Merge pull request #315 from vitaliy-leschenko/require-privacy-option

Add require-privacy option for New-SmbGlobalMapping (default: true)

cmd/csi-proxy/main.go

@@ -34,10 +34,11 @@ func (i *workingDirFlags) Set(value string) error {
 }
 
 var (
-	kubeletPath = flag.String("kubelet-path", `C:\var\lib\kubelet`, "Prefix path of the kubelet directory in the host file system")
-	windowsSvc  = flag.Bool("windows-service", false, "Configure as a Windows Service")
-	service     *handler
-	workingDirs workingDirFlags
+	kubeletPath    = flag.String("kubelet-path", `C:\var\lib\kubelet`, "Prefix path of the kubelet directory in the host file system")
+	windowsSvc     = flag.Bool("windows-service", false, "Configure as a Windows Service")
+	requirePrivacy = flag.Bool("require-privacy", true, "If true, New-SmbGlobalMapping will be called with -RequirePrivacy $true")
+	service        *handler
+	workingDirs    workingDirFlags
 )
 
 type handler struct {
@@ -81,7 +82,8 @@ func apiGroups() ([]srvtypes.APIGroup, error) {
 	if err != nil {
 		return []srvtypes.APIGroup{}, err
 	}
-	klog.Info("Working directories: %v", fssrv.GetWorkingDirs())
+	klog.Infof("Working directories: %v", fssrv.GetWorkingDirs())
+	klog.Infof("Require privacy: %t", *requirePrivacy)
 
 	volumesrv, err := volumesrv.NewServer(volumeapi.New())
 	if err != nil {
@@ -93,7 +95,7 @@ func apiGroups() ([]srvtypes.APIGroup, error) {
 		return []srvtypes.APIGroup{}, err
 	}
 
-	smbsrv, err := smbsrv.NewServer(smbapi.New(), fssrv)
+	smbsrv, err := smbsrv.NewServer(smbapi.New(*requirePrivacy), fssrv)
 	if err != nil {
 		return []srvtypes.APIGroup{}, err
 	}

pkg/os/smb/api.go

@@ -14,15 +14,19 @@ type API interface {
 	RemoveSmbGlobalMapping(remotePath string) error
 }
 
-type SmbAPI struct{}
+type SmbAPI struct {
+	RequirePrivacy bool
+}
 
 var _ API = &SmbAPI{}
 
-func New() SmbAPI {
-	return SmbAPI{}
+func New(requirePrivacy bool) *SmbAPI {
+	return &SmbAPI{
+		RequirePrivacy: requirePrivacy,
+	}
 }
 
-func (SmbAPI) IsSmbMapped(remotePath string) (bool, error) {
+func (*SmbAPI) IsSmbMapped(remotePath string) (bool, error) {
 	cmdLine := `$(Get-SmbGlobalMapping -RemotePath $Env:smbremotepath -ErrorAction Stop).Status `
 	cmdEnv := fmt.Sprintf("smbremotepath=%s", remotePath)
 	out, err := utils.RunPowershellCmd(cmdLine, cmdEnv)
@@ -43,7 +47,7 @@ func (SmbAPI) IsSmbMapped(remotePath string) (bool, error) {
 // Since os.Symlink is currently being used in working code paths, no attempt is made in
 // alpha to merge the paths.
 // TODO (for beta release): Merge the link paths - os.Symlink and Powershell link path.
-func (SmbAPI) NewSmbLink(remotePath, localPath string) error {
+func (*SmbAPI) NewSmbLink(remotePath, localPath string) error {
 
 	if !strings.HasSuffix(remotePath, "\\") {
 		// Golang has issues resolving paths mapped to file shares if they do not end in a trailing \
@@ -60,22 +64,23 @@ func (SmbAPI) NewSmbLink(remotePath, localPath string) error {
 	return nil
 }
 
-func (SmbAPI) NewSmbGlobalMapping(remotePath, username, password string) error {
+func (api *SmbAPI) NewSmbGlobalMapping(remotePath, username, password string) error {
 	// use PowerShell Environment Variables to store user input string to prevent command line injection
 	// https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_environment_variables?view=powershell-5.1
-	cmdLine := fmt.Sprintf(`$PWord = ConvertTo-SecureString -String $Env:smbpassword -AsPlainText -Force` +
-		`;$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Env:smbuser, $PWord` +
-		`;New-SmbGlobalMapping -RemotePath $Env:smbremotepath -Credential $Credential -RequirePrivacy $true`)
+	cmdLine := fmt.Sprintf(`$PWord = ConvertTo-SecureString -String $Env:smbpassword -AsPlainText -Force`+
+		`;$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Env:smbuser, $PWord`+
+		`;New-SmbGlobalMapping -RemotePath $Env:smbremotepath -Credential $Credential -RequirePrivacy $%t`, api.RequirePrivacy)
 
-	if output, err := utils.RunPowershellCmd(cmdLine, fmt.Sprintf("smbuser=%s", username),
+	if output, err := utils.RunPowershellCmd(cmdLine,
+		fmt.Sprintf("smbuser=%s", username),
 		fmt.Sprintf("smbpassword=%s", password),
 		fmt.Sprintf("smbremotepath=%s", remotePath)); err != nil {
 		return fmt.Errorf("NewSmbGlobalMapping failed. output: %q, err: %v", string(output), err)
 	}
 	return nil
 }
 
-func (SmbAPI) RemoveSmbGlobalMapping(remotePath string) error {
+func (*SmbAPI) RemoveSmbGlobalMapping(remotePath string) error {
 	cmd := `Remove-SmbGlobalMapping -RemotePath $Env:smbremotepath -Force`
 	if output, err := utils.RunPowershellCmd(cmd, fmt.Sprintf("smbremotepath=%s", remotePath)); err != nil {
 		return fmt.Errorf("UnmountSmbShare failed. output: %q, err: %v", string(output), err)