set cipher suites from secrets in mount options

Signed-off-by: Ashima-Ashima1 <[email protected]>

Author: ashimagarg27

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2025-09-01T06:07:00Z",
+  "generated_at": "2025-09-02T07:03:59Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -199,7 +199,7 @@
       {
         "hashed_secret": "2e7a7ee14caebf378fc32d6cf6f557f347c96773",
         "is_verified": false,
-        "line_number": 78,
+        "line_number": 79,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -218,7 +218,7 @@
       {
         "hashed_secret": "2e7a7ee14caebf378fc32d6cf6f557f347c96773",
         "is_verified": false,
-        "line_number": 20,
+        "line_number": 21,
         "type": "Secret Keyword",
         "verified_result": null
       }

pkg/constants/constants.go

@@ -48,6 +48,8 @@ const (
 	IsNodeServer         = "IS_NODE_SERVER"
 	KubeNodeName         = "KUBE_NODE_NAME"
 	MaxVolumesPerNodeEnv = "MAX_VOLUMES_PER_NODE"
+
+	CipherSuitesMO = "cipher_suites"
 )
 
 var (

pkg/driver/nodeserver.go

@@ -146,8 +146,8 @@ func (ns *nodeServer) NodePublishVolume(_ context.Context, req *csi.NodePublishV
 		secretMap["iamEndpoint"] = ns.iamEndpoint
 	}
 
-	if len(secretMap["cipher_suites"]) == 0 {
-		secretMap["cipher_suites"] = ns.CipherSuites
+	if len(secretMap[constants.CipherSuitesMO]) == 0 {
+		secretMap[constants.CipherSuitesMO] = ns.CipherSuites
 	}
 
 	// If bucket name wasn't provided by user, we use temp bucket created for volume.

pkg/mounter/mounter-rclone.go

@@ -137,9 +137,9 @@ func updateMountOptions(dafaultMountOptions []string, secretMap map[string]strin
 		}
 	}
 
-	val, check := secretMap["cipher_suites"]
+	val, check := secretMap[constants.CipherSuitesMO]
 	if check {
-		mountOptsMap["cipher_suites"] = val
+		mountOptsMap[constants.CipherSuitesMO] = val
 	}
 
 	stringData, ok := secretMap["mountOptions"]

pkg/mounter/mounter-rclone_test.go

@@ -5,23 +5,24 @@ import (
 	"os"
 	"testing"
 
+	"github.com/IBM/ibm-object-csi-driver/pkg/constants"
 	mounterUtils "github.com/IBM/ibm-object-csi-driver/pkg/mounter/utils"
 	"github.com/stretchr/testify/assert"
 )
 
 var (
 	secretMapRClone = map[string]string{
-		"cosEndpoint":        "test-endpoint",
-		"locationConstraint": "test-loc-constraint",
-		"bucketName":         "test-bucket-name",
-		"objPath":            "test-obj-path",
-		"accessKey":          "test-access-key",
-		"secretKey":          "test-secret-key",
-		"apiKey":             "test-api-key",
-		"kpRootKeyCRN":       "test-kp-root-key-crn",
-		"gid":                "fake-gid",
-		"uid":                "fake-uid",
-		"cipher_suites":      "default",
+		"cosEndpoint":            "test-endpoint",
+		"locationConstraint":     "test-loc-constraint",
+		"bucketName":             "test-bucket-name",
+		"objPath":                "test-obj-path",
+		"accessKey":              "test-access-key",
+		"secretKey":              "test-secret-key",
+		"apiKey":                 "test-api-key",
+		"kpRootKeyCRN":           "test-kp-root-key-crn",
+		"gid":                    "fake-gid",
+		"uid":                    "fake-uid",
+		constants.CipherSuitesMO: "default",
 	}
 
 	mountOptionsRClone = []string{"opt1=val1", "opt2=val2"}

pkg/mounter/mounter-s3fs.go

@@ -242,9 +242,9 @@ func updateS3FSMountOptions(defaultMountOp []string, secretMap map[string]string
 		mountOptsMap["uid"] = secretMap["uid"]
 	}
 
-	val, check := secretMap["cipher_suites"]
+	val, check := secretMap[constants.CipherSuitesMO]
 	if check {
-		mountOptsMap["cipher_suites"] = val
+		mountOptsMap[constants.CipherSuitesMO] = val
 	}
 
 	stringData, ok := secretMap["mountOptions"]
@@ -279,7 +279,7 @@ func updateS3FSMountOptions(defaultMountOp []string, secretMap map[string]string
 			option = val
 		}
 
-		if newVal, check := secretMap[key]; check {
+		if newVal, check := secretMap[key]; check && key != constants.CipherSuitesMO {
 			if isKeyValuePair {
 				option = fmt.Sprintf("%s=%s", key, newVal)
 			} else {

pkg/mounter/mounter-s3fs_test.go

@@ -5,22 +5,23 @@ import (
 	"os"
 	"testing"
 
+	"github.com/IBM/ibm-object-csi-driver/pkg/constants"
 	mounterUtils "github.com/IBM/ibm-object-csi-driver/pkg/mounter/utils"
 	"github.com/stretchr/testify/assert"
 )
 
 var (
 	secretMap = map[string]string{
-		"cosEndpoint":        "test-endpoint",
-		"locationConstraint": "test-loc-constraint",
-		"bucketName":         "test-bucket-name",
-		"objPath":            "test-obj-path",
-		"accessKey":          "test-access-key",
-		"secretKey":          "test-secret-key",
-		"apiKey":             "test-api-key",
-		"kpRootKeyCRN":       "test-kp-root-key-crn",
-		"uid":                "test-uid",
-		"cipher_suites":      "default",
+		"cosEndpoint":            "test-endpoint",
+		"locationConstraint":     "test-loc-constraint",
+		"bucketName":             "test-bucket-name",
+		"objPath":                "test-obj-path",
+		"accessKey":              "test-access-key",
+		"secretKey":              "test-secret-key",
+		"apiKey":                 "test-api-key",
+		"kpRootKeyCRN":           "test-kp-root-key-crn",
+		"uid":                    "test-uid",
+		constants.CipherSuitesMO: "default",
 	}
 
 	mountOptions = []string{"opt1=val1", "opt2=val2", "opt3"}