fix uts

AlbeeSo · AlbeeSo · commit 6ef4e9ce7bd2 · 2025-08-04T16:50:21.000+08:00
diff --git a/pkg/mounter/oss/ossfs2_test.go b/pkg/mounter/oss/ossfs2_test.go
@@ -232,9 +232,9 @@ func TestMakeAuthConfig_ossfs2(t *testing.T) {
 			wantCfg: &utils.AuthConfig{
 				AuthType: "",
 				Secrets: map[string]string{
-					utils.GetPasswdFileName(OssFs2Type) + "/" + KeyAccessKeyId:     "ak-id",
-					utils.GetPasswdFileName(OssFs2Type) + "/" + KeyAccessKeySecret: "ak-secret",
-					utils.GetPasswdFileName(OssFs2Type) + "/" + KeySecurityToken:   "security-token",
+					KeyAccessKeyId:     "ak-id",
+					KeyAccessKeySecret: "ak-secret",
+					KeySecurityToken:   "security-token",
 				},
 			},
 			wantErr: false,
diff --git a/pkg/mounter/oss/ossfs_test.go b/pkg/mounter/oss/ossfs_test.go
@@ -353,10 +353,10 @@ func TestMakeAuthConfig_ossfs(t *testing.T) {
 			expectedConfig: &utils.AuthConfig{
 				AuthType: "",
 				Secrets: map[string]string{
-					utils.GetPasswdFileName(OssFsType) + "/" + KeyAccessKeyId:     "ak-id",
-					utils.GetPasswdFileName(OssFsType) + "/" + KeyAccessKeySecret: "ak-secret",
-					utils.GetPasswdFileName(OssFsType) + "/" + KeySecurityToken:   "security-token",
-					utils.GetPasswdFileName(OssFsType) + "/" + KeyExpiration:      "expiration",
+					KeyAccessKeyId:     "ak-id",
+					KeyAccessKeySecret: "ak-secret",
+					KeySecurityToken:   "security-token",
+					KeyExpiration:      "expiration",
 				},
 			},
 			expectedError: nil,
diff --git a/pkg/mounter/proxy/server/ossfs/driver.go b/pkg/mounter/proxy/server/ossfs/driver.go
@@ -6,10 +6,12 @@ import (
 	"fmt"
 	"os"
 	"os/exec"
+	"path/filepath"
 	"sync"
 	"syscall"
 	"time"
 
+	"github.com/kubernetes-sigs/alibaba-cloud-csi-driver/pkg/mounter/oss"
 	"github.com/kubernetes-sigs/alibaba-cloud-csi-driver/pkg/mounter/proxy"
 	"github.com/kubernetes-sigs/alibaba-cloud-csi-driver/pkg/mounter/proxy/server"
 	"github.com/kubernetes-sigs/alibaba-cloud-csi-driver/pkg/mounter/utils"
@@ -141,9 +143,18 @@ func (h *Driver) Mount(ctx context.Context, req *proxy.MountRequest) error {
 }
 
 func (h *Driver) RotateToken(ctx context.Context, req *proxy.RotateTokenRequest) error {
+	// no need to rotate if there is no token in request
+	if req.Secrets == nil {
+		return nil
+	}
+	if token := req.Secrets[oss.KeySecurityToken]; token == "" {
+		return nil
+	}
+
 	// prepare passwd file
 	hashDir := utils.GetPasswdHashDir(req.Target)
-	rotated, err := rotateTokenFiles(hashDir, req.Secrets)
+	tokenDir := filepath.Join(hashDir, utils.GetPasswdFileName("ossfs"))
+	rotated, err := rotateTokenFiles(tokenDir, req.Secrets)
 	if err != nil {
 		return fmt.Errorf("rotate token files failed: %w", err)
 	}
diff --git a/pkg/mounter/proxy/server/ossfs/utils.go b/pkg/mounter/proxy/server/ossfs/utils.go
@@ -12,11 +12,8 @@ import (
 )
 
 // rotateTokenFiles rotates (or initializes) token files
+// This function assumes that token rotation is required when executed
 func rotateTokenFiles(dir string, secrets map[string]string) (rotated bool, err error) {
-	if secrets == nil {
-		return false, nil
-	}
-	// token
 	var fileUpdate bool
 	tokenKey := []string{oss.KeyAccessKeyId, oss.KeyAccessKeySecret, oss.KeySecurityToken, oss.KeyExpiration}
 	for _, key := range tokenKey {
diff --git a/pkg/mounter/proxy/server/ossfs/utils_test.go b/pkg/mounter/proxy/server/ossfs/utils_test.go
@@ -8,6 +8,7 @@ import (
 	"github.com/kubernetes-sigs/alibaba-cloud-csi-driver/pkg/mounter/oss"
 	"github.com/kubernetes-sigs/alibaba-cloud-csi-driver/pkg/mounter/utils"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 	"k8s.io/klog/v2"
 )
 
@@ -52,60 +53,73 @@ func TestPrepareCredentialFiles(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-
-			file, dir, options, err := prepareCredentialFiles("/tmp/token-files", tt.secrets)
+			hash := utils.ComputeMountPathHash("/mnt/target1")
+			file, dir, options, err := prepareCredentialFiles("/mnt/target1", tt.secrets)
 			assert.Equal(t, tt.wantErr, err != nil)
 			assert.Equal(t, tt.wantFile, file != "")
 			assert.Equal(t, tt.wantDir, dir != "")
 			assert.Equal(t, tt.wantOpts, len(options) != 0)
-			err = os.RemoveAll("/tmp/token-files")
-			klog.ErrorS(err, "Remove token directory", "dir", "/tmp/token-files")
+			err = os.RemoveAll("/tmp/" + hash)
+			if err != nil {
+				klog.ErrorS(err, "Remove token directory", "dir", "/tmp/"+hash)
+			}
 		})
 	}
 
 }
 
 func TestRotateTokenFiles(t *testing.T) {
+	mountPath := "/mnt/target2"
+	hash := utils.ComputeMountPathHash(mountPath)
+	hashDir := filepath.Join("/tmp", hash)
+	err := os.MkdirAll(hashDir, 0o644)
+	require.NoError(t, err)
+
 	// case 1: initialize fiexd AKSK
 	secrets := map[string]string{OssfsPasswdFile: "testPasswd"}
-	rotated, err := rotateTokenFiles("/tmp/token-files", secrets)
+	rotated, err := rotateTokenFiles(hashDir, secrets)
+	assert.Error(t, err)
 	assert.Equal(t, false, rotated)
-	assert.NoError(t, err)
+
 	// case 2: initialize token
 	secrets = map[string]string{
 		oss.KeyAccessKeyId:     "testAKID",
 		oss.KeyAccessKeySecret: "testAKSecret",
 		oss.KeyExpiration:      "testExpiration",
 		oss.KeySecurityToken:   "testSecurityToken",
 	}
-	rotated, err = rotateTokenFiles("/tmp/token-files", secrets)
-	assert.Equal(t, true, rotated)
+	rotated, err = rotateTokenFiles(hashDir, secrets)
 	assert.NoError(t, err)
-	ak, _ := os.ReadFile(filepath.Join("/tmp/token-files", oss.KeyAccessKeyId))
+	assert.Equal(t, true, rotated)
+	ak, _ := os.ReadFile(filepath.Join(hashDir, oss.KeyAccessKeyId))
 	assert.Equal(t, "testAKID", string(ak))
-	sk, _ := os.ReadFile(filepath.Join("/tmp/token-files", oss.KeyAccessKeySecret))
+	sk, _ := os.ReadFile(filepath.Join(hashDir, oss.KeyAccessKeySecret))
 	assert.Equal(t, "testAKSecret", string(sk))
-	exp, _ := os.ReadFile(filepath.Join("/tmp/token-files", oss.KeyExpiration))
+	exp, _ := os.ReadFile(filepath.Join(hashDir, oss.KeyExpiration))
 	assert.Equal(t, "testExpiration", string(exp))
-	st, _ := os.ReadFile(filepath.Join("/tmp/token-files", oss.KeySecurityToken))
+	st, _ := os.ReadFile(filepath.Join(hashDir, oss.KeySecurityToken))
 	assert.Equal(t, "testSecurityToken", string(st))
+
 	// case 3: rotate token
 	secrets = map[string]string{
 		oss.KeyAccessKeyId:     "newAKID",
 		oss.KeyAccessKeySecret: "newAKSecret",
 		oss.KeyExpiration:      "newExpiration",
 		oss.KeySecurityToken:   "newSecurityToken",
 	}
-	rotated, err = rotateTokenFiles("/tmp/token-files", secrets)
-	assert.Equal(t, true, rotated)
+	rotated, err = rotateTokenFiles(hashDir, secrets)
 	assert.NoError(t, err)
-	ak, _ = os.ReadFile(filepath.Join("/tmp/token-files", oss.KeyAccessKeyId))
+	assert.Equal(t, true, rotated)
+	ak, _ = os.ReadFile(filepath.Join(hashDir, oss.KeyAccessKeyId))
 	assert.Equal(t, "newAKID", string(ak))
-	sk, _ = os.ReadFile(filepath.Join("/tmp/token-files", oss.KeyAccessKeySecret))
+	sk, _ = os.ReadFile(filepath.Join(hashDir, oss.KeyAccessKeySecret))
 	assert.Equal(t, "newAKSecret", string(sk))
-	exp, _ = os.ReadFile(filepath.Join("/tmp/token-files", oss.KeyExpiration))
+	exp, _ = os.ReadFile(filepath.Join(hashDir, oss.KeyExpiration))
 	assert.Equal(t, "newExpiration", string(exp))
-	st, _ = os.ReadFile(filepath.Join("/tmp/token-files", oss.KeySecurityToken))
+	st, _ = os.ReadFile(filepath.Join(hashDir, oss.KeySecurityToken))
 	assert.Equal(t, "newSecurityToken", string(st))
-	os.RemoveAll("/tmp/token-files")
+	err = os.RemoveAll(hashDir)
+	if err != nil {
+		t.Errorf("removeall hashdir failed %v", err)
+	}
 }
diff --git a/pkg/mounter/proxy/server/ossfs2/driver.go b/pkg/mounter/proxy/server/ossfs2/driver.go
@@ -6,10 +6,12 @@ import (
 	"fmt"
 	"os"
 	"os/exec"
+	"path/filepath"
 	"sync"
 	"syscall"
 	"time"
 
+	"github.com/kubernetes-sigs/alibaba-cloud-csi-driver/pkg/mounter/oss"
 	"github.com/kubernetes-sigs/alibaba-cloud-csi-driver/pkg/mounter/proxy"
 	"github.com/kubernetes-sigs/alibaba-cloud-csi-driver/pkg/mounter/proxy/server"
 	"github.com/kubernetes-sigs/alibaba-cloud-csi-driver/pkg/mounter/utils"
@@ -148,9 +150,18 @@ func (h *Driver) Mount(ctx context.Context, req *proxy.MountRequest) error {
 }
 
 func (h *Driver) RotateToken(ctx context.Context, req *proxy.RotateTokenRequest) error {
+	// no need to rotate if there is no token in request
+	if req.Secrets == nil {
+		return nil
+	}
+	if token := req.Secrets[oss.KeySecurityToken]; token == "" {
+		return nil
+	}
+
 	// prepare passwd file
 	hashDir := utils.GetPasswdHashDir(req.Target)
-	rotated, err := rotateTokenFiles(hashDir, req.Secrets)
+	tokenDir := filepath.Join(hashDir, utils.GetPasswdFileName("ossfs2"))
+	rotated, err := rotateTokenFiles(tokenDir, req.Secrets)
 	if err != nil {
 		return fmt.Errorf("rotate token files failed: %w", err)
 	}
diff --git a/pkg/mounter/proxy/server/ossfs2/utils.go b/pkg/mounter/proxy/server/ossfs2/utils.go
@@ -12,11 +12,8 @@ import (
 )
 
 // rotateTokenFiles rotates (or initializes) token files
+// This function assumes that token rotation is required when executed
 func rotateTokenFiles(dir string, secrets map[string]string) (rotated bool, err error) {
-	if secrets == nil {
-		return false, nil
-	}
-	// tokem
 	var fileUpdate bool
 	tokenKey := []string{oss.KeyAccessKeyId, oss.KeyAccessKeySecret, oss.KeySecurityToken}
 	for _, key := range tokenKey {
diff --git a/pkg/mounter/proxy/server/ossfs2/utils_test.go b/pkg/mounter/proxy/server/ossfs2/utils_test.go
@@ -8,6 +8,7 @@ import (
 	"github.com/kubernetes-sigs/alibaba-cloud-csi-driver/pkg/mounter/oss"
 	"github.com/kubernetes-sigs/alibaba-cloud-csi-driver/pkg/mounter/utils"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 	"k8s.io/klog/v2"
 )
 
@@ -51,27 +52,33 @@ func TestPrepareCredentialFiles(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-
-			file, dir, options, err := prepareCredentialFiles("/tmp/token-files", tt.secrets)
+			hash := utils.ComputeMountPathHash("/mnt/target2")
+			file, dir, options, err := prepareCredentialFiles("/mnt/target2", tt.secrets)
 			assert.Equal(t, tt.wantErr, err != nil)
 			assert.Equal(t, tt.wantFile, file != "")
 			assert.Equal(t, tt.wantDir, dir != "")
 			assert.Equal(t, tt.wantOpts, len(options) != 0)
-			err = os.RemoveAll("/tmp/token-files")
-			klog.ErrorS(err, "Remove token directory", "dir", "/tmp/token-files")
+			err = os.RemoveAll("/tmp/" + hash)
+			if err != nil {
+				klog.ErrorS(err, "Remove token directory", "dir", "/tmp/"+hash)
+			}
 		})
 	}
 
 }
 
 func TestRotateTokenFiles(t *testing.T) {
+	mountPath := "/mnt/target2"
+	hash := utils.ComputeMountPathHash(mountPath)
+	hashDir := filepath.Join("/tmp", hash)
+	err := os.MkdirAll(hashDir, 0o644)
+	require.NoError(t, err)
+
 	// case 1: initialize fiexd AKSK
 	secrets := map[string]string{OssfsPasswdFile: "testPasswd"}
-	rotated, err := rotateTokenFiles("/tmp/token-files", secrets)
+	rotated, err := rotateTokenFiles(hashDir, secrets)
+	assert.Error(t, err)
 	assert.False(t, rotated)
-	assert.NoError(t, err)
-	err = os.RemoveAll("/tmp/token-files")
-	klog.ErrorS(err, "Remove token directory", "dir", "/tmp/token-files")
 
 	// case 2: initialize token
 	secrets = map[string]string{
@@ -80,17 +87,15 @@ func TestRotateTokenFiles(t *testing.T) {
 		oss.KeyExpiration:      "testExpiration",
 		oss.KeySecurityToken:   "testSecurityToken",
 	}
-	rotated, err = rotateTokenFiles("/tmp/token-files", secrets)
-	assert.True(t, rotated)
+	rotated, err = rotateTokenFiles(hashDir, secrets)
 	assert.NoError(t, err)
-	ak, _ := os.ReadFile(filepath.Join("/tmp/token-files", oss.KeyAccessKeyId))
+	assert.True(t, rotated)
+	ak, _ := os.ReadFile(filepath.Join(hashDir, oss.KeyAccessKeyId))
 	assert.Equal(t, "testAKID", string(ak))
-	sk, _ := os.ReadFile(filepath.Join("/tmp/token-files", oss.KeyAccessKeySecret))
+	sk, _ := os.ReadFile(filepath.Join(hashDir, oss.KeyAccessKeySecret))
 	assert.Equal(t, "testAKSecret", string(sk))
-	st, _ := os.ReadFile(filepath.Join("/tmp/token-files", oss.KeySecurityToken))
+	st, _ := os.ReadFile(filepath.Join(hashDir, oss.KeySecurityToken))
 	assert.Equal(t, "testSecurityToken", string(st))
-	err = os.RemoveAll("/tmp/token-files")
-	klog.ErrorS(err, "Remove token directory", "dir", "/tmp/token-files")
 
 	// case 3: rotate token
 	secrets = map[string]string{
@@ -99,15 +104,17 @@ func TestRotateTokenFiles(t *testing.T) {
 		oss.KeyExpiration:      "newExpiration",
 		oss.KeySecurityToken:   "newSecurityToken",
 	}
-	rotated, err = rotateTokenFiles("/tmp/token-files", secrets)
-	assert.True(t, rotated)
+	rotated, err = rotateTokenFiles(hashDir, secrets)
 	assert.NoError(t, err)
-	ak, _ = os.ReadFile(filepath.Join("/tmp/token-files", oss.KeyAccessKeyId))
+	assert.True(t, rotated)
+	ak, _ = os.ReadFile(filepath.Join(hashDir, oss.KeyAccessKeyId))
 	assert.Equal(t, "newAKID", string(ak))
-	sk, _ = os.ReadFile(filepath.Join("/tmp/token-files", oss.KeyAccessKeySecret))
+	sk, _ = os.ReadFile(filepath.Join(hashDir, oss.KeyAccessKeySecret))
 	assert.Equal(t, "newAKSecret", string(sk))
-	st, _ = os.ReadFile(filepath.Join("/tmp/token-files", oss.KeySecurityToken))
+	st, _ = os.ReadFile(filepath.Join(hashDir, oss.KeySecurityToken))
 	assert.Equal(t, "newSecurityToken", string(st))
-	os.RemoveAll("/tmp/token-files")
-	klog.ErrorS(err, "Remove token directory", "dir", "/tmp/token-files")
+	err = os.RemoveAll(hashDir)
+	if err != nil {
+		t.Errorf("removeall hashdir failed %v", err)
+	}
 }
diff --git a/pkg/oss/utils_test.go b/pkg/oss/utils_test.go
@@ -689,7 +689,6 @@ func Test_checkOssOptions(t *testing.T) {
 			},
 			errType: nil,
 		},
-		{},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

Original file line number	Diff line number	Diff line change
`@@ -689,7 +689,6 @@ func Test_checkOssOptions(t *testing.T) {`
`689`	`689`	`},`
`690`	`690`	`errType: nil,`
`691`	`691`	`},`
`692`		`- {},`
`693`	`692`	`}`
`694`	`693`	`for _, tt := range tests {`
`695`	`694`	`t.Run(tt.name, func(t *testing.T) {`