Merge pull request #1382 from k8s-infra-cherrypick-robot/cherry-pick-1381-to-release-1.23

[release-1.23] fix: support storeAccountKey as false in cross subscription scenario

Author: andyzhangx

docs/driver-parameters.md

@@ -85,6 +85,7 @@ pvc-92a4d7f2-f23b-4904-bad4-2cbfcff6e388
 Name | Meaning | Available Value | Mandatory | Default value
 --- | --- | --- | --- | ---
 volumeHandle | Specify a value the driver can use to uniquely identify the storage blob container in the cluster. | A recommended way to produce a unique value is to combine the globally unique storage account name and container name: {account-name}_{container-name}. Note: the # character is reserved for internal use, the / character is not allowed. | Yes |
+volumeAttributes.subscriptionID | specify Azure subscription ID where blob storage directory is located | Azure subscription ID | No | if not empty, `resourceGroup` must be provided
 volumeAttributes.resourceGroup | Azure resource group name | existing resource group name | No | if empty, driver will use the same resource group name as current k8s cluster
 volumeAttributes.storageAccount | existing storage account name | existing storage account name | Yes |
 volumeAttributes.containerName | existing container name | existing container name | Yes |

pkg/blob/controllerserver.go

@@ -226,15 +226,6 @@ func (d *Driver) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest)
 		return nil, status.Errorf(codes.InvalidArgument, fmt.Sprintf("matchTags must set as false when storageAccount(%s) is provided", account))
 	}
 
-	if subsID != "" && subsID != d.cloud.SubscriptionID {
-		if isNFSProtocol(protocol) {
-			return nil, status.Errorf(codes.InvalidArgument, fmt.Sprintf("NFS protocol is not supported in cross subscription(%s)", subsID))
-		}
-		if !storeAccountKey {
-			return nil, status.Errorf(codes.InvalidArgument, fmt.Sprintf("storeAccountKey must set as true in cross subscription(%s)", subsID))
-		}
-	}
-
 	if resourceGroup == "" {
 		resourceGroup = d.cloud.ResourceGroup
 	}

pkg/blob/controllerserver_test.go

@@ -464,71 +464,6 @@ func TestCreateVolume(t *testing.T) {
 				}
 			},
 		},
-		{
-			name: "NFS not supported by cross subscription",
-			testFunc: func(t *testing.T) {
-				d := NewFakeDriver()
-				d.cloud = &azure.Cloud{}
-				d.cloud.SubscriptionID = "bar"
-				mp := make(map[string]string)
-				mp[subscriptionIDField] = "foo"
-				mp[protocolField] = "nfs"
-				mp[skuNameField] = "unit-test"
-				mp[storageAccountTypeField] = "unit-test"
-				mp[locationField] = "unit-test"
-				mp[storageAccountField] = "unit-test"
-				mp[resourceGroupField] = "unit-test"
-				mp[containerNameField] = "unit-test"
-				mp[mountPermissionsField] = "0750"
-				req := &csi.CreateVolumeRequest{
-					Name:               "unit-test",
-					VolumeCapabilities: stdVolumeCapabilities,
-					Parameters:         mp,
-				}
-				d.Cap = []*csi.ControllerServiceCapability{
-					controllerServiceCapability,
-				}
-
-				expectedErr := status.Errorf(codes.InvalidArgument, fmt.Sprintf("NFS protocol is not supported in cross subscription(%s)", "foo"))
-				_, err := d.CreateVolume(context.Background(), req)
-				if !reflect.DeepEqual(err, expectedErr) {
-					t.Errorf("Unexpected error: %v", err)
-				}
-			},
-		},
-		{
-			name: "storeAccountKey must be set as true in cross subscription",
-			testFunc: func(t *testing.T) {
-				d := NewFakeDriver()
-				d.cloud = &azure.Cloud{}
-				d.cloud.SubscriptionID = "bar"
-				mp := make(map[string]string)
-				mp[subscriptionIDField] = "foo"
-				mp[storeAccountKeyField] = falseValue
-				mp[protocolField] = "unit-test"
-				mp[skuNameField] = "unit-test"
-				mp[storageAccountTypeField] = "unit-test"
-				mp[locationField] = "unit-test"
-				mp[storageAccountField] = "unit-test"
-				mp[resourceGroupField] = "unit-test"
-				mp[containerNameField] = "unit-test"
-				mp[mountPermissionsField] = "0750"
-				req := &csi.CreateVolumeRequest{
-					Name:               "unit-test",
-					VolumeCapabilities: stdVolumeCapabilities,
-					Parameters:         mp,
-				}
-				d.Cap = []*csi.ControllerServiceCapability{
-					controllerServiceCapability,
-				}
-
-				expectedErr := status.Errorf(codes.InvalidArgument, fmt.Sprintf("storeAccountKey must set as true in cross subscription(%s)", "foo"))
-				_, err := d.CreateVolume(context.Background(), req)
-				if !reflect.DeepEqual(err, expectedErr) {
-					t.Errorf("Unexpected error: %v", err)
-				}
-			},
-		},
 		{
 			name: "Update service endpoints failed (protocol = nfs)",
 			testFunc: func(t *testing.T) {