kubernetes-csi/csi-driver-nfs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: skip chmod if mountPermissions is 0

Browse Source 
fix
This commit is contained in:
andyzhangx 2022-05-04 07:33:57 +00:00
parent c038402144
commit 90cc83fdbd
5 changed files with 59 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/driver-parameters.md
View File

@ -8,7 +8,7 @@ Name | Meaning | Example Value | Mandatory | Default value
--- | --- | --- | --- | --- --- | --- | --- | --- | ---
server | NFS Server address | domain name `nfs-server.default.svc.cluster.local` <br>or IP address `127.0.0.1` | Yes | server | NFS Server address | domain name `nfs-server.default.svc.cluster.local` <br>or IP address `127.0.0.1` | Yes |
share | NFS share path | `/` | Yes | share | NFS share path | `/` | Yes |
mountPermissions | mounted folder permissions. The default is `0777` | | No | mountPermissions | mounted folder permissions. The default is `0777`, if set as `0`, driver will not perform `chmod` after mount | | No |
### PV/PVC usage (static provisioning) ### PV/PVC usage (static provisioning)
> [`PersistentVolume` example](../deploy/example/pv-nfs-csi.yaml) > [`PersistentVolume` example](../deploy/example/pv-nfs-csi.yaml)

13
pkg/nfs/nodeserver.go
View File

@ -58,6 +58,7 @@ func (ns *NodeServer) NodePublishVolume(ctx context.Context, req *csi.NodePublis
var server, baseDir string var server, baseDir string
mountPermissions := ns.Driver.mountPermissions mountPermissions := ns.Driver.mountPermissions
performChmodOp := (mountPermissions > 0)
for k, v := range req.GetVolumeContext() { for k, v := range req.GetVolumeContext() {
switch strings.ToLower(k) { switch strings.ToLower(k) {
case paramServer: case paramServer:
@ -71,9 +72,15 @@ func (ns *NodeServer) NodePublishVolume(ctx context.Context, req *csi.NodePublis
case mountPermissionsField: case mountPermissionsField:
if v != "" { if v != "" {
var err error var err error
if mountPermissions, err = strconv.ParseUint(v, 8, 32); err != nil { var perm uint64
if perm, err = strconv.ParseUint(v, 8, 32); err != nil {
return nil, status.Errorf(codes.InvalidArgument, fmt.Sprintf("invalid mountPermissions %s", v)) return nil, status.Errorf(codes.InvalidArgument, fmt.Sprintf("invalid mountPermissions %s", v))
} }
if perm == 0 {
performChmodOp = false
} else {
mountPermissions = perm
}
} }
} }
} }
@ -114,9 +121,13 @@ func (ns *NodeServer) NodePublishVolume(ctx context.Context, req *csi.NodePublis
} }
klog.V(2).Infof("volumeID(%v): mount targetPath(%s) with permissions(0%o)", volumeID, targetPath, mountPermissions) klog.V(2).Infof("volumeID(%v): mount targetPath(%s) with permissions(0%o)", volumeID, targetPath, mountPermissions)
if performChmodOp {
if err := os.Chmod(targetPath, os.FileMode(mountPermissions)); err != nil { if err := os.Chmod(targetPath, os.FileMode(mountPermissions)); err != nil {
return nil, status.Error(codes.Internal, err.Error()) return nil, status.Error(codes.Internal, err.Error())
} }
} else {
klog.V(2).Infof("skip chmod on targetPath(%s) since mountPermissions is set as 0", targetPath)
}
return &csi.NodePublishVolumeResponse{}, nil return &csi.NodePublishVolumeResponse{}, nil
} }

15
pkg/nfs/nodeserver_test.go
View File

@ -47,6 +47,11 @@ func TestNodePublishVolume(t *testing.T) {
"share": "share", "share": "share",
mountPermissionsField: "0755", mountPermissionsField: "0755",
} }
paramsWithZeroPermissions := map[string]string{
"server": "server",
"share": "share",
mountPermissionsField: "0",
}
invalidParams := map[string]string{ invalidParams := map[string]string{
"server": "server", "server": "server",
@ -121,6 +126,16 @@ func TestNodePublishVolume(t *testing.T) {
Readonly: true}, Readonly: true},
expectedErr: nil, expectedErr: nil,
}, },
{
desc: "[Success] Valid request with 0 mountPermissions",
req: csi.NodePublishVolumeRequest{
VolumeContext: paramsWithZeroPermissions,
VolumeCapability: &csi.VolumeCapability{AccessMode: &volumeCap},
VolumeId: "vol_1",
TargetPath: targetTest,
Readonly: true},
expectedErr: nil,
},
{ {
desc: "[Error] invalid mountPermissions", desc: "[Error] invalid mountPermissions",
req: csi.NodePublishVolumeRequest{ req: csi.NodePublishVolumeRequest{

22
test/e2e/dynamic_provisioning_test.go
View File

@ -70,7 +70,29 @@ var _ = ginkgo.Describe("Dynamic Provisioning", func() {
Pods: pods, Pods: pods,
StorageClassParameters: defaultStorageClassParameters, StorageClassParameters: defaultStorageClassParameters,
} }
test.Run(cs, ns)
})
ginkgo.It("should create a volume on demand with zero mountPermissions [nfs.csi.k8s.io]", func() {
pods := []testsuites.PodDetails{
{
Cmd: "echo 'hello world' > /mnt/test-1/data && grep 'hello world' /mnt/test-1/data",
Volumes: []testsuites.VolumeDetails{
{
ClaimSize: "10Gi",
VolumeMount: testsuites.VolumeMountDetails{
NameGenerate: "test-volume-",
MountPathGenerate: "/mnt/test-",
},
},
},
},
}
test := testsuites.DynamicallyProvisionedCmdVolumeTest{
CSIDriver: testDriver,
Pods: pods,
StorageClassParameters: storageClassParametersWithZeroMountPermisssions,
}
test.Run(cs, ns) test.Run(cs, ns)
}) })

7
test/e2e/e2e_suite_test.go
View File

@ -52,6 +52,13 @@ var (
"csi.storage.k8s.io/provisioner-secret-namespace": "default", "csi.storage.k8s.io/provisioner-secret-namespace": "default",
"mountPermissions": "0755", "mountPermissions": "0755",
} }
storageClassParametersWithZeroMountPermisssions = map[string]string{
"server": nfsServerAddress,
"share": nfsShare,
"csi.storage.k8s.io/provisioner-secret-name": "mount-options",
"csi.storage.k8s.io/provisioner-secret-namespace": "default",
"mountPermissions": "0",
}
controllerServer *nfs.ControllerServer controllerServer *nfs.ControllerServer
) )