From 290a68c33b143785226640a47bb027f247a35821 Mon Sep 17 00:00:00 2001
From: Weiwei <weiwei.zhu@juicefs.io>
Date: Wed, 27 Sep 2023 10:34:08 +0800
Subject: [PATCH] fix secret-key for authfs (#757)

Signed-off-by: zwwhdls <weiwei.zhu@juicefs.io>
---
 .github/scripts/config.py               |  1 +
 .github/scripts/util.py                 | 24 ++++++++++++++------
 .github/workflows/release_check_ee.yaml |  3 +++
 docker/Dockerfile                       |  3 ++-
 docker/ee.juicefs.Dockerfile            |  3 ++-
 pkg/juicefs/juicefs.go                  | 29 ++++++++++++++++---------
 6 files changed, 44 insertions(+), 19 deletions(-)

diff --git a/.github/scripts/config.py b/.github/scripts/config.py
index 1240996f60..3c7d718596 100644
--- a/.github/scripts/config.py
+++ b/.github/scripts/config.py
@@ -24,6 +24,7 @@
 TOKEN = os.getenv("JUICEFS_TOKEN") or ""
 JUICEFS_MODE = os.getenv("JUICEFS_MODE")
 IS_CE = os.getenv("JUICEFS_MODE") == "ce"
+Beta = os.getenv("JFSCHAN") == "beta"
 MOUNT_MODE = "pod" if "pod" in os.getenv("TEST_MODE") else (
     "process" if "process" in os.getenv("TEST_MODE") else "webhook")
 RESOURCE_PREFIX = "{}-{}-".format(MOUNT_MODE, JUICEFS_MODE)
diff --git a/.github/scripts/util.py b/.github/scripts/util.py
index bce9ee9526..b146453345 100644
--- a/.github/scripts/util.py
+++ b/.github/scripts/util.py
@@ -62,15 +62,25 @@ def mount_on_host(mount_path):
     LOG.info(f"Mount {mount_path}")
     try:
         if IS_CE:
-            subprocess.check_call(
+            subprocess.run(
                 ["sudo", "/usr/local/bin/juicefs", "format", f"--storage={STORAGE}", f"--access-key={ACCESS_KEY}",
-                 f"--secret-key={SECRET_KEY}", f"--bucket={BUCKET}", META_URL, SECRET_NAME])
-            subprocess.check_call(["sudo", "/usr/local/bin/juicefs", "mount", "-d", META_URL, mount_path])
+                 f"--secret-key={SECRET_KEY}", f"--bucket={BUCKET}", META_URL, SECRET_NAME],
+                check=True
+            )
+            subprocess.run(
+                ["sudo", "/usr/local/bin/juicefs", "mount", "-d", META_URL, mount_path],
+                check=True
+            )
         else:
-            subprocess.check_call(
-                ["sudo", "/usr/bin/juicefs", "auth", f"--token={TOKEN}", f"--accesskey={ACCESS_KEY}",
-                 f"--secretkey={SECRET_KEY}", f"--bucket={BUCKET}", SECRET_NAME])
-            subprocess.check_call(["sudo", "/usr/bin/juicefs", "mount", "-d", SECRET_NAME, mount_path])
+            subprocess.run(
+                ["sudo", "/usr/bin/juicefs", "auth", f"--token={TOKEN}", f"--access-key={ACCESS_KEY}",
+                 f"--secret-key={SECRET_KEY}", f"--bucket={BUCKET}", SECRET_NAME],
+                check=True
+            )
+            subprocess.run(
+                ["sudo", "/usr/bin/juicefs", "mount", "-d", SECRET_NAME, mount_path],
+                check=True
+            )
         LOG.info("Mount success.")
     except Exception as e:
         LOG.info("Error in juicefs mount: {}".format(e))
diff --git a/.github/workflows/release_check_ee.yaml b/.github/workflows/release_check_ee.yaml
index 6cff5dbc68..5c5c67d8e0 100644
--- a/.github/workflows/release_check_ee.yaml
+++ b/.github/workflows/release_check_ee.yaml
@@ -48,6 +48,8 @@ jobs:
           make -C docker image-release-check
           make -C docker image-release-check-push
       - name: Deploy JuiceFS CSI
+        env:
+          JFSCHAN: beta
         run: |
           testmode=${{matrix.testmode}}
           cd ${GITHUB_WORKSPACE}
@@ -57,6 +59,7 @@ jobs:
           .github/scripts/deploy-csi-in-k8s.sh ${testmode}
       - name: Run e2e test
         env:
+          JFSCHAN: beta
           JUICEFS_TOKEN: ${{ secrets.JUICEFS_CI_VOLUME_TOKEN }}
           JUICEFS_STORAGE: s3
           JUICEFS_BUCKET: "http://juicefs-bucket.minio.default.svc.cluster.local:9000"
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 8dfc21edb3..bfc78e67d2 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -66,7 +66,8 @@ RUN apt update && apt install -y software-properties-common wget gnupg gnupg2 &&
 
 RUN apt-get update && apt-get install -y librados2 librados-dev libcephfs-dev librbd-dev curl fuse procps iputils-ping strace iproute2 net-tools tcpdump lsof && \
     rm -rf /var/cache/apt/* && \
-    curl -sSL https://juicefs.com/static/juicefs -o ${JUICEFS_CLI} && chmod +x ${JUICEFS_CLI} && \
+    bash -c "if [[ ${JFSCHAN} == beta ]]; then curl -sSL https://juicefs.com/static/juicefs.py.beta -o ${JUICEFS_CLI}; else curl -sSL https://juicefs.com/static/juicefs -o ${JUICEFS_CLI}; fi; " && \
+    chmod +x ${JUICEFS_CLI} && \
     mkdir -p /root/.juicefs && \
     ln -s /usr/local/bin/python /usr/bin/python && \
     mkdir /root/.acl && cp /etc/passwd /root/.acl/passwd && cp /etc/group /root/.acl/group && \
diff --git a/docker/ee.juicefs.Dockerfile b/docker/ee.juicefs.Dockerfile
index 465f96b9d0..f56c4a0ad3 100644
--- a/docker/ee.juicefs.Dockerfile
+++ b/docker/ee.juicefs.Dockerfile
@@ -29,7 +29,8 @@ RUN apt update && apt install -y software-properties-common wget gnupg gnupg2 &&
 
 RUN apt-get update && apt-get install -y librados2 curl fuse procps iputils-ping strace iproute2 net-tools tcpdump lsof librados-dev libcephfs-dev librbd-dev && \
     rm -rf /var/cache/apt/* && \
-    curl -sSL https://juicefs.com/static/juicefs -o ${JUICEFS_CLI} && chmod +x ${JUICEFS_CLI} && \
+    bash -c "if [[ ${JFSCHAN} == beta ]]; then curl -sSL https://juicefs.com/static/juicefs.py.beta -o ${JUICEFS_CLI}; else curl -sSL https://juicefs.com/static/juicefs -o ${JUICEFS_CLI}; fi; " && \
+    chmod +x ${JUICEFS_CLI} && \
     mkdir -p /root/.juicefs && \
     ln -s /usr/local/bin/python /usr/bin/python && \
     mkdir /root/.acl && cp /etc/passwd /root/.acl/passwd && cp /etc/group /root/.acl/group && \
diff --git a/pkg/juicefs/juicefs.go b/pkg/juicefs/juicefs.go
index 9d2ec96d64..abc8fcc4ad 100644
--- a/pkg/juicefs/juicefs.go
+++ b/pkg/juicefs/juicefs.go
@@ -673,10 +673,10 @@ func (j *juicefs) AuthFs(ctx context.Context, secrets map[string]string, setting
 	cmdArgs := []string{config.CliPath, "auth", secrets["name"]}
 
 	keysCompatible := map[string]string{
-		"access-key":  "accesskey",
-		"access-key2": "accesskey2",
-		"secret-key":  "secretkey",
-		"secret-key2": "secretkey2",
+		"accesskey":  "access-key",
+		"accesskey2": "access-key2",
+		"secretkey":  "secret-key",
+		"secretkey2": "secret-key2",
 	}
 	// compatible
 	for compatibleKey, realKey := range keysCompatible {
@@ -688,17 +688,22 @@ func (j *juicefs) AuthFs(ctx context.Context, secrets map[string]string, setting
 	}
 
 	keys := []string{
-		"accesskey",
-		"accesskey2",
+		"access-key",
+		"access-key2",
 		"bucket",
 		"bucket2",
 		"subdir",
 	}
 	keysStripped := []string{
 		"token",
-		"secretkey",
-		"secretkey2",
-		"passphrase"}
+		"secret-key",
+		"secret-key2",
+		"passphrase",
+	}
+	strippedkey := map[string]string{
+		"secret-key":  "secretkey",
+		"secret-key2": "secretkey2",
+	}
 	for _, k := range keys {
 		if secrets[k] != "" {
 			cmdArgs = append(cmdArgs, fmt.Sprintf("--%s=%s", k, secrets[k]))
@@ -707,7 +712,11 @@ func (j *juicefs) AuthFs(ctx context.Context, secrets map[string]string, setting
 	}
 	for _, k := range keysStripped {
 		if secrets[k] != "" {
-			cmdArgs = append(cmdArgs, fmt.Sprintf("--%s=${%s}", k, k))
+			argKey := k
+			if v, ok := strippedkey[k]; ok {
+				argKey = v
+			}
+			cmdArgs = append(cmdArgs, fmt.Sprintf("--%s=${%s}", k, argKey))
 			args = append(args, fmt.Sprintf("--%s=%s", k, secrets[k]))
 		}
 	}