Merge pull request #893 from bharath-b-rh/release-1.6

[release-1.6] issue-567: Support to add ResoureManagerTags to GCP Filestore resources

README.md

@@ -113,6 +113,9 @@ Note that non-default networks require extra [firewall setup](https://cloud.goog
 * Volume Restore: The CSI driver supports out-of-place restore of new GCP Filestore instance from a given GCP Filestore Backup. See user-guide restore steps [here](docs/kubernetes/backup.md) and GCP Filestore Backup restore documentation [here](https://cloud.google.com/filestore/docs/backup-restore). This feature needs kubernetes 1.17+.
 * Pre-provisioned Filestore instance: Pre-provisioned filestore instances can be leveraged and consumed by workloads by mapping a given filestore instance to a PersistentVolume and PersistentVolumeClaim. See user-guide [here](docs/kubernetes/pre-provisioned-pv.md) and filestore documentation [here](https://cloud.google.com/filestore/docs/accessing-fileshares)
 * FsGroup: [CSIVolumeFSGroupPolicy](https://kubernetes-csi.github.io/docs/support-fsgroup.html) is a Kubernetes feature in Beta is 1.20, which allows CSI drivers to opt into FSGroup policies. The stable-master [overlay](deploy/kubernetes/overlays/stable-master) of Filestore CSI driver now supports this. See the user-guide [here](docs/kubernetes/fsgroup.md) on how to apply fsgroup to volumes backed by filestore instances. For a workaround to apply fsgroup on clusters 1.19 (with CSIVolumeFSGroupPolicy feature gate disabled), and clusters <= 1.18 see user-guide [here](docs/kubernetes/fsgroup-workaround.md)
+* Resource Tags: Filestore supports resource tags for instance and backup resources, which is a map of key value pairs. Filestore CSI driver enables user defined tags to be attached to instance and backup resources created by the driver.
+  User can provide resource tags by using `resource-tags` key in StorageClass.parameters or using the `--resource-tags` command line option, and the tags should be defined as comma separated values of the form `<parent_id>/<tagKey_shortname>/<tagValue_shortname>` where, parentID is the ID of Organization or Project resource where tag key and tag value resources exist, tagKey_shortname is the shortName of the tag key resource, tagValue_shortname is the shortName of the tag value resource and a maximum of 50 tags can be attached to per resource. See https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing for more details.
+  Please see storage class [example](examples/kubernetes/sc-tags.yaml) to define resource tags to be attached to the Filestore instance resources.
 
 ## Future Features
 * Non-root access: By default, GCFS instances are only writable by the root user

cmd/main.go

@@ -49,6 +49,7 @@ var (
 	isRegional                      = flag.Bool("is-regional", false, "cluster is regional cluster")
 	gkeClusterName                  = flag.String("gke-cluster-name", "", "Cluster Name of the current GKE cluster driver is running on, required for multishare")
 	extraVolumeLabelsStr            = flag.String("extra-labels", "", "Extra labels to attach to each volume created. It is a comma separated list of key value pairs like '<key1>=<value1>,<key2>=<value2>'. See https://cloud.google.com/compute/docs/labeling-resources for details")
+	resourceTagsStr                 = flag.String("resource-tags", "", "Resource tags to attach to each volume created. It is a comma separated list of tags of the form '<parentID_1>/<tagKey_1>/<tagValue_1>...<parentID_N>/<tagKey_N>/<tagValue_N>' where, parentID is the ID of Organization or Project resource where tag key and value resources exist, tagKey is the shortName of the tag key resource, tagValue is the shortName of the tag value resource. See https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing for more details.")
 
 	// Feature lock release specific parameters, only take effect when feature-lock-release is set to true.
 	featureLockRelease    = flag.Bool("feature-lock-release", false, "if set to true, the node driver will support Filestore lock release.")
@@ -95,6 +96,7 @@ func main() {
 	var meta metadata.Service
 	var mm *metrics.MetricsManager
 	var extraVolumeLabels map[string]string
+	var tagMgr cloud.TagService
 	if *runController {
 		if *httpEndpoint != "" && metrics.IsGKEComponentVersionAvailable() {
 			mm = metrics.NewMetricsManager()
@@ -115,13 +117,23 @@ func main() {
 		}
 
 		provider, err = cloud.NewCloud(ctx, version, *cloudConfigFilePath, *primaryFilestoreServiceEndpoint, *testFilestoreServiceEndpoint)
+
+		tagMgr = cloud.NewTagManager(provider)
+		tags, err := tagMgr.ValidateResourceTags(ctx, "command line", *resourceTagsStr)
+		if err != nil {
+			klog.Fatalf("failed to parse resource tags provided in command line: %v", err)
+		}
+		tagMgr.SetResourceTags(tags)
 	} else {
 		if *nodeID == "" {
 			klog.Fatalf("nodeid cannot be empty for node service")
 		}
 		if len(*extraVolumeLabelsStr) > 0 {
 			klog.Fatalf("Extra volume labels provided but not running controller")
 		}
+		if len(*resourceTagsStr) > 0 {
+			klog.Fatalf("Resource tags provided but not running controller")
+		}
 
 		meta, err = metadataservice.NewMetadataService()
 		if err != nil {
@@ -206,6 +218,7 @@ func main() {
 		ClusterName:       *gkeClusterName,
 		FeatureOptions:    featureOptions,
 		ExtraVolumeLabels: extraVolumeLabels,
+		TagManager:        tagMgr,
 	}
 
 	gcfsDriver, err := driver.NewGCFSDriver(config)

examples/kubernetes/sc-tags.yaml

@@ -0,0 +1,9 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: csi-filestore
+provisioner: filestore.csi.storage.gke.io
+parameters:
+  resource-tags: parent1/tagKey1/tagValue1,parent2/tagKey2/tagValue2,...,parentN/tagKeyN/tagValueN
+volumeBindingMode: WaitForFirstConsumer
+allowVolumeExpansion: true

go.mod

@@ -4,23 +4,27 @@ go 1.21
 
 require (
 	cloud.google.com/go/compute/metadata v0.2.3
+	cloud.google.com/go/resourcemanager v1.9.6
 	github.com/container-storage-interface/spec v1.8.0
 	github.com/golang/protobuf v1.5.4
 	github.com/google/go-cmp v0.6.0
-	github.com/google/uuid v1.3.0
+	github.com/google/uuid v1.6.0
+	github.com/googleapis/gax-go/v2 v2.12.2
 	github.com/kubernetes-csi/csi-lib-utils v0.13.0
 	github.com/kubernetes-csi/csi-test/v3 v3.1.1
 	github.com/onsi/ginkgo v1.16.5
 	github.com/onsi/gomega v1.29.0
 	github.com/prashanthpai/sunrpc v0.0.0-20210303180433-689a3880d90a
 	github.com/spf13/cobra v1.7.0
 	github.com/spf13/pflag v1.0.5
+	github.com/stretchr/testify v1.8.4
 	golang.org/x/net v0.23.0
-	golang.org/x/oauth2 v0.11.0
+	golang.org/x/oauth2 v0.17.0
 	golang.org/x/sys v0.18.0
-	google.golang.org/api v0.138.0
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d
-	google.golang.org/grpc v1.58.3
+	golang.org/x/time v0.5.0
+	google.golang.org/api v0.169.0
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240304161311-37d4d3c04a78
+	google.golang.org/grpc v1.62.1
 	google.golang.org/protobuf v1.33.0
 	gopkg.in/gcfg.v1 v1.2.3
 	k8s.io/api v0.29.4
@@ -36,15 +40,20 @@ require (
 )
 
 require (
-	cloud.google.com/go/compute v1.23.0 // indirect
+	cloud.google.com/go v0.112.0 // indirect
+	cloud.google.com/go/compute v1.24.0 // indirect
+	cloud.google.com/go/iam v1.1.6 // indirect
+	cloud.google.com/go/longrunning v0.5.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
-	github.com/go-logr/logr v1.3.0 // indirect
+	github.com/go-logr/logr v1.4.1 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/jsonpointer v0.19.6 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
 	github.com/go-openapi/swag v0.22.3 // indirect
@@ -53,8 +62,7 @@ require (
 	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect
-	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.0 // indirect
 	github.com/imdario/mergo v0.3.13 // indirect
@@ -69,18 +77,27 @@ require (
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/nxadm/tail v1.4.8 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_golang v1.16.0 // indirect
 	github.com/prometheus/client_model v0.4.0 // indirect
 	github.com/prometheus/common v0.44.0 // indirect
 	github.com/prometheus/procfs v0.10.1 // indirect
 	github.com/rasky/go-xdr v0.0.0-20170217172119-4930550ba2e2 // indirect
 	github.com/sirupsen/logrus v1.9.0 // indirect
+	github.com/stretchr/objx v0.5.0 // indirect
 	go.opencensus.io v0.24.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
+	go.opentelemetry.io/otel v1.24.0 // indirect
+	go.opentelemetry.io/otel/metric v1.24.0 // indirect
+	go.opentelemetry.io/otel/trace v1.24.0 // indirect
 	golang.org/x/crypto v0.21.0 // indirect
+	golang.org/x/sync v0.6.0 // indirect
 	golang.org/x/term v0.18.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
-	golang.org/x/time v0.3.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect