can't make this required, existing objects do not have a namespace

can't tighten validation to make this required without breaking update of existing objects that didn't require this

still outstanding, should not tighten validation on existing objects. basically, the validation for this new object has to be identical to the existing validation on ScaleIOVolumeSource

Keep this inside a if source.ScaleIO.SecretRef != nil check

Same here, this is tightening validation of existing objects, which isn’t allowed

+1 for keeping the same config key for compatibility

is there a reason this isn't setting these:

configData[confKey.secretName] = v.secretName
configData[confKey.secretNamespace] = v.secretNamespace

@liggitt yes, secret and namespace comes from options.Prameters=v.configData during NewProvisioner. But, will change code to make that clearer.

this should be an exact copy of v1.ScaleIOVolumeSource with SecretRef changed to *SecretReference. That will pick up all the json/protobuf tags verbatim:

// ScaleIOPersistentVolumeSource represents a persistent ScaleIO volume
type ScaleIOPersistentVolumeSource struct {
	// The host address of the ScaleIO API Gateway.
	Gateway string `json:"gateway" protobuf:"bytes,1,opt,name=gateway"`
	// The name of the storage system as configured in ScaleIO.
	System string `json:"system" protobuf:"bytes,2,opt,name=system"`
	// SecretRef references to the secret for ScaleIO user and other
	// sensitive information. If this is not provided, Login operation will fail.
	SecretRef *SecretReference `json:"secretRef" protobuf:"bytes,3,opt,name=secretRef"`
	// Flag to enable/disable SSL communication with Gateway, default false
	// +optional
	SSLEnabled bool `json:"sslEnabled,omitempty" protobuf:"varint,4,opt,name=sslEnabled"`
	// The name of the Protection Domain for the configured storage (defaults to "default").
	// +optional
	ProtectionDomain string `json:"protectionDomain,omitempty" protobuf:"bytes,5,opt,name=protectionDomain"`
	// The Storage Pool associated with the protection domain (defaults to "default").
	// +optional
	StoragePool string `json:"storagePool,omitempty" protobuf:"bytes,6,opt,name=storagePool"`
	// Indicates whether the storage for a volume should be thick or thin (defaults to "thin").
	// +optional
	StorageMode string `json:"storageMode,omitempty" protobuf:"bytes,7,opt,name=storageMode"`
	// The name of a volume already created in the ScaleIO system
	// that is associated with this volume source.
	VolumeName string `json:"volumeName,omitempty" protobuf:"bytes,8,opt,name=volumeName"`
	// Filesystem type to mount.
	// Must be a filesystem type supported by the host operating system.
	// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
	// +optional
	FSType string `json:"fsType,omitempty" protobuf:"bytes,9,opt,name=fsType"`
	// Defaults to false (read/write). ReadOnly here will force
	// the ReadOnly setting in VolumeMounts.
	// +optional
	ReadOnly bool `json:"readOnly,omitempty" protobuf:"varint,10,opt,name=readOnly"`
}

@liggitt ok, thanks. I think I only changed SecretRef's type in ScaleIOPersistentVolumeSource. I will make sure they are the same in both ScaleIOVolumeSource as well. Thanks.

I re-read your comment. Ok, I will ensure the types are the same in staging and v1.

yeah, leave ScaleIOVolumeSource as is

@liggitt
I got confused because your comment above has ScaleIOVolumeSource using SecretReference. Please confirm:

• XXXVolumeSource -> LocalObjectReference (in pkg/v1 and staging/v1)
• XXXPersistentVolumeSource -> SecretReference (in pkg/v1 and staging/v1)

The above is how I see other types are done, but confirm anyway.

Oops, fixed.

need to copy SetDefaults_ScaleIOVolumeSource to SetDefaults_ScaleIOPersistentVolumeSource (changing the types), which will regenerate this to call a defaulting function

which also means copying the registered fuzzing function in pkg/api/fuzzer/fuzzer.go for func(sio *api.ScaleIOVolumeSource, c fuzz.Continue) for ScaleIOPersistentVolumeSource

ok will do.

why did ProtectionDomain and StoragePool defaults get dropped? should be present in both fuzzing funcs for ScaleIOVolumeSource and ScaleIOPersistentVolumeSource, right?

@liggitt the assumption that these two params would default to value default was a bug. Because if those default were actually applied the volume would fail. This was partially fixed in the last release. So I removed them here in accordance with what was done then (#49973).

hmm, ok. changing defaults is typically considered a breaking API change, but if the defaults caused the object to never work, that doesn't seem good either.

would like agreement from @kubernetes/sig-storage-api-reviews on the removal of the defaulting behavior on those fields, and if agreed on, remove the (defaults to "default") godoc from those fields and add a description of the default change to the release note.

@liggitt thank you. Basically this is taking care of a bug in the API validation. If those values are applied by default as default, chances are they would break storage operations since, most likely, these values will not match values on the backing storage system.

Ok. Validation doesn't require those values to be set (and can't, without breaking existing API create calls), so with defaulting removed, if someone leaves them empty, they will just be unset now. Is that acceptable?

@liggitt Yes. That is acceptable.

restore these defaults to both SetDefaults_ScaleIOVolumeSource and SetDefaults_ScaleIOPersistentVolumeSource?

See comment above. Thanks!