add fsGroup support

Signed-off-by: Tim Ramlot <[email protected]>

Author: inteon

driver/controllerserver.go

@@ -70,15 +70,7 @@ func (cs *controllerServer) GetCapacity(ctx context.Context, req *csi.GetCapacit
 // Default supports all capabilities
 func (cs *controllerServer) ControllerGetCapabilities(ctx context.Context, req *csi.ControllerGetCapabilitiesRequest) (*csi.ControllerGetCapabilitiesResponse, error) {
 	return &csi.ControllerGetCapabilitiesResponse{
-		Capabilities: []*csi.ControllerServiceCapability{
-			{
-				Type: &csi.ControllerServiceCapability_Rpc{
-					Rpc: &csi.ControllerServiceCapability_RPC{
-						Type: csi.ControllerServiceCapability_RPC_UNKNOWN,
-					},
-				},
-			},
-		},
+		Capabilities: []*csi.ControllerServiceCapability{},
 	}, nil
 }
 

driver/nodeserver.go

@@ -198,7 +198,7 @@ func (ns *nodeServer) NodeGetCapabilities(ctx context.Context, request *csi.Node
 			{
 				Type: &csi.NodeServiceCapability_Rpc{
 					Rpc: &csi.NodeServiceCapability_RPC{
-						Type: csi.NodeServiceCapability_RPC_UNKNOWN,
+						Type: csi.NodeServiceCapability_RPC_VOLUME_MOUNT_GROUP,
 					},
 				},
 			},

driver/server.go

@@ -96,7 +96,7 @@ func parseEndpoint(ep string) (string, string, error) {
 			return s[0], s[1], nil
 		}
 	}
-	return "", "", fmt.Errorf("Invalid endpoint: %v", ep)
+	return "", "", fmt.Errorf("invalid endpoint: %v", ep)
 }
 
 func loggingInterceptor(log logr.Logger) grpc.UnaryServerInterceptor {

metadata/metadata.go

@@ -38,14 +38,18 @@ type Metadata struct {
 	// System-specific attributes extracted from the NodePublishVolume request.
 	// These are sourced from the VolumeContext.
 	VolumeContext map[string]string `json:"volumeContext,omitempty"`
+
+	// VolumeMountGroup is the filesystem group that the volume should be mounted as.
+	VolumeMountGroup string `json:"volumeMountGroup,omitempty"`
 }
 
 // FromNodePublishVolumeRequest constructs a Metadata from a NodePublishVolumeRequest.
 // The NextIssuanceTime field will NOT be set.
 func FromNodePublishVolumeRequest(request *csi.NodePublishVolumeRequest) Metadata {
 	return Metadata{
-		VolumeID:      request.GetVolumeId(),
-		TargetPath:    request.GetTargetPath(),
-		VolumeContext: request.GetVolumeContext(),
+		VolumeID:         request.GetVolumeId(),
+		TargetPath:       request.GetTargetPath(),
+		VolumeContext:    request.GetVolumeContext(),
+		VolumeMountGroup: request.GetVolumeCapability().GetMount().GetVolumeMountGroup(),
 	}
 }

storage/filesystem.go

@@ -333,14 +333,20 @@ func (f *Filesystem) fsGroupForMetadata(meta metadata.Metadata) (*int64, error)
 		return f.FixedFSGroup, nil
 	}
 
+	// The VolumeAttribute takes precedence over the VolumeMountGroup that is
+	// set using the securityContext.fsGroup field. This way, we can support more
+	// granular control over the fsGroup per volume.
+	fsGroupStr := ""
 	// If the FSGroupVolumeAttributeKey is not defined, no ownership can change.
-	if len(f.FSGroupVolumeAttributeKey) == 0 {
-		return nil, nil
+	if fsGroupStr == "" && len(f.FSGroupVolumeAttributeKey) > 0 {
+		fsGroupStr = meta.VolumeContext[f.FSGroupVolumeAttributeKey]
+	}
+	if fsGroupStr == "" {
+		fsGroupStr = meta.VolumeMountGroup
 	}
 
-	fsGroupStr, ok := meta.VolumeContext[f.FSGroupVolumeAttributeKey]
-	if !ok {
-		// If the attribute has not been set, return no ownership change.
+	// If the attribute has not been set, return no ownership change.
+	if fsGroupStr == "" {
 		return nil, nil
 	}
 

storage/filesystem_test.go

@@ -144,80 +144,116 @@ func Test_fsGroupForMetadata(t *testing.T) {
 
 	tests := map[string]struct {
 		fixedFSGroup              *int64
+		metaVolumeMountGroup      string
 		fsGroupVolumeAttributeKey string
 		volumeContext             map[string]string
 
 		expGID *int64
 		expErr bool
 	}{
-		"FixedFSGroup=nil FSGroupVolumeAttributeKey='', should return nil gid": {
+		"FixedFSGroup=nil meta.VolumeMountGroup='' FSGroupVolumeAttributeKey='', should return nil gid": {
 			fixedFSGroup:              nil,
+			metaVolumeMountGroup:      "",
 			fsGroupVolumeAttributeKey: "",
 			volumeContext:             map[string]string{},
 			expGID:                    nil,
 			expErr:                    false,
 		},
-		"FixedFSGroup=10 FSGroupVolumeAttributeKey='', should return 10": {
+		"FixedFSGroup=10 meta.VolumeMountGroup='' FSGroupVolumeAttributeKey='', should return 10": {
 			fixedFSGroup:              intPtr(10),
+			metaVolumeMountGroup:      "",
 			fsGroupVolumeAttributeKey: "",
 			volumeContext:             map[string]string{},
 			expGID:                    intPtr(10),
 			expErr:                    false,
 		},
-		"FixedFSGroup=nil FSGroupVolumeAttributeKey=defined but not present in context, should return nil": {
+		"FixedFSGroup=nil meta.VolumeMountGroup='70' FSGroupVolumeAttributeKey='', should return 70": {
 			fixedFSGroup:              nil,
+			metaVolumeMountGroup:      "70",
+			fsGroupVolumeAttributeKey: "",
+			volumeContext:             map[string]string{},
+			expGID:                    intPtr(70),
+			expErr:                    false,
+		},
+		"FixedFSGroup=nil meta.VolumeMountGroup='' FSGroupVolumeAttributeKey=defined but not present in context, should return nil": {
+			fixedFSGroup:              nil,
+			metaVolumeMountGroup:      "",
 			fsGroupVolumeAttributeKey: "fs-gid",
 			volumeContext:             map[string]string{},
 			expGID:                    nil,
 			expErr:                    false,
 		},
-		"FixedFSGroup=nil FSGroupVolumeAttributeKey=defined and present in context, should return 20": {
+		"FixedFSGroup=nil meta.VolumeMountGroup='70' FSGroupVolumeAttributeKey=defined but not present in context, should return 70": {
+			fixedFSGroup:              nil,
+			metaVolumeMountGroup:      "70",
+			fsGroupVolumeAttributeKey: "fs-gid",
+			volumeContext:             map[string]string{},
+			expGID:                    intPtr(70),
+			expErr:                    false,
+		},
+		"FixedFSGroup=nil meta.VolumeMountGroup='' FSGroupVolumeAttributeKey=defined and present in context, should return 20": {
+			fixedFSGroup:              nil,
+			metaVolumeMountGroup:      "",
+			fsGroupVolumeAttributeKey: "fs-gid",
+			volumeContext: map[string]string{
+				"fs-gid": "20",
+			},
+			expGID: intPtr(20),
+			expErr: false,
+		},
+		"FixedFSGroup=nil meta.VolumeMountGroup='10' FSGroupVolumeAttributeKey=defined and present in context, should return 20": {
 			fixedFSGroup:              nil,
+			metaVolumeMountGroup:      "10",
 			fsGroupVolumeAttributeKey: "fs-gid",
 			volumeContext: map[string]string{
 				"fs-gid": "20",
 			},
 			expGID: intPtr(20),
 			expErr: false,
 		},
-		"FixedFSGroup=nil FSGroupVolumeAttributeKey=defined and present in context but value of 0, should error": {
+		"FixedFSGroup=nil meta.VolumeMountGroup='' FSGroupVolumeAttributeKey=defined and present in context but value of 0, should error": {
 			fixedFSGroup:              nil,
+			metaVolumeMountGroup:      "",
 			fsGroupVolumeAttributeKey: "fs-gid",
 			volumeContext: map[string]string{
 				"fs-gid": "0",
 			},
 			expGID: nil,
 			expErr: true,
 		},
-		"FixedFSGroup=nil FSGroupVolumeAttributeKey=defined and present in context but value of -1, should error": {
+		"FixedFSGroup=nil meta.VolumeMountGroup='' FSGroupVolumeAttributeKey=defined and present in context but value of -1, should error": {
 			fixedFSGroup:              nil,
+			metaVolumeMountGroup:      "",
 			fsGroupVolumeAttributeKey: "fs-gid",
 			volumeContext: map[string]string{
 				"fs-gid": "-1",
 			},
 			expGID: nil,
 			expErr: true,
 		},
-		"FixedFSGroup=nil FSGroupVolumeAttributeKey=defined and present in context but value greater than the max gid, should error": {
+		"FixedFSGroup=nil meta.VolumeMountGroup='' FSGroupVolumeAttributeKey=defined and present in context but value greater than the max gid, should error": {
 			fixedFSGroup:              nil,
+			metaVolumeMountGroup:      "",
 			fsGroupVolumeAttributeKey: "fs-gid",
 			volumeContext: map[string]string{
 				"fs-gid": "4294967296",
 			},
 			expGID: nil,
 			expErr: true,
 		},
-		"FixedFSGroup=nil FSGroupVolumeAttributeKey=defined and present in context but with bad value, should return error": {
+		"FixedFSGroup=nil meta.VolumeMountGroup='' FSGroupVolumeAttributeKey=defined and present in context but with bad value, should return error": {
 			fixedFSGroup:              nil,
+			metaVolumeMountGroup:      "",
 			fsGroupVolumeAttributeKey: "fs-gid",
 			volumeContext: map[string]string{
 				"fs-gid": "bad-value",
 			},
 			expGID: nil,
 			expErr: true,
 		},
-		"FixedFSGroup=10 FSGroupVolumeAttributeKey=defined and present in context, should return superseding FixedFSGroup (10)": {
+		"FixedFSGroup=10 meta.VolumeMountGroup='' FSGroupVolumeAttributeKey=defined and present in context, should return superseding FixedFSGroup (10)": {
 			fixedFSGroup:              intPtr(10),
+			metaVolumeMountGroup:      "",
 			fsGroupVolumeAttributeKey: "fs-gid",
 			volumeContext: map[string]string{
 				"fs-gid": "20",
@@ -235,7 +271,8 @@ func Test_fsGroupForMetadata(t *testing.T) {
 			}
 
 			gid, err := f.fsGroupForMetadata(metadata.Metadata{
-				VolumeContext: test.volumeContext,
+				VolumeContext:    test.volumeContext,
+				VolumeMountGroup: test.metaVolumeMountGroup,
 			})
 
 			if (err != nil) != test.expErr {