Skip to content

Refactor filesystem.go and adapt tests to use a real file system #71

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Refactor filesystem.go and adapt tests to use a real file system #71

wants to merge 1 commit into from

Conversation

inteon
Copy link
Member

@inteon inteon commented Nov 21, 2024
edited
Loading

Adds tests to prevent bugs like #70 in the future.

Refactors filesystem.go to only accept absolute paths instead of the weird current relative absolute paths (due to os.DirFS("/")), fixing #15.

NOTE: we will have to modify all csi-drivers that use this lib to only accept/ input absolute paths

@cert-manager-prow cert-manager-prow bot added dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Nov 21, 2024
@inteon inteon requested a review from munnerz November 21, 2024 10:12
inteon
inteon commented Mar 28, 2025
View reviewed changes
storage/filesystem.go
// any sensitive data on disk in production.
func NewFilesystemOnDisk(log logr.Logger, basePath string) (*Filesystem, error) {
if !filepath.IsAbs(basePath) {
return nil, fmt.Errorf("baseDir must be an absolute path")
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Starting from this PR, we no longer support the weird relative path notation. All paths have to be absolute.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see https://github.com/cert-manager/csi-lib/pull/71/files#diff-ebf7d236278a68704d3f90c6e44983c3c663d2beb9ce124a1658cb93ffaa6276R89

@inteon inteon force-pushed the filesystem_tests branch from 5545d0b to 8e0e40f Compare May 30, 2025 10:59
@cert-manager-prow
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign wallrj for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@inteon inteon force-pushed the filesystem_tests branch 3 times, most recently from ca97148 to e846f8c Compare June 4, 2025 07:45
inteon
inteon commented Jul 4, 2025
View reviewed changes
storage/filesystem.go
// If a fsGroup is defined, Chown the directory to that group.
if fsGroup != nil {
if err := os.Chown(f.dataPathForVolumeID(meta.VolumeID), -1, int(*fsGroup)); err != nil {
if err := os.Lchown(f.dataPathForVolumeID(meta.VolumeID), -1, int(*fsGroup)); err != nil {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Chown vs Lchown:

If the file is a symbolic link, it changes the uid and gid of the link itself.

This seems more secure. However, since the dataPathForVolumeID is a folder, this should not change anything.

inteon
inteon commented Jul 4, 2025
View reviewed changes
storage/filesystem.go
@@ -171,11 +195,6 @@ func (f *Filesystem) WriteMetadata(volumeID string, meta metadata.Metadata) erro
func (f *Filesystem) RegisterMetadata(meta metadata.Metadata) (bool, error) {
existingMeta, err := f.ReadMetadata(meta.VolumeID)
if errors.Is(err, ErrNotFound) {
// Ensure directory structure for the volume exists
if err := f.ensureVolumeDirectory(meta.VolumeID); err != nil {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is now called in WriteMetadata instead.

inteon
inteon commented Jul 4, 2025
View reviewed changes
storage/filesystem.go
}

// Data directory should be read and execute only to the fs user and group.
if err := os.MkdirAll(f.dataPathForVolumeID(volumeID), 0550); err != nil {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was moved to WriteFiles, since we don't need it in WriteMetadata (the other caller of this function).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@munnerz munnerz Awaiting requested review from munnerz

Assignees
No one assigned
Labels
dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@inteon