feat: support volume mount group

Author: andyzhangx

pkg/blob/blob.go

@@ -168,6 +168,7 @@ type DriverOptions struct {
 	EnableAznfsMount                       bool
 	VolStatsCacheExpireInMinutes           int
 	SasTokenExpirationMinutes              int
+	EnableVolumeMountGroup                 bool
 }
 
 func (option *DriverOptions) AddFlags() {
@@ -185,6 +186,7 @@ func (option *DriverOptions) AddFlags() {
 	flag.BoolVar(&option.EnableAznfsMount, "enable-aznfs-mount", false, "replace nfs mount with aznfs mount")
 	flag.IntVar(&option.VolStatsCacheExpireInMinutes, "vol-stats-cache-expire-in-minutes", 10, "The cache expire time in minutes for volume stats cache")
 	flag.IntVar(&option.SasTokenExpirationMinutes, "sas-token-expiration-minutes", 1440, "sas token expiration minutes during volume cloning")
+	flag.BoolVar(&option.EnableVolumeMountGroup, "enable-volume-mount-group", true, "indicates whether enabling VOLUME_MOUNT_GROUP")
 }
 
 // Driver implements all interfaces of CSI drivers
@@ -204,6 +206,7 @@ type Driver struct {
 	blobfuseProxyConnTimout                int
 	mountPermissions                       uint64
 	enableAznfsMount                       bool
+	enableVolumeMountGroup                 bool
 	mounter                                *mount.SafeFormatAndMount
 	volLockMap                             *util.LockMap
 	// A map storing all volumes with ongoing operations so that additional operations
@@ -239,6 +242,7 @@ func NewDriver(options *DriverOptions, kubeClient kubernetes.Interface, cloud *p
 		blobfuseProxyConnTimout:                options.BlobfuseProxyConnTimout,
 		enableBlobMockMount:                    options.EnableBlobMockMount,
 		enableGetVolumeStats:                   options.EnableGetVolumeStats,
+		enableVolumeMountGroup:                 options.EnableVolumeMountGroup,
 		appendMountErrorHelpLink:               options.AppendMountErrorHelpLink,
 		mountPermissions:                       options.MountPermissions,
 		enableAznfsMount:                       options.EnableAznfsMount,
@@ -297,6 +301,9 @@ func NewDriver(options *DriverOptions, kubeClient kubernetes.Interface, cloud *p
 	if d.enableGetVolumeStats {
 		nodeCap = append(nodeCap, csi.NodeServiceCapability_RPC_GET_VOLUME_STATS)
 	}
+	if d.enableVolumeMountGroup {
+		nodeCap = append(nodeCap, csi.NodeServiceCapability_RPC_VOLUME_MOUNT_GROUP)
+	}
 	d.AddNodeServiceCapabilities(nodeCap)
 
 	return &d

pkg/blob/nodeserver.go

@@ -237,6 +237,7 @@ func (d *Driver) NodeStageVolume(ctx context.Context, req *csi.NodeStageVolumeRe
 	defer d.volumeLocks.Release(lockKey)
 
 	mountFlags := req.GetVolumeCapability().GetMount().GetMountFlags()
+	volumeMountGroup := req.GetVolumeCapability().GetMount().GetVolumeMountGroup()
 	attrib := req.GetVolumeContext()
 	secrets := req.GetSecrets()
 
@@ -361,6 +362,11 @@ func (d *Driver) NodeStageVolume(ctx context.Context, req *csi.NodeStageVolumeRe
 	if isHnsEnabled {
 		mountOptions = util.JoinMountOptions(mountOptions, []string{"--use-adls=true"})
 	}
+
+	if !checkGidPresentInMountFlags(mountFlags) && volumeMountGroup != "" {
+		mountOptions = append(mountOptions, fmt.Sprintf("gid=%s", volumeMountGroup))
+	}
+
 	tmpPath := fmt.Sprintf("%s/%s", "/mnt", volumeID)
 	if d.appendTimeStampInCacheDir {
 		tmpPath += fmt.Sprintf("#%d", time.Now().Unix())
@@ -372,8 +378,8 @@ func (d *Driver) NodeStageVolume(ctx context.Context, req *csi.NodeStageVolumeRe
 		args = args + " " + opt
 	}
 
-	klog.V(2).Infof("target %v\nprotocol %v\n\nvolumeId %v\ncontext %v\nmountflags %v\nmountOptions %v\nargs %v\nserverAddress %v",
-		targetPath, protocol, volumeID, attrib, mountFlags, mountOptions, args, serverAddress)
+	klog.V(2).Infof("target %v\nprotocol %v\n\nvolumeId %v\ncontext %v\nmountflags %v mountOptions %v volumeMountGroup %s\nargs %v\nserverAddress %v",
+		targetPath, protocol, volumeID, attrib, mountFlags, mountOptions, volumeMountGroup, args, serverAddress)
 
 	authEnv = append(authEnv, "AZURE_STORAGE_ACCOUNT="+accountName, "AZURE_STORAGE_BLOB_ENDPOINT="+serverAddress)
 	if d.enableBlobMockMount {
@@ -653,3 +659,12 @@ func waitForMount(path string, intervel, timeout time.Duration) error {
 		}
 	}
 }
+
+func checkGidPresentInMountFlags(mountFlags []string) bool {
+	for _, mountFlag := range mountFlags {
+		if strings.HasPrefix(mountFlag, "gid") {
+			return true
+		}
+	}
+	return false
+}

pkg/blob/nodeserver_test.go

@@ -812,3 +812,29 @@ func Test_waitForMount(t *testing.T) {
 		})
 	}
 }
+
+func TestCheckGidPresentInMountFlags(t *testing.T) {
+	tests := []struct {
+		desc       string
+		MountFlags []string
+		result     bool
+	}{
+		{
+			desc:       "[Success] Gid present in mount flags",
+			MountFlags: []string{"gid=3000"},
+			result:     true,
+		},
+		{
+			desc:       "[Success] Gid not present in mount flags",
+			MountFlags: []string{},
+			result:     false,
+		},
+	}
+
+	for _, test := range tests {
+		gIDPresent := checkGidPresentInMountFlags(test.MountFlags)
+		if gIDPresent != test.result {
+			t.Errorf("[%s]: Expected result : %t, Actual result: %t", test.desc, test.result, gIDPresent)
+		}
+	}
+}