Skip to content

Commit 1359a04

Browse files
krpsh123duckhawk
krpsh123
and
duckhawk
authored
[internal] Add mountPermissions to shapshot (#107)
Signed-off-by: Pavel Karpov <[email protected]> Signed-off-by: v.oleynikov <[email protected]> Co-authored-by: v.oleynikov <[email protected]>
1 parent c0bd73b commit 1359a04

File tree

4 files changed

+132
-1
lines changed

4 files changed

+132
-1
lines changed

images/controller/pkg/controller/nfs_storage_class_watcher.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -74,6 +74,7 @@ const (
7474
serverParamKey = "server"
7575
shareParamKey = "share"
7676
MountPermissionsParamKey = "mountPermissions"
77+
MountOptionsParamKey = "mountOptions"
7778
SubDirParamKey = "subdir"
7879
MountOptionsSecretKey = "mountOptions"
7980

images/controller/pkg/controller/nfs_storage_class_watcher_func.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -772,7 +772,8 @@ func ConfigureVSClass(oldVSClass *snapshotv1.VolumeSnapshotClass, nsc *v1alpha1.
772772
Driver: NFSStorageClassProvisioner,
773773
DeletionPolicy: deletionPolicy,
774774
Parameters: map[string]string{
775-
"mountOptions": strings.Join(GetSCMountOptions(nsc), ","),
775+
MountOptionsParamKey: strings.Join(GetSCMountOptions(nsc), ","),
776+
MountPermissionsParamKey: nsc.Spec.ChmodPermissions,
776777
SnapshotterSecretNameKey: SecretForMountOptionsPrefix + nsc.Name,
777778
SnapshotterSecretNamespaceKey: controllerNamespace,
778779
},

images/csi-nfs/patches/003-add-mountPermissions-to-snapshot.patch

Lines changed: 125 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,125 @@
1+
From 83eb7d75444ae74ca79e49569d3d13d54a93623e Mon Sep 17 00:00:00 2001
2+
From: Pavel Karpov <[email protected]>
3+
Date: Sun, 27 Jul 2025 22:17:41 +0300
4+
Subject: [PATCH] add mountPermissions to snapshot
5+
6+
Signed-off-by: Pavel Karpov <[email protected]>
7+
---
8+
pkg/nfs/controllerserver.go | 33 +++++++++++++++++++++++++++++++--
9+
pkg/nfs/nodeserver.go | 9 +++++----
10+
pkg/nfs/utils.go | 3 ++-
11+
3 files changed, 38 insertions(+), 7 deletions(-)
12+
13+
diff --git a/pkg/nfs/controllerserver.go b/pkg/nfs/controllerserver.go
14+
index 3b7b21a4..348086e2 100644
15+
--- a/pkg/nfs/controllerserver.go
16+
+++ b/pkg/nfs/controllerserver.go
17+
@@ -185,8 +185,8 @@ func (cs *ControllerServer) CreateVolume(ctx context.Context, req *csi.CreateVol
18+
19+
if mountPermissions > 0 {
20+
// Reset directory permissions because of umask problems
21+
- if err = os.Chmod(internalVolumePath, os.FileMode(mountPermissions)); err != nil {
22+
- klog.Warningf("failed to chmod subdirectory: %v", err)
23+
+ if err := chmodIfPermissionMismatch(internalVolumePath, os.FileMode(mountPermissions)); err != nil {
24+
+ return nil, status.Error(codes.Internal, err.Error())
25+
}
26+
}
27+
28+
@@ -404,6 +404,17 @@ func (cs *ControllerServer) CreateSnapshot(ctx context.Context, req *csi.CreateS
29+
if err := validateSnapshot(snapInternalVolPath, snapshot); err != nil {
30+
return nil, err
31+
}
32+
+ mountPermissionsForSnapInternalVolPath, err := getMountPermissionsForSnapInternalVolPath(req.GetParameters())
33+
+ if err != nil {
34+
+ return nil, status.Errorf(codes.NotFound, "failed to get mountPermissionsForSnapInternalVolPath: %v", err)
35+
+ } else {
36+
+ if mountPermissionsForSnapInternalVolPath > 0 {
37+
+ if err := chmodIfPermissionMismatch(snapInternalVolPath, os.FileMode(mountPermissionsForSnapInternalVolPath)); err != nil {
38+
+ return nil, status.Error(codes.Internal, err.Error())
39+
+ }
40+
+ }
41+
+
42+
+ }
43+
44+
if err = cs.internalMount(ctx, srcVol, req.GetParameters(), nil); err != nil {
45+
return nil, status.Errorf(codes.Internal, "failed to mount src nfs server: %v", err)
46+
@@ -680,6 +691,8 @@ func newNFSSnapshot(name string, params map[string]string, vol *nfsVolume) (*nfs
47+
baseDir = v
48+
case mountOptionsField:
49+
// no op
50+
+ case mountPermissionsField:
51+
+ // no op
52+
default:
53+
return nil, status.Errorf(codes.InvalidArgument, "invalid parameter %q in snapshot storage class", k)
54+
}
55+
@@ -914,3 +927,19 @@ func volumeFromSnapshot(snap *nfsSnapshot) *nfsVolume {
56+
uuid: snap.uuid,
57+
}
58+
}
59+
+
60+
+// getMountPermissionsForSnapInternalVolPath Convert VolumeSnapshot parameters to a snapInternalVolPath
61+
+func getMountPermissionsForSnapInternalVolPath(params map[string]string) (uint64, error) {
62+
+ mountPermissions := uint64(0)
63+
+ for k, v := range params {
64+
+ if strings.ToLower(k) == mountPermissionsField {
65+
+ if v != "" {
66+
+ var err error
67+
+ if mountPermissions, err = strconv.ParseUint(v, 8, 32); err != nil {
68+
+ return 0, status.Errorf(codes.InvalidArgument, "invalid mountPermissions %s in storage class", v)
69+
+ }
70+
+ }
71+
+ }
72+
+ }
73+
+ return mountPermissions, nil
74+
+}
75+
diff --git a/pkg/nfs/nodeserver.go b/pkg/nfs/nodeserver.go
76+
index ac28dd22..ec2ccbcc 100644
77+
--- a/pkg/nfs/nodeserver.go
78+
+++ b/pkg/nfs/nodeserver.go
79+
@@ -118,7 +118,7 @@ func (ns *NodeServer) NodePublishVolume(_ context.Context, req *csi.NodePublishV
80+
notMnt, err := ns.mounter.IsLikelyNotMountPoint(targetPath)
81+
if err != nil {
82+
if os.IsNotExist(err) {
83+
- if err := os.MkdirAll(targetPath, os.FileMode(mountPermissions)); err != nil {
84+
+ if err := os.MkdirAll(targetPath, 0777); err != nil {
85+
return nil, status.Error(codes.Internal, err.Error())
86+
}
87+
notMnt = true
88+
@@ -146,9 +146,10 @@ func (ns *NodeServer) NodePublishVolume(_ context.Context, req *csi.NodePublishV
89+
}
90+
91+
if mountPermissions > 0 {
92+
- if err := chmodIfPermissionMismatch(targetPath, os.FileMode(mountPermissions)); err != nil {
93+
- return nil, status.Error(codes.Internal, err.Error())
94+
- }
95+
+ klog.V(2).Infof("skip chmod on targetPath(%s), as there is no need to change the root directory of the nfs server", targetPath)
96+
+ //if err := chmodIfPermissionMismatch(targetPath, os.FileMode(mountPermissions)); err != nil {
97+
+ // return nil, status.Error(codes.Internal, err.Error())
98+
+ //}
99+
} else {
100+
klog.V(2).Infof("skip chmod on targetPath(%s) since mountPermissions is set as 0", targetPath)
101+
}
102+
diff --git a/pkg/nfs/utils.go b/pkg/nfs/utils.go
103+
index 53737cb2..8f20549e 100644
104+
--- a/pkg/nfs/utils.go
105+
+++ b/pkg/nfs/utils.go
106+
@@ -22,6 +22,7 @@ import (
107+
"path/filepath"
108+
"strings"
109+
"sync"
110+
+ "syscall"
111+
"time"
112+
113+
"github.com/container-storage-interface/spec/lib/go/csi"
114+
@@ -167,7 +168,7 @@ func chmodIfPermissionMismatch(targetPath string, mode os.FileMode) error {
115+
perm := info.Mode() & os.ModePerm
116+
if perm != mode {
117+
klog.V(2).Infof("chmod targetPath(%s, mode:0%o) with permissions(0%o)", targetPath, info.Mode(), mode)
118+
- if err := os.Chmod(targetPath, mode); err != nil {
119+
+ if err := syscall.Chmod(targetPath, uint32(mode)); err != nil {
120+
return err
121+
}
122+
} else {
123+
--
124+
2.43.0
125+

images/csi-nfs/patches/README.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,10 @@ Add volume cleanup feature
88

99
Update go.mod to fix CVE
1010

11+
## 003-add-mountPermissions-to-snapshot.patch
12+
13+
Add mountPermissions to snapshot. Fix mountPermissions.
14+
1115
## How to apply
1216

1317
```bash

0 commit comments

Comments
 (0)