The previous version forced us to create AWS IAM Policies that are too
permissive when dealing with volumes. That's because:
1. Volumes were created without tags that identifies the new resource as
managed by the cluster. So technically the resourse, at creation time,
is not owned by the cluster.
2. Tags were added to the volume making the resource now managed by the
cluster. The problem being that it could make ANY volume as managed by the
cluster. Thus allowing resources that aren't really part of the cluster,
or part of no cluster at all, to become a resource managed by the cluster.
By combining the operations we can both make the code simpler, since we
don't need to deal with deleting a volume in case we can't apply tags to
it, plus the security model gets a nice improvement.
update bazel and fix goftm
use defaultStorageAccountKind
fix test failure
update godep license file
fix staging godeps issue
update staging godeps
fix comments, use one API call for file creation
The dependency on printers/internalversion was causing kubectl/scheme
to have defaulters registered, which should not be the case. Remove
defaults from the test.
The types referenced in credentialprovider are part of a long term api
and will not change, and kubectl doesn't need to take a dependency on this
package in order to do minimal validation here.
pkg/kubectl has a lot of files. Move everything generator related
into pkg/kubectl/generate (generic) or pkg/kubectl/generate/versioned
(type specific).
Move the DescriberFn and GeneratorFn out of kubectl/cmd/util and into
the respective versioned packages, along with tests.
Adds an extra check condition for "." in stripPathShortcuts
so that an empty string is returned, and the correct prefix
index is used untarAll when generating path names.
Resolves: #69804.
As #69219 outlines the unit tests in `csi_client_test.go` where not
testing the actual implementation of the `csiDriverClient` but was
testing the fake.
To fix this, we changed the `csiDriverClient` to use a
`nodeClientCreator` which is responsible for creating a new
`NodeClient`, a real one in prod and a fake one in the tests.
The setup of the gRPC connection has been pushed into that creator. The
node client uses that connection; that's transparent to the driver
client. It's the responsibility of the driver client to close the
connection when it is done with the node client. To achieve this, we
have the node client creator return a closer which handles the
connection teardown.
In the tests we now also check if the driver client actually calls
this closer, thus closing the gRPC connection.
Closes: #69219
Co-authored-by: Rosie Bloxsom <rbloxsom@pivotal.io>
Co-authored-by: Maria Ntalla <mntalla@pivotal.io>
