background(), servicePortEnv); ok {
-					servicePort = sp
-					if serviceHost == "" || servicePort == "" {
-						log.Warning("Either ServiceHost and ServicePort is set to empty")
-						return "", "", false
-					}
-					return serviceHost, servicePort, true
+			if sp, ok := csictx.LookupEnv(context.Background(), servicePortEnv); ok {
+				servicePort = sp
+				if serviceHost == "" || servicePort == "" {
+					log.Warning("Either ServiceHost and ServicePort is set to empty")
+					return "", "", false
 				}
+				return serviceHost, servicePort, true
 			}
 		}
 	}
@@ -777,7 +781,8 @@ func (s *service) createPowerMaxClients(ctx context.Context) error {
 	// Create our PowerMax API client, if needed
 	if s.adminClient == nil {
 		applicationName := ApplicationName + "/" + "v" + core.SemVer
-		c, err := pmax.NewClientWithArgs(endPoint, applicationName, s.opts.Insecure, !s.opts.DisableCerts)
+		tlsCertFile := filepath.Join(s.opts.TLSCertDir, defaultCertFile)
+		c, err := pmax.NewClientWithArgs(endPoint, applicationName, s.opts.Insecure, !s.opts.DisableCerts, tlsCertFile)
 		if err != nil {
 			return status.Errorf(codes.FailedPrecondition,
 				"unable to create PowerMax client: %s", err.Error())

service/service_unit_test.go

@@ -546,23 +546,20 @@ func TestGetProxySettingsFromEnv(t *testing.T) {
 		useIscsi: true,
 	}
 	_ = os.Setenv(EnvSidecarProxyPort, "8080")
-	ProxyServiceHost, _, _ := s.getProxySettingsFromEnv()
+	ProxyServiceHost, ProxyServicePort, _ := s.getProxySettingsFromEnv()
 	assert.Equal(t, "0.0.0.0", ProxyServiceHost)
+	assert.Equal(t, "8080", ProxyServicePort)
 
 	os.Unsetenv(EnvSidecarProxyPort)
-	_ = os.Setenv(EnvUnisphereProxyServiceName, "Service")
-	_ = os.Setenv("SERVICE_SERVICE_HOST", "")
-	_ = os.Setenv("SERVICE_SERVICE_PORT", "")
-	ProxyServiceHost, ProxyServicePort, _ := s.getProxySettingsFromEnv()
+	_ = os.Setenv(EnvUnisphereProxyServiceName, "reverseproxy-service")
+	_ = os.Setenv("REVERSEPROXY_SERVICE_SERVICE_PORT", "")
+	ProxyServiceHost, ProxyServicePort, _ = s.getProxySettingsFromEnv()
 	assert.Equal(t, "", ProxyServiceHost)
 	assert.Equal(t, "", ProxyServicePort)
 
-	os.Unsetenv("SERVICE_SERVICE_HOST")
-	os.Unsetenv("SERVICE_SERVICE_PORT")
-	_ = os.Setenv("SERVICE_SERVICE_HOST", "SERVICE_SERVICE_HOST")
-	_ = os.Setenv("SERVICE_SERVICE_PORT", "1234")
+	_ = os.Setenv("REVERSEPROXY_SERVICE_SERVICE_PORT", "1234")
 	ProxyServiceHost, ProxyServicePort, _ = s.getProxySettingsFromEnv()
-	assert.Equal(t, "SERVICE_SERVICE_HOST", ProxyServiceHost)
+	assert.Equal(t, "reverseproxy-service", ProxyServiceHost)
 	assert.Equal(t, "1234", ProxyServicePort)
 }
 

service/step_defs_test.go

@@ -2653,6 +2653,7 @@ func (f *feature) getTypicalEnviron() []string {
 	stringSlice = append(stringSlice, EnvGrpcMaxThreads+"=1")
 	stringSlice = append(stringSlice, EnvManagedArrays+"=000197900046,000197900047")
 	stringSlice = append(stringSlice, "X_CSI_PRIVATE_MOUNT_DIR=/csi")
+	stringSlice = append(stringSlice, EnvTLSCertDirName+"=/app/tls")
 	return stringSlice
 }
 

test/integration/step_defs_test.go

@@ -127,7 +127,7 @@ func (f *feature) aPowermaxService() error {
 		if endpoint == "" {
 			return fmt.Errorf("Cannot read X_CSI_POWERMAX_ENDPOINT")
 		}
-		f.pmaxClient, err = pmax.NewClientWithArgs(endpoint, ApplicationName, true, false)
+		f.pmaxClient, err = pmax.NewClientWithArgs(endpoint, ApplicationName, true, false, "")
 		if err != nil {
 			return fmt.Errorf("Cannot attach to pmax library: %s", err)
 		}