From e9fbc09ca5bc904001367904a8d9bdcb7733bfc8 Mon Sep 17 00:00:00 2001
From: Tom Proctor <tomhjp@users.noreply.github.com>
Date: Wed, 24 Mar 2021 17:25:04 +0000
Subject: [PATCH] Target vault-csi-provider release 0.1.0

---
 templates/csi-daemonset.yaml                  |  4 ----
 test/acceptance/csi-test/nginx.yaml           |  1 +
 .../vault-kv-secretproviderclass.yaml         |  7 +++----
 test/acceptance/csi-test/vault-policy.hcl     |  6 +-----
 test/acceptance/csi.bats                      | 12 +++++------
 test/unit/csi-daemonset.bats                  | 21 -------------------
 values.yaml                                   |  8 ++-----
 7 files changed, 13 insertions(+), 46 deletions(-)

diff --git a/templates/csi-daemonset.yaml b/templates/csi-daemonset.yaml
index b7a762213..4a1c17d2c 100644
--- a/templates/csi-daemonset.yaml
+++ b/templates/csi-daemonset.yaml
@@ -47,7 +47,6 @@ spec:
               mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
               readOnly: true
             {{- end }}
-          {{- if .Values.csi.livenessProbe.enabled }}
           livenessProbe:
             httpGet:
               path: /health/ready
@@ -57,8 +56,6 @@ spec:
             periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
             successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
             timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
-          {{- end }}
-          {{- if .Values.csi.readinessProbe.enabled }}
           readinessProbe:
             httpGet:
               path: /health/ready
@@ -68,7 +65,6 @@ spec:
             periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
             successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
             timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
-          {{- end }}
       volumes:
         - name: providervol
           hostPath:
diff --git a/test/acceptance/csi-test/nginx.yaml b/test/acceptance/csi-test/nginx.yaml
index 882202ac1..fed1137f7 100644
--- a/test/acceptance/csi-test/nginx.yaml
+++ b/test/acceptance/csi-test/nginx.yaml
@@ -10,6 +10,7 @@ metadata:
   name: nginx
 spec:
   terminationGracePeriodSeconds: 0
+  serviceAccountName: nginx
   containers:
   - image: docker.mirror.hashicorp.services/nginx
     name: nginx
diff --git a/test/acceptance/csi-test/vault-kv-secretproviderclass.yaml b/test/acceptance/csi-test/vault-kv-secretproviderclass.yaml
index 9d89fa8e6..e793bde64 100644
--- a/test/acceptance/csi-test/vault-kv-secretproviderclass.yaml
+++ b/test/acceptance/csi-test/vault-kv-secretproviderclass.yaml
@@ -9,7 +9,6 @@ spec:
     roleName: "kv-role"
     vaultAddress: http://vault:8200
     objects: |
-      array:
-        - |
-          objectName: "bar1"
-          objectPath: "v1/secret/kv1"
+      - objectName: "bar"
+        secretPath: "secret/data/kv1"
+        secretKey: "bar1"
diff --git a/test/acceptance/csi-test/vault-policy.hcl b/test/acceptance/csi-test/vault-policy.hcl
index 0590d898e..48b670ea7 100644
--- a/test/acceptance/csi-test/vault-policy.hcl
+++ b/test/acceptance/csi-test/vault-policy.hcl
@@ -1,7 +1,3 @@
-path "sys/mounts" {
-  capabilities = ["read"]
-}
-
-path "secret/*" {
+path "secret/data/kv1" {
   capabilities = ["read"]
 }
\ No newline at end of file
diff --git a/test/acceptance/csi.bats b/test/acceptance/csi.bats
index 93149596c..67be09d6d 100644
--- a/test/acceptance/csi.bats
+++ b/test/acceptance/csi.bats
@@ -9,11 +9,10 @@ load _helpers
   kubectl create namespace acceptance
 
   # Install Secrets Store CSI driver
-  helm install secrets-store-csi-driver https://github.com/kubernetes-sigs/secrets-store-csi-driver/blob/master/charts/secrets-store-csi-driver-0.0.19.tgz?raw=true \
+  helm install secrets-store-csi-driver https://github.com/kubernetes-sigs/secrets-store-csi-driver/blob/master/charts/secrets-store-csi-driver-0.0.20.tgz?raw=true \
     --wait --timeout=5m \
     --namespace=acceptance \
-    --set linux.image.pullPolicy="IfNotPresent" \
-    --set grpcSupportedProviders="azure;gcp;vault"
+    --set linux.image.pullPolicy="IfNotPresent"
   # Install Vault and Vault provider
   helm install vault \
     --wait --timeout=5m \
@@ -30,9 +29,10 @@ load _helpers
   kubectl --namespace=acceptance exec vault-0 -- sh -c 'vault write auth/kubernetes/config \
     token_reviewer_jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
     kubernetes_host="https://$KUBERNETES_PORT_443_TCP_ADDR:443" \
-    kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt'
+    kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
+    disable_iss_validation=true'
   kubectl --namespace=acceptance exec vault-0 -- vault write auth/kubernetes/role/kv-role \
-    bound_service_account_names=vault-csi-provider \
+    bound_service_account_names=nginx \
     bound_service_account_namespaces=acceptance \
     policies=kv-policy \
     ttl=20m
@@ -42,7 +42,7 @@ load _helpers
   kubectl --namespace=acceptance apply -f ./test/acceptance/csi-test/nginx.yaml
   kubectl --namespace=acceptance wait --for=condition=Ready --timeout=5m pod nginx
 
-  result=$(kubectl --namespace=acceptance exec nginx -- cat /mnt/secrets-store/bar1)
+  result=$(kubectl --namespace=acceptance exec nginx -- cat /mnt/secrets-store/bar)
   [[ "$result" == "hello1" ]]
 }
 
diff --git a/test/unit/csi-daemonset.bats b/test/unit/csi-daemonset.bats
index 79f748c9f..dec29c940 100644
--- a/test/unit/csi-daemonset.bats
+++ b/test/unit/csi-daemonset.bats
@@ -248,23 +248,6 @@ load _helpers
 #--------------------------------------------------------------------
 # Readiness/liveness probes
 
-@test "csi/daemonset: csi.livenessProbe and csi.readinessProbe default to disabled" {
-  cd `chart_dir`
-  local actual=$(helm template \
-      --show-only templates/csi-daemonset.yaml \
-      --set 'csi.enabled=true' \
-      . | tee /dev/stderr |
-      yq -r '.spec.template.spec.containers[0].livenessProbe' | tee /dev/stderr)
-  [ "${actual}" = "null" ]
-
-  local actual=$(helm template \
-      --show-only templates/csi-daemonset.yaml \
-      --set 'csi.enabled=true' \
-      . | tee /dev/stderr |
-      yq -r '.spec.template.spec.containers[0].readinessProbe' | tee /dev/stderr)
-  [ "${actual}" = "null" ]
-}
-
 @test "csi/daemonset: csi.livenessProbe is configurable" {
   cd `chart_dir`
 
@@ -272,7 +255,6 @@ load _helpers
   local object=$(helm template \
       --show-only templates/csi-daemonset.yaml  \
       --set 'csi.enabled=true' \
-      --set 'csi.livenessProbe.enabled=true' \
       . | tee /dev/stderr |
       yq -r '.spec.template.spec.containers[0].livenessProbe' | tee /dev/stderr)
 
@@ -296,7 +278,6 @@ load _helpers
   local object=$(helm template \
       --show-only templates/csi-daemonset.yaml  \
       --set 'csi.enabled=true' \
-      --set 'csi.livenessProbe.enabled=true' \
       --set 'csi.livenessProbe.failureThreshold=10' \
       --set 'csi.livenessProbe.initialDelaySeconds=11' \
       --set 'csi.livenessProbe.periodSeconds=12' \
@@ -329,7 +310,6 @@ load _helpers
   local object=$(helm template \
       --show-only templates/csi-daemonset.yaml  \
       --set 'csi.enabled=true' \
-      --set 'csi.readinessProbe.enabled=true' \
       . | tee /dev/stderr |
       yq -r '.spec.template.spec.containers[0].readinessProbe' | tee /dev/stderr)
 
@@ -353,7 +333,6 @@ load _helpers
   local object=$(helm template \
       --show-only templates/csi-daemonset.yaml  \
       --set 'csi.enabled=true' \
-      --set 'csi.readinessProbe.enabled=true' \
       --set 'csi.readinessProbe.failureThreshold=10' \
       --set 'csi.readinessProbe.initialDelaySeconds=11' \
       --set 'csi.readinessProbe.periodSeconds=12' \
diff --git a/values.yaml b/values.yaml
index c661192ec..c64d3af7e 100644
--- a/values.yaml
+++ b/values.yaml
@@ -652,8 +652,8 @@ csi:
   enabled: false
 
   image:
-    repository: "hashicorp/secrets-store-csi-driver-provider-vault"
-    tag: "0.0.7"
+    repository: "hashicorp/vault-csi-provider"
+    tag: "0.1.0"
     pullPolicy: IfNotPresent
 
   # extraVolumes is a list of extra volumes to mount. These will be exposed
@@ -696,8 +696,6 @@ csi:
 
   # Used to configure readinessProbe for the pods.
   readinessProbe:
-  # Vault CSI provider does not support a readiness probe in versions <= 0.7.0
-    enabled: false
     failureThreshold: 2
     initialDelaySeconds: 5
     periodSeconds: 5
@@ -705,8 +703,6 @@ csi:
     timeoutSeconds: 3
   # Used to configure livenessProbe for the pods.
   livenessProbe:
-    # Vault CSI provider does not support a liveness probe in versions <= 0.7.0
-    enabled: false
     failureThreshold: 2
     initialDelaySeconds: 5
     periodSeconds: 5