fix: default mountPermissions issue

2022-11-17 12:07:00 +00:00 · 2022-11-17 12:07:00 +00:00 · a1eba060ee
commit a1eba060ee
parent 8df967843f
6 changed files with 12 additions and 17 deletions
--- a/charts/README.md
+++ b/charts/README.md
@ -38,7 +38,7 @@ The following table lists the configurable parameters of the latest NFS CSI Driv
 |---------------------------------------------------|------------------------------------------------------------|-------------------------------------------------------------------|
 | `customLabels`                                    | optional extra labels to k8s resources deployed by chart   | `{}`                                                              |
 | `driver.name`                                     | alternative driver name                                    | `nfs.csi.k8s.io` |
-| `driver.mountPermissions`                         | mounted folder permissions name                            | `0777`
+| `driver.mountPermissions`                         | default mounted folder permissions                             | `0`
 | `feature.enableFSGroupPolicy`                     | enable `fsGroupPolicy` on a k8s 1.20+ cluster              | `true`                      |
 | `feature.enableInlineVolume`                      | enable inline volume                     | `false`                      |
 | `kubeletDir`                                      | alternative kubelet directory                              | `/var/lib/kubelet`                                                  |
--- a/charts/latest/csi-driver-nfs-v0.0.0.tgz
+++ b/charts/latest/csi-driver-nfs-v0.0.0.tgz
--- a/charts/latest/csi-driver-nfs/values.yaml
+++ b/charts/latest/csi-driver-nfs/values.yaml
@ -27,7 +27,7 @@ rbac:

 driver:
  name: nfs.csi.k8s.io
-  mountPermissions: 0777
+  mountPermissions: 0

 feature:
  enableFSGroupPolicy: true
--- a/cmd/nfsplugin/main.go
+++ b/cmd/nfsplugin/main.go
@ -28,7 +28,7 @@ import (
 var (
 	endpoint         = flag.String("endpoint", "unix://tmp/csi.sock", "CSI endpoint")
 	nodeID           = flag.String("nodeid", "", "node id")
-	mountPermissions = flag.Uint64("mount-permissions", 0777, "mounted folder permissions")
+	mountPermissions = flag.Uint64("mount-permissions", 0, "mounted folder permissions")
 	driverName       = flag.String("drivername", nfs.DefaultDriverName, "name of the driver")
 	workingMountDir  = flag.String("working-mount-dir", "/tmp", "working directory for provisioner to mount nfs shares temporarily")
 )
--- a/pkg/nfs/controllerserver.go
+++ b/pkg/nfs/controllerserver.go
@ -130,15 +130,17 @@ func (cs *ControllerServer) CreateVolume(ctx context.Context, req *csi.CreateVol
 		}
 	}()

-	fileMode := os.FileMode(mountPermissions)
 	// Create subdirectory under base-dir
 	internalVolumePath := getInternalVolumePath(cs.Driver.workingMountDir, nfsVol)
-	if err = os.Mkdir(internalVolumePath, fileMode); err != nil && !os.IsExist(err) {
+	if err = os.Mkdir(internalVolumePath, 0777); err != nil && !os.IsExist(err) {
 		return nil, status.Errorf(codes.Internal, "failed to make subdirectory: %v", err.Error())
 	}
-	// Reset directory permissions because of umask problems
-	if err = os.Chmod(internalVolumePath, fileMode); err != nil {
-		klog.Warningf("failed to chmod subdirectory: %v", err.Error())
+
+	if mountPermissions > 0 {
+		// Reset directory permissions because of umask problems
+		if err = os.Chmod(internalVolumePath, os.FileMode(mountPermissions)); err != nil {
+			klog.Warningf("failed to chmod subdirectory: %v", err.Error())
+		}
 	}

 	setKeyValueInMap(parameters, paramSubDir, nfsVol.subDir)
--- a/pkg/nfs/nodeserver.go
+++ b/pkg/nfs/nodeserver.go
@ -60,7 +60,6 @@ func (ns *NodeServer) NodePublishVolume(ctx context.Context, req *csi.NodePublis
 	subDirReplaceMap := map[string]string{}

 	mountPermissions := ns.Driver.mountPermissions
-	performChmodOp := (mountPermissions > 0)
 	for k, v := range req.GetVolumeContext() {
 		switch strings.ToLower(k) {
 		case paramServer:
@ -82,15 +81,9 @@ func (ns *NodeServer) NodePublishVolume(ctx context.Context, req *csi.NodePublis
 		case mountPermissionsField:
 			if v != "" {
 				var err error
-				var perm uint64
-				if perm, err = strconv.ParseUint(v, 8, 32); err != nil {
+				if mountPermissions, err = strconv.ParseUint(v, 8, 32); err != nil {
 					return nil, status.Errorf(codes.InvalidArgument, fmt.Sprintf("invalid mountPermissions %s", v))
 				}
-				if perm == 0 {
-					performChmodOp = false
-				} else {
-					mountPermissions = perm
-				}
 			}
 		}
 	}
@ -138,7 +131,7 @@ func (ns *NodeServer) NodePublishVolume(ctx context.Context, req *csi.NodePublis
 		return nil, status.Error(codes.Internal, err.Error())
 	}

-	if performChmodOp {
+	if mountPermissions > 0 {
 		if err := chmodIfPermissionMismatch(targetPath, os.FileMode(mountPermissions)); err != nil {
 			return nil, status.Error(codes.Internal, err.Error())
 		}