fix uts

AlbeeSo · AlbeeSo · commit 15ee07ccf27a · 2025-08-04T11:26:37.000+08:00
diff --git a/pkg/mounter/proxy/server/ossfs/driver.go b/pkg/mounter/proxy/server/ossfs/driver.go
@@ -10,6 +10,7 @@ import (
 	"syscall"
 	"time"
 
+	"github.com/kubernetes-sigs/alibaba-cloud-csi-driver/pkg/mounter/oss"
 	"github.com/kubernetes-sigs/alibaba-cloud-csi-driver/pkg/mounter/proxy"
 	"github.com/kubernetes-sigs/alibaba-cloud-csi-driver/pkg/mounter/proxy/server"
 	"github.com/kubernetes-sigs/alibaba-cloud-csi-driver/pkg/mounter/utils"
@@ -141,6 +142,14 @@ func (h *Driver) Mount(ctx context.Context, req *proxy.MountRequest) error {
 }
 
 func (h *Driver) RotateToken(ctx context.Context, req *proxy.RotateTokenRequest) error {
+	// no need to rotate if there is no token in request
+	if req.Secrets == nil {
+		return nil
+	}
+	if token := req.Secrets[oss.KeySecurityToken]; token == "" {
+		return nil
+	}
+
 	// prepare passwd file
 	hashDir := utils.GetPasswdHashDir(req.Target)
 	rotated, err := rotateTokenFiles(hashDir, req.Secrets)
diff --git a/pkg/mounter/proxy/server/ossfs/utils.go b/pkg/mounter/proxy/server/ossfs/utils.go
@@ -12,11 +12,8 @@ import (
 )
 
 // rotateTokenFiles rotates (or initializes) token files
+// This function assumes that token rotation is required when executed
 func rotateTokenFiles(dir string, secrets map[string]string) (rotated bool, err error) {
-	if secrets == nil {
-		return false, nil
-	}
-	// token
 	var fileUpdate bool
 	tokenKey := []string{oss.KeyAccessKeyId, oss.KeyAccessKeySecret, oss.KeySecurityToken, oss.KeyExpiration}
 	for _, key := range tokenKey {
diff --git a/pkg/mounter/proxy/server/ossfs/utils_test.go b/pkg/mounter/proxy/server/ossfs/utils_test.go
@@ -8,6 +8,7 @@ import (
 	"github.com/kubernetes-sigs/alibaba-cloud-csi-driver/pkg/mounter/oss"
 	"github.com/kubernetes-sigs/alibaba-cloud-csi-driver/pkg/mounter/utils"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 	"k8s.io/klog/v2"
 )
 
@@ -52,60 +53,73 @@ func TestPrepareCredentialFiles(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-
-			file, dir, options, err := prepareCredentialFiles("/tmp/token-files", tt.secrets)
+			hash := utils.ComputeMountPathHash("/mnt/target1")
+			file, dir, options, err := prepareCredentialFiles("/mnt/target1", tt.secrets)
 			assert.Equal(t, tt.wantErr, err != nil)
 			assert.Equal(t, tt.wantFile, file != "")
 			assert.Equal(t, tt.wantDir, dir != "")
 			assert.Equal(t, tt.wantOpts, len(options) != 0)
-			err = os.RemoveAll("/tmp/token-files")
-			klog.ErrorS(err, "Remove token directory", "dir", "/tmp/token-files")
+			err = os.RemoveAll("/tmp/" + hash)
+			if err != nil {
+				klog.ErrorS(err, "Remove token directory", "dir", "/tmp/"+hash)
+			}
 		})
 	}
 
 }
 
 func TestRotateTokenFiles(t *testing.T) {
+	mountPath := "/mnt/target2"
+	hash := utils.ComputeMountPathHash(mountPath)
+	hashDir := filepath.Join("/tmp", hash)
+	err := os.MkdirAll(hashDir, 0o644)
+	require.NoError(t, err)
+
 	// case 1: initialize fiexd AKSK
 	secrets := map[string]string{OssfsPasswdFile: "testPasswd"}
-	rotated, err := rotateTokenFiles("/tmp/token-files", secrets)
+	rotated, err := rotateTokenFiles(hashDir, secrets)
+	assert.Error(t, err)
 	assert.Equal(t, false, rotated)
-	assert.NoError(t, err)
+
 	// case 2: initialize token
 	secrets = map[string]string{
 		oss.KeyAccessKeyId:     "testAKID",
 		oss.KeyAccessKeySecret: "testAKSecret",
 		oss.KeyExpiration:      "testExpiration",
 		oss.KeySecurityToken:   "testSecurityToken",
 	}
-	rotated, err = rotateTokenFiles("/tmp/token-files", secrets)
-	assert.Equal(t, true, rotated)
+	rotated, err = rotateTokenFiles(hashDir, secrets)
 	assert.NoError(t, err)
-	ak, _ := os.ReadFile(filepath.Join("/tmp/token-files", oss.KeyAccessKeyId))
+	assert.Equal(t, true, rotated)
+	ak, _ := os.ReadFile(filepath.Join(hashDir, oss.KeyAccessKeyId))
 	assert.Equal(t, "testAKID", string(ak))
-	sk, _ := os.ReadFile(filepath.Join("/tmp/token-files", oss.KeyAccessKeySecret))
+	sk, _ := os.ReadFile(filepath.Join(hashDir, oss.KeyAccessKeySecret))
 	assert.Equal(t, "testAKSecret", string(sk))
-	exp, _ := os.ReadFile(filepath.Join("/tmp/token-files", oss.KeyExpiration))
+	exp, _ := os.ReadFile(filepath.Join(hashDir, oss.KeyExpiration))
 	assert.Equal(t, "testExpiration", string(exp))
-	st, _ := os.ReadFile(filepath.Join("/tmp/token-files", oss.KeySecurityToken))
+	st, _ := os.ReadFile(filepath.Join(hashDir, oss.KeySecurityToken))
 	assert.Equal(t, "testSecurityToken", string(st))
+
 	// case 3: rotate token
 	secrets = map[string]string{
 		oss.KeyAccessKeyId:     "newAKID",
 		oss.KeyAccessKeySecret: "newAKSecret",
 		oss.KeyExpiration:      "newExpiration",
 		oss.KeySecurityToken:   "newSecurityToken",
 	}
-	rotated, err = rotateTokenFiles("/tmp/token-files", secrets)
-	assert.Equal(t, true, rotated)
+	rotated, err = rotateTokenFiles(hashDir, secrets)
 	assert.NoError(t, err)
-	ak, _ = os.ReadFile(filepath.Join("/tmp/token-files", oss.KeyAccessKeyId))
+	assert.Equal(t, true, rotated)
+	ak, _ = os.ReadFile(filepath.Join(hashDir, oss.KeyAccessKeyId))
 	assert.Equal(t, "newAKID", string(ak))
-	sk, _ = os.ReadFile(filepath.Join("/tmp/token-files", oss.KeyAccessKeySecret))
+	sk, _ = os.ReadFile(filepath.Join(hashDir, oss.KeyAccessKeySecret))
 	assert.Equal(t, "newAKSecret", string(sk))
-	exp, _ = os.ReadFile(filepath.Join("/tmp/token-files", oss.KeyExpiration))
+	exp, _ = os.ReadFile(filepath.Join(hashDir, oss.KeyExpiration))
 	assert.Equal(t, "newExpiration", string(exp))
-	st, _ = os.ReadFile(filepath.Join("/tmp/token-files", oss.KeySecurityToken))
+	st, _ = os.ReadFile(filepath.Join(hashDir, oss.KeySecurityToken))
 	assert.Equal(t, "newSecurityToken", string(st))
-	os.RemoveAll("/tmp/token-files")
+	err = os.RemoveAll(hashDir)
+	if err != nil {
+		t.Errorf("removeall hashdir failed %v", err)
+	}
 }
diff --git a/pkg/mounter/proxy/server/ossfs2/driver.go b/pkg/mounter/proxy/server/ossfs2/driver.go
@@ -10,6 +10,7 @@ import (
 	"syscall"
 	"time"
 
+	"github.com/kubernetes-sigs/alibaba-cloud-csi-driver/pkg/mounter/oss"
 	"github.com/kubernetes-sigs/alibaba-cloud-csi-driver/pkg/mounter/proxy"
 	"github.com/kubernetes-sigs/alibaba-cloud-csi-driver/pkg/mounter/proxy/server"
 	"github.com/kubernetes-sigs/alibaba-cloud-csi-driver/pkg/mounter/utils"
@@ -148,6 +149,14 @@ func (h *Driver) Mount(ctx context.Context, req *proxy.MountRequest) error {
 }
 
 func (h *Driver) RotateToken(ctx context.Context, req *proxy.RotateTokenRequest) error {
+	// no need to rotate if there is no token in request
+	if req.Secrets == nil {
+		return nil
+	}
+	if token := req.Secrets[oss.KeySecurityToken]; token == "" {
+		return nil
+	}
+
 	// prepare passwd file
 	hashDir := utils.GetPasswdHashDir(req.Target)
 	rotated, err := rotateTokenFiles(hashDir, req.Secrets)
diff --git a/pkg/mounter/proxy/server/ossfs2/utils.go b/pkg/mounter/proxy/server/ossfs2/utils.go
@@ -12,11 +12,8 @@ import (
 )
 
 // rotateTokenFiles rotates (or initializes) token files
+// This function assumes that token rotation is required when executed
 func rotateTokenFiles(dir string, secrets map[string]string) (rotated bool, err error) {
-	if secrets == nil {
-		return false, nil
-	}
-	// tokem
 	var fileUpdate bool
 	tokenKey := []string{oss.KeyAccessKeyId, oss.KeyAccessKeySecret, oss.KeySecurityToken}
 	for _, key := range tokenKey {
diff --git a/pkg/mounter/proxy/server/ossfs2/utils_test.go b/pkg/mounter/proxy/server/ossfs2/utils_test.go
@@ -8,6 +8,7 @@ import (
 	"github.com/kubernetes-sigs/alibaba-cloud-csi-driver/pkg/mounter/oss"
 	"github.com/kubernetes-sigs/alibaba-cloud-csi-driver/pkg/mounter/utils"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 	"k8s.io/klog/v2"
 )
 
@@ -51,27 +52,33 @@ func TestPrepareCredentialFiles(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-
-			file, dir, options, err := prepareCredentialFiles("/tmp/token-files", tt.secrets)
+			hash := utils.ComputeMountPathHash("/mnt/target2")
+			file, dir, options, err := prepareCredentialFiles("/mnt/target2", tt.secrets)
 			assert.Equal(t, tt.wantErr, err != nil)
 			assert.Equal(t, tt.wantFile, file != "")
 			assert.Equal(t, tt.wantDir, dir != "")
 			assert.Equal(t, tt.wantOpts, len(options) != 0)
-			err = os.RemoveAll("/tmp/token-files")
-			klog.ErrorS(err, "Remove token directory", "dir", "/tmp/token-files")
+			err = os.RemoveAll("/tmp/" + hash)
+			if err != nil {
+				klog.ErrorS(err, "Remove token directory", "dir", "/tmp/"+hash)
+			}
 		})
 	}
 
 }
 
 func TestRotateTokenFiles(t *testing.T) {
+	mountPath := "/mnt/target2"
+	hash := utils.ComputeMountPathHash(mountPath)
+	hashDir := filepath.Join("/tmp", hash)
+	err := os.MkdirAll(hashDir, 0o644)
+	require.NoError(t, err)
+
 	// case 1: initialize fiexd AKSK
 	secrets := map[string]string{OssfsPasswdFile: "testPasswd"}
-	rotated, err := rotateTokenFiles("/tmp/token-files", secrets)
+	rotated, err := rotateTokenFiles(hashDir, secrets)
+	assert.Error(t, err)
 	assert.False(t, rotated)
-	assert.NoError(t, err)
-	err = os.RemoveAll("/tmp/token-files")
-	klog.ErrorS(err, "Remove token directory", "dir", "/tmp/token-files")
 
 	// case 2: initialize token
 	secrets = map[string]string{
@@ -80,17 +87,15 @@ func TestRotateTokenFiles(t *testing.T) {
 		oss.KeyExpiration:      "testExpiration",
 		oss.KeySecurityToken:   "testSecurityToken",
 	}
-	rotated, err = rotateTokenFiles("/tmp/token-files", secrets)
-	assert.True(t, rotated)
+	rotated, err = rotateTokenFiles(hashDir, secrets)
 	assert.NoError(t, err)
-	ak, _ := os.ReadFile(filepath.Join("/tmp/token-files", oss.KeyAccessKeyId))
+	assert.True(t, rotated)
+	ak, _ := os.ReadFile(filepath.Join(hashDir, oss.KeyAccessKeyId))
 	assert.Equal(t, "testAKID", string(ak))
-	sk, _ := os.ReadFile(filepath.Join("/tmp/token-files", oss.KeyAccessKeySecret))
+	sk, _ := os.ReadFile(filepath.Join(hashDir, oss.KeyAccessKeySecret))
 	assert.Equal(t, "testAKSecret", string(sk))
-	st, _ := os.ReadFile(filepath.Join("/tmp/token-files", oss.KeySecurityToken))
+	st, _ := os.ReadFile(filepath.Join(hashDir, oss.KeySecurityToken))
 	assert.Equal(t, "testSecurityToken", string(st))
-	err = os.RemoveAll("/tmp/token-files")
-	klog.ErrorS(err, "Remove token directory", "dir", "/tmp/token-files")
 
 	// case 3: rotate token
 	secrets = map[string]string{
@@ -99,15 +104,17 @@ func TestRotateTokenFiles(t *testing.T) {
 		oss.KeyExpiration:      "newExpiration",
 		oss.KeySecurityToken:   "newSecurityToken",
 	}
-	rotated, err = rotateTokenFiles("/tmp/token-files", secrets)
-	assert.True(t, rotated)
+	rotated, err = rotateTokenFiles(hashDir, secrets)
 	assert.NoError(t, err)
-	ak, _ = os.ReadFile(filepath.Join("/tmp/token-files", oss.KeyAccessKeyId))
+	assert.True(t, rotated)
+	ak, _ = os.ReadFile(filepath.Join(hashDir, oss.KeyAccessKeyId))
 	assert.Equal(t, "newAKID", string(ak))
-	sk, _ = os.ReadFile(filepath.Join("/tmp/token-files", oss.KeyAccessKeySecret))
+	sk, _ = os.ReadFile(filepath.Join(hashDir, oss.KeyAccessKeySecret))
 	assert.Equal(t, "newAKSecret", string(sk))
-	st, _ = os.ReadFile(filepath.Join("/tmp/token-files", oss.KeySecurityToken))
+	st, _ = os.ReadFile(filepath.Join(hashDir, oss.KeySecurityToken))
 	assert.Equal(t, "newSecurityToken", string(st))
-	os.RemoveAll("/tmp/token-files")
-	klog.ErrorS(err, "Remove token directory", "dir", "/tmp/token-files")
+	err = os.RemoveAll(hashDir)
+	if err != nil {
+		t.Errorf("removeall hashdir failed %v", err)
+	}
 }
