From 3360f35b21e191e7a522ae5d487e751a1769b02e Mon Sep 17 00:00:00 2001 From: sharon-raphael Date: Tue, 1 Jul 2025 15:52:04 +0530 Subject: [PATCH 1/2] Adding fs_group_policy field for kubernetes_csi_driver --- docs/resources/csi_driver.md | 2 ++ docs/resources/csi_driver_v1.md | 2 ++ examples/resources/csi_driver/example_1.tf | 1 + examples/resources/csi_driver_v1/example_1.tf | 1 + kubernetes/resource_kubernetes_csi_driver_v1.go | 11 +++++++++++ .../resource_kubernetes_csi_driver_v1_test.go | 2 ++ .../resource_kubernetes_csi_driver_v1beta1.go | 15 ++++++++++++++- ...resource_kubernetes_csi_driver_v1beta1_test.go | 2 ++ kubernetes/structure_csi_driver.go | 15 +++++++++++++++ kubernetes/structure_csi_driver_v1.go | 15 +++++++++++++++ 10 files changed, 65 insertions(+), 1 deletion(-) diff --git a/docs/resources/csi_driver.md b/docs/resources/csi_driver.md index f7eb1a771c..4fd4baf3d7 100644 --- a/docs/resources/csi_driver.md +++ b/docs/resources/csi_driver.md @@ -50,6 +50,7 @@ Required: Optional: +- `fs_group_policy` (String) Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. Defaults to `ReadWriteOnceWithFSType`. Valid options are `File`, `None`, and `ReadWriteOnceWithFSType`. - `pod_info_on_mount` (Boolean) Indicates that the CSI volume driver requires additional pod information (like podName, podUID, etc.) during mount operations - `volume_lifecycle_modes` (List of String) Defines what kind of volumes this CSI volume driver supports @@ -68,6 +69,7 @@ resource "kubernetes_csi_driver" "example" { attach_required = true pod_info_on_mount = true volume_lifecycle_modes = ["Ephemeral"] + fs_group_policy = "File" } } ``` diff --git a/docs/resources/csi_driver_v1.md b/docs/resources/csi_driver_v1.md index 6d80a5c56e..7c09ff33c1 100644 --- a/docs/resources/csi_driver_v1.md +++ b/docs/resources/csi_driver_v1.md @@ -50,6 +50,7 @@ Required: Optional: +- `fs_group_policy` (String) Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. Defaults to `ReadWriteOnceWithFSType`. Valid options are `File`, `None`, and `ReadWriteOnceWithFSType`. - `pod_info_on_mount` (Boolean) Indicates that the CSI volume driver requires additional pod information (like podName, podUID, etc.) during mount operations - `volume_lifecycle_modes` (List of String) Defines what kind of volumes this CSI volume driver supports @@ -68,6 +69,7 @@ resource "kubernetes_csi_driver_v1" "example" { attach_required = true pod_info_on_mount = true volume_lifecycle_modes = ["Ephemeral"] + fs_group_policy = "File" } } ``` diff --git a/examples/resources/csi_driver/example_1.tf b/examples/resources/csi_driver/example_1.tf index dcd7f52ba6..146b2a1be7 100644 --- a/examples/resources/csi_driver/example_1.tf +++ b/examples/resources/csi_driver/example_1.tf @@ -7,5 +7,6 @@ resource "kubernetes_csi_driver" "example" { attach_required = true pod_info_on_mount = true volume_lifecycle_modes = ["Ephemeral"] + fs_group_policy = "File" } } diff --git a/examples/resources/csi_driver_v1/example_1.tf b/examples/resources/csi_driver_v1/example_1.tf index fd969310e7..dd1bb38c6e 100644 --- a/examples/resources/csi_driver_v1/example_1.tf +++ b/examples/resources/csi_driver_v1/example_1.tf @@ -7,5 +7,6 @@ resource "kubernetes_csi_driver_v1" "example" { attach_required = true pod_info_on_mount = true volume_lifecycle_modes = ["Ephemeral"] + fs_group_policy = "File" } } diff --git a/kubernetes/resource_kubernetes_csi_driver_v1.go b/kubernetes/resource_kubernetes_csi_driver_v1.go index feb83b922b..ed5b0f14d7 100644 --- a/kubernetes/resource_kubernetes_csi_driver_v1.go +++ b/kubernetes/resource_kubernetes_csi_driver_v1.go @@ -64,6 +64,17 @@ func resourceKubernetesCSIDriverV1() *schema.Resource { }, false), }, }, + "fs_group_policy": { + Type: schema.TypeString, + Description: "Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. Defaults to `ReadWriteOnceWithFSType`. Valid options are `File`, `None`, and `ReadWriteOnceWithFSType`.", + Optional: true, + Default: "ReadWriteOnceWithFSType", + ValidateFunc: validation.StringInSlice([]string{ + string(storage.ReadWriteOnceWithFSTypeFSGroupPolicy), + string(storage.NoneFSGroupPolicy), + string(storage.FileFSGroupPolicy), + }, false), + }, }, }, }, diff --git a/kubernetes/resource_kubernetes_csi_driver_v1_test.go b/kubernetes/resource_kubernetes_csi_driver_v1_test.go index e740e1bef5..0373e4004b 100644 --- a/kubernetes/resource_kubernetes_csi_driver_v1_test.go +++ b/kubernetes/resource_kubernetes_csi_driver_v1_test.go @@ -38,6 +38,7 @@ func TestAccKubernetesCSIDriverV1_basic(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "spec.0.attach_required", "true"), resource.TestCheckResourceAttr(resourceName, "spec.0.pod_info_on_mount", "true"), resource.TestCheckResourceAttr(resourceName, "spec.0.volume_lifecycle_modes.0", "Ephemeral"), + resource.TestCheckResourceAttr(resourceName, "spec.0.fs_group_policy", "File"), ), }, { @@ -107,6 +108,7 @@ func testAccKubernetesCSIDriverV1BasicConfig(name string, attached bool) string attach_required = %[2]t pod_info_on_mount = %[2]t volume_lifecycle_modes = ["Ephemeral"] + fs_group_policy = "File" } } `, name, attached) diff --git a/kubernetes/resource_kubernetes_csi_driver_v1beta1.go b/kubernetes/resource_kubernetes_csi_driver_v1beta1.go index 14e65d2e80..4f601779a9 100644 --- a/kubernetes/resource_kubernetes_csi_driver_v1beta1.go +++ b/kubernetes/resource_kubernetes_csi_driver_v1beta1.go @@ -13,8 +13,10 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" - storage "k8s.io/api/storage/v1beta1" + "k8s.io/apimachinery/pkg/api/errors" + + storage "k8s.io/api/storage/v1beta1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" pkgApi "k8s.io/apimachinery/pkg/types" ) @@ -60,6 +62,17 @@ func resourceKubernetesCSIDriverV1Beta1() *schema.Resource { }, false), }, }, + "fs_group_policy": { + Type: schema.TypeString, + Description: "Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. Defaults to `ReadWriteOnceWithFSType`. Valid options are `File`, `None`, and `ReadWriteOnceWithFSType`.", + Optional: true, + Default: "ReadWriteOnceWithFSType", + ValidateFunc: validation.StringInSlice([]string{ + string(storage.ReadWriteOnceWithFSTypeFSGroupPolicy), + string(storage.NoneFSGroupPolicy), + string(storage.FileFSGroupPolicy), + }, false), + }, }, }, }, diff --git a/kubernetes/resource_kubernetes_csi_driver_v1beta1_test.go b/kubernetes/resource_kubernetes_csi_driver_v1beta1_test.go index df882836c4..1429b8dbf5 100644 --- a/kubernetes/resource_kubernetes_csi_driver_v1beta1_test.go +++ b/kubernetes/resource_kubernetes_csi_driver_v1beta1_test.go @@ -37,6 +37,7 @@ func TestAccKubernetesCSIDriverV1Beta1_basic(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "spec.0.attach_required", "true"), resource.TestCheckResourceAttr(resourceName, "spec.0.pod_info_on_mount", "true"), resource.TestCheckResourceAttr(resourceName, "spec.0.volume_lifecycle_modes.0", "Ephemeral"), + resource.TestCheckResourceAttr(resourceName, "spec.0.fs_group_policy", "File"), ), }, { @@ -107,6 +108,7 @@ func testAccKubernetesCSIDriverBasicV1Beta1Config(name string, attached bool) st attach_required = %[2]t pod_info_on_mount = %[2]t volume_lifecycle_modes = ["Ephemeral"] + fs_group_policy = "File" } } `, name, attached) diff --git a/kubernetes/structure_csi_driver.go b/kubernetes/structure_csi_driver.go index 85698928f4..e5a0bc5dcc 100644 --- a/kubernetes/structure_csi_driver.go +++ b/kubernetes/structure_csi_driver.go @@ -28,6 +28,10 @@ func expandCSIDriverSpec(l []interface{}) storage.CSIDriverSpec { obj.VolumeLifecycleModes = expandCSIDriverVolumeLifecycleModes(v) } + if v, ok := in["fs_group_policy"].(string); ok && v != "" { + obj.FSGroupPolicy = ptr.To(storage.FSGroupPolicy(v)) + } + return obj } @@ -52,6 +56,10 @@ func flattenCSIDriverSpec(in storage.CSIDriverSpec) []interface{} { att["volume_lifecycle_modes"] = in.VolumeLifecycleModes } + if in.FSGroupPolicy != nil { + att["fs_group_policy"] = in.FSGroupPolicy + } + return []interface{}{att} } @@ -78,5 +86,12 @@ func patchCSIDriverSpec(keyPrefix, pathPrefix string, d *schema.ResourceData) *P }) } + if d.HasChange(keyPrefix + "fs_group_policy") { + ops = append(ops, &ReplaceOperation{ + Path: pathPrefix + "/fsGroupPolicy", + Value: d.Get(keyPrefix + "fs_group_policy").(string), + }) + } + return &ops } diff --git a/kubernetes/structure_csi_driver_v1.go b/kubernetes/structure_csi_driver_v1.go index 1c27f2fe79..c21e9e0272 100644 --- a/kubernetes/structure_csi_driver_v1.go +++ b/kubernetes/structure_csi_driver_v1.go @@ -28,6 +28,10 @@ func expandCSIDriverV1Spec(l []interface{}) storage.CSIDriverSpec { obj.VolumeLifecycleModes = expandCSIDriverV1VolumeLifecycleModes(v) } + if v, ok := in["fs_group_policy"].(string); ok && v != "" { + obj.FSGroupPolicy = ptr.To(storage.FSGroupPolicy(v)) + } + return obj } @@ -52,6 +56,10 @@ func flattenCSIDriverV1Spec(in storage.CSIDriverSpec) []interface{} { att["volume_lifecycle_modes"] = in.VolumeLifecycleModes } + if in.FSGroupPolicy != nil { + att["fs_group_policy"] = in.FSGroupPolicy + } + return []interface{}{att} } @@ -78,5 +86,12 @@ func patchCSIDriverV1Spec(keyPrefix, pathPrefix string, d *schema.ResourceData) }) } + if d.HasChange(keyPrefix + "fs_group_policy") { + ops = append(ops, &ReplaceOperation{ + Path: pathPrefix + "/fsGroupPolicy", + Value: d.Get(keyPrefix + "fs_group_policy").(string), + }) + } + return &ops } From 26ef5c8fddffeabe66a8ae4fa3c69bdadbad8f05 Mon Sep 17 00:00:00 2001 From: sharon-raphael Date: Tue, 1 Jul 2025 16:38:34 +0530 Subject: [PATCH 2/2] Added changelog --- .changelog/2752.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/2752.txt diff --git a/.changelog/2752.txt b/.changelog/2752.txt new file mode 100644 index 0000000000..c8e1cf8fbf --- /dev/null +++ b/.changelog/2752.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +Add `fs_group_policy` field for `kubernetes_csi_driver` +``` \ No newline at end of file