feat: skip chmod if mountPermissions is 0

andyzhangx · andyzhangx · commit 90cc83fdbdcd · 2022-05-04T08:53:21.000Z
fix
diff --git a/docs/driver-parameters.md b/docs/driver-parameters.md
@@ -8,7 +8,7 @@ Name | Meaning | Example Value | Mandatory | Default value
 --- | --- | --- | --- | ---
 server | NFS Server address | domain name `nfs-server.default.svc.cluster.local` <br>or IP address `127.0.0.1` | Yes |
 share | NFS share path | `/` | Yes |
-mountPermissions | mounted folder permissions. The default is `0777` |  | No |
+mountPermissions | mounted folder permissions. The default is `0777`, if set as `0`, driver will not perform `chmod` after mount |  | No |
 
 ### PV/PVC usage (static provisioning)
 > [`PersistentVolume` example](../deploy/example/pv-nfs-csi.yaml)
diff --git a/pkg/nfs/nodeserver.go b/pkg/nfs/nodeserver.go
@@ -58,6 +58,7 @@ func (ns *NodeServer) NodePublishVolume(ctx context.Context, req *csi.NodePublis
 
 	var server, baseDir string
 	mountPermissions := ns.Driver.mountPermissions
+	performChmodOp := (mountPermissions > 0)
 	for k, v := range req.GetVolumeContext() {
 		switch strings.ToLower(k) {
 		case paramServer:
@@ -71,9 +72,15 @@ func (ns *NodeServer) NodePublishVolume(ctx context.Context, req *csi.NodePublis
 		case mountPermissionsField:
 			if v != "" {
 				var err error
-				if mountPermissions, err = strconv.ParseUint(v, 8, 32); err != nil {
+				var perm uint64
+				if perm, err = strconv.ParseUint(v, 8, 32); err != nil {
 					return nil, status.Errorf(codes.InvalidArgument, fmt.Sprintf("invalid mountPermissions %s", v))
 				}
+				if perm == 0 {
+					performChmodOp = false
+				} else {
+					mountPermissions = perm
+				}
 			}
 		}
 	}
@@ -114,8 +121,12 @@ func (ns *NodeServer) NodePublishVolume(ctx context.Context, req *csi.NodePublis
 	}
 
 	klog.V(2).Infof("volumeID(%v): mount targetPath(%s) with permissions(0%o)", volumeID, targetPath, mountPermissions)
-	if err := os.Chmod(targetPath, os.FileMode(mountPermissions)); err != nil {
-		return nil, status.Error(codes.Internal, err.Error())
+	if performChmodOp {
+		if err := os.Chmod(targetPath, os.FileMode(mountPermissions)); err != nil {
+			return nil, status.Error(codes.Internal, err.Error())
+		}
+	} else {
+		klog.V(2).Infof("skip chmod on targetPath(%s) since mountPermissions is set as 0", targetPath)
 	}
 	return &csi.NodePublishVolumeResponse{}, nil
 }
diff --git a/pkg/nfs/nodeserver_test.go b/pkg/nfs/nodeserver_test.go
@@ -47,6 +47,11 @@ func TestNodePublishVolume(t *testing.T) {
 		"share":               "share",
 		mountPermissionsField: "0755",
 	}
+	paramsWithZeroPermissions := map[string]string{
+		"server":              "server",
+		"share":               "share",
+		mountPermissionsField: "0",
+	}
 
 	invalidParams := map[string]string{
 		"server":              "server",
@@ -121,6 +126,16 @@ func TestNodePublishVolume(t *testing.T) {
 				Readonly:         true},
 			expectedErr: nil,
 		},
+		{
+			desc: "[Success] Valid request with 0 mountPermissions",
+			req: csi.NodePublishVolumeRequest{
+				VolumeContext:    paramsWithZeroPermissions,
+				VolumeCapability: &csi.VolumeCapability{AccessMode: &volumeCap},
+				VolumeId:         "vol_1",
+				TargetPath:       targetTest,
+				Readonly:         true},
+			expectedErr: nil,
+		},
 		{
 			desc: "[Error] invalid mountPermissions",
 			req: csi.NodePublishVolumeRequest{
diff --git a/test/e2e/dynamic_provisioning_test.go b/test/e2e/dynamic_provisioning_test.go
@@ -70,7 +70,29 @@ var _ = ginkgo.Describe("Dynamic Provisioning", func() {
 			Pods:                   pods,
 			StorageClassParameters: defaultStorageClassParameters,
 		}
+		test.Run(cs, ns)
+	})
 
+	ginkgo.It("should create a volume on demand with zero mountPermissions [nfs.csi.k8s.io]", func() {
+		pods := []testsuites.PodDetails{
+			{
+				Cmd: "echo 'hello world' > /mnt/test-1/data && grep 'hello world' /mnt/test-1/data",
+				Volumes: []testsuites.VolumeDetails{
+					{
+						ClaimSize: "10Gi",
+						VolumeMount: testsuites.VolumeMountDetails{
+							NameGenerate:      "test-volume-",
+							MountPathGenerate: "/mnt/test-",
+						},
+					},
+				},
+			},
+		}
+		test := testsuites.DynamicallyProvisionedCmdVolumeTest{
+			CSIDriver:              testDriver,
+			Pods:                   pods,
+			StorageClassParameters: storageClassParametersWithZeroMountPermisssions,
+		}
 		test.Run(cs, ns)
 	})
 
diff --git a/test/e2e/e2e_suite_test.go b/test/e2e/e2e_suite_test.go
@@ -52,6 +52,13 @@ var (
 		"csi.storage.k8s.io/provisioner-secret-namespace": "default",
 		"mountPermissions": "0755",
 	}
+	storageClassParametersWithZeroMountPermisssions = map[string]string{
+		"server": nfsServerAddress,
+		"share":  nfsShare,
+		"csi.storage.k8s.io/provisioner-secret-name":      "mount-options",
+		"csi.storage.k8s.io/provisioner-secret-namespace": "default",
+		"mountPermissions": "0",
+	}
 	controllerServer *nfs.ControllerServer
 )
 

Original file line number	Diff line number	Diff line change
`@@ -58,6 +58,7 @@ func (ns NodeServer) NodePublishVolume(ctx context.Context, req csi.NodePublis`
`58`	`58`
`59`	`59`	`var server, baseDir string`
`60`	`60`	`mountPermissions := ns.Driver.mountPermissions`
	`61`	`+ performChmodOp := (mountPermissions > 0)`
`61`	`62`	`for k, v := range req.GetVolumeContext() {`
`62`	`63`	`switch strings.ToLower(k) {`
`63`	`64`	`case paramServer:`
`@@ -71,9 +72,15 @@ func (ns NodeServer) NodePublishVolume(ctx context.Context, req csi.NodePublis`
`71`	`72`	`case mountPermissionsField:`
`72`	`73`	`if v != "" {`
`73`	`74`	`var err error`
`74`		`- if mountPermissions, err = strconv.ParseUint(v, 8, 32); err != nil {`
	`75`	`+ var perm uint64`
	`76`	`+ if perm, err = strconv.ParseUint(v, 8, 32); err != nil {`
`75`	`77`	`return nil, status.Errorf(codes.InvalidArgument, fmt.Sprintf("invalid mountPermissions %s", v))`
`76`	`78`	`}`
	`79`	`+ if perm == 0 {`
	`80`	`+ performChmodOp = false`
	`81`	`+ } else {`
	`82`	`+ mountPermissions = perm`
	`83`	`+ }`
`77`	`84`	`}`
`78`	`85`	`}`
`79`	`86`	`}`
`@@ -114,8 +121,12 @@ func (ns NodeServer) NodePublishVolume(ctx context.Context, req csi.NodePublis`
`114`	`121`	`}`
`115`	`122`
`116`	`123`	`klog.V(2).Infof("volumeID(%v): mount targetPath(%s) with permissions(0%o)", volumeID, targetPath, mountPermissions)`
`117`		`- if err := os.Chmod(targetPath, os.FileMode(mountPermissions)); err != nil {`
`118`		`- return nil, status.Error(codes.Internal, err.Error())`
	`124`	`+ if performChmodOp {`
	`125`	`+ if err := os.Chmod(targetPath, os.FileMode(mountPermissions)); err != nil {`
	`126`	`+ return nil, status.Error(codes.Internal, err.Error())`
	`127`	`+ }`
	`128`	`+ } else {`
	`129`	`+ klog.V(2).Infof("skip chmod on targetPath(%s) since mountPermissions is set as 0", targetPath)`
`119`	`130`	`}`
`120`	`131`	`return &csi.NodePublishVolumeResponse{}, nil`
`121`	`132`	`}`
Original file line number	Diff line number	Diff line change
`@@ -52,6 +52,13 @@ var (`
`52`	`52`	`"csi.storage.k8s.io/provisioner-secret-namespace": "default",`
`53`	`53`	`"mountPermissions": "0755",`
`54`	`54`	`}`
	`55`	`+ storageClassParametersWithZeroMountPermisssions = map[string]string{`
	`56`	`+ "server": nfsServerAddress,`
	`57`	`+ "share": nfsShare,`
	`58`	`+ "csi.storage.k8s.io/provisioner-secret-name": "mount-options",`
	`59`	`+ "csi.storage.k8s.io/provisioner-secret-namespace": "default",`
	`60`	`+ "mountPermissions": "0",`
	`61`	`+ }`
`55`	`62`	`controllerServer *nfs.ControllerServer`
`56`	`63`	`)`
`57`	`64`