From 40de75e0db595ef4a52f78e8623b665d77506a78 Mon Sep 17 00:00:00 2001
From: Rakshith R <rar@redhat.com>
Date: Wed, 23 Mar 2022 11:01:25 +0530
Subject: [PATCH] rbd: modify oidc token file path according to FHS 3.0

OIDC token file path has been modified from
`/var/run/secrets/token` to `/run/secrets/tokens`.
This has been done to ensure compliance with
FHS 3.0.

refer:
https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch05s13.html

Signed-off-by: Rakshith R <rar@redhat.com>
---
 charts/ceph-csi-rbd/templates/nodeplugin-daemonset.yaml   | 2 +-
 charts/ceph-csi-rbd/templates/provisioner-deployment.yaml | 2 +-
 deploy/rbd/kubernetes/csi-rbdplugin-provisioner.yaml      | 2 +-
 deploy/rbd/kubernetes/csi-rbdplugin.yaml                  | 2 +-
 internal/kms/aws_sts_metadata.go                          | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/charts/ceph-csi-rbd/templates/nodeplugin-daemonset.yaml b/charts/ceph-csi-rbd/templates/nodeplugin-daemonset.yaml
index 98c838074..120d9627c 100644
--- a/charts/ceph-csi-rbd/templates/nodeplugin-daemonset.yaml
+++ b/charts/ceph-csi-rbd/templates/nodeplugin-daemonset.yaml
@@ -134,7 +134,7 @@ spec:
             - name: ceph-logdir
               mountPath: /var/log/ceph
             - name: oidc-token
-              mountPath: /var/run/secrets/tokens
+              mountPath: /run/secrets/tokens
               readOnly: true
           resources:
 {{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }}
diff --git a/charts/ceph-csi-rbd/templates/provisioner-deployment.yaml b/charts/ceph-csi-rbd/templates/provisioner-deployment.yaml
index 63b38bcaf..b3b09160d 100644
--- a/charts/ceph-csi-rbd/templates/provisioner-deployment.yaml
+++ b/charts/ceph-csi-rbd/templates/provisioner-deployment.yaml
@@ -184,7 +184,7 @@ spec:
             - name: keys-tmp-dir
               mountPath: /tmp/csi/keys
             - name: oidc-token
-              mountPath: /var/run/secrets/tokens
+              mountPath: /run/secrets/tokens
               readOnly: true
           resources:
 {{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }}
diff --git a/deploy/rbd/kubernetes/csi-rbdplugin-provisioner.yaml b/deploy/rbd/kubernetes/csi-rbdplugin-provisioner.yaml
index 915fb38a2..6c70f7ec5 100644
--- a/deploy/rbd/kubernetes/csi-rbdplugin-provisioner.yaml
+++ b/deploy/rbd/kubernetes/csi-rbdplugin-provisioner.yaml
@@ -164,7 +164,7 @@ spec:
             - name: ceph-config
               mountPath: /etc/ceph/
             - name: oidc-token
-              mountPath: /var/run/secrets/tokens
+              mountPath: /run/secrets/tokens
               readOnly: true
         - name: csi-rbdplugin-controller
           # for stable functionality replace canary with latest release version
diff --git a/deploy/rbd/kubernetes/csi-rbdplugin.yaml b/deploy/rbd/kubernetes/csi-rbdplugin.yaml
index 429e6da32..e9117e9ff 100644
--- a/deploy/rbd/kubernetes/csi-rbdplugin.yaml
+++ b/deploy/rbd/kubernetes/csi-rbdplugin.yaml
@@ -119,7 +119,7 @@ spec:
             - name: ceph-config
               mountPath: /etc/ceph/
             - name: oidc-token
-              mountPath: /var/run/secrets/tokens
+              mountPath: /run/secrets/tokens
               readOnly: true
         - name: liveness-prometheus
           securityContext:
diff --git a/internal/kms/aws_sts_metadata.go b/internal/kms/aws_sts_metadata.go
index 00aa300e3..a0db764d8 100644
--- a/internal/kms/aws_sts_metadata.go
+++ b/internal/kms/aws_sts_metadata.go
@@ -60,7 +60,7 @@ const (
 	// tokenFilePath is the path to the file containing the OIDC token.
 	//
 	// #nosec:G101, value not credential, just path to the token.
-	tokenFilePath = "/var/run/secrets/tokens/oidc-token"
+	tokenFilePath = "/run/secrets/tokens/oidc-token"
 )
 
 var _ = RegisterProvider(Provider{