ceph-csi/internal/cephfs/util.go

/*
Copyright 2018 The Ceph-CSI Authors.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package cephfs

import (
	"bytes"
	"context"
	"encoding/json"
	"fmt"
	"os"
	"os/exec"

	"github.com/ceph/ceph-csi/internal/util"

	"github.com/container-storage-interface/spec/lib/go/csi"
	"google.golang.org/grpc/codes"
	"google.golang.org/grpc/status"
	klog "k8s.io/klog/v2"
)

type volumeID string

func execCommand(ctx context.Context, program string, args ...string) (stdout, stderr []byte, err error) {
	var (
		cmd           = exec.Command(program, args...) // nolint: gosec, #nosec
		sanitizedArgs = util.StripSecretInArgs(args)
		stdoutBuf     bytes.Buffer
		stderrBuf     bytes.Buffer
	)

	cmd.Stdout = &stdoutBuf
	cmd.Stderr = &stderrBuf

	klog.V(4).Infof(util.Log(ctx, "cephfs: EXEC %s %s"), program, sanitizedArgs)

	if err := cmd.Run(); err != nil {
		if cmd.Process == nil {
			return nil, nil, fmt.Errorf("cannot get process pid while running %s %v: %v: %s",
				program, sanitizedArgs, err, stderrBuf.Bytes())
		}
		return nil, nil, fmt.Errorf("an error occurred while running (%d) %s %v: %v: %s",
			cmd.Process.Pid, program, sanitizedArgs, err, stderrBuf.Bytes())
	}

	return stdoutBuf.Bytes(), stderrBuf.Bytes(), nil
}

func execCommandErr(ctx context.Context, program string, args ...string) error {
	_, _, err := execCommand(ctx, program, args...)
	return err
}

//nolint: unparam
func execCommandJSON(ctx context.Context, v interface{}, program string, args ...string) error {
	stdout, _, err := execCommand(ctx, program, args...)
	if err != nil {
		return err
	}

	if err = json.Unmarshal(stdout, v); err != nil {
		return fmt.Errorf("failed to unmarshal JSON for %s %v: %s: %v", program, util.StripSecretInArgs(args), stdout, err)
	}

	return nil
}

func pathExists(p string) bool {
	_, err := os.Stat(p)
	return err == nil
}

// Controller service request validation
func (cs *ControllerServer) validateCreateVolumeRequest(req *csi.CreateVolumeRequest) error {
	if err := cs.Driver.ValidateControllerServiceRequest(csi.ControllerServiceCapability_RPC_CREATE_DELETE_VOLUME); err != nil {
		return fmt.Errorf("invalid CreateVolumeRequest: %v", err)
	}

	if req.GetName() == "" {
		return status.Error(codes.InvalidArgument, "volume Name cannot be empty")
	}

	reqCaps := req.GetVolumeCapabilities()
	if reqCaps == nil {
		return status.Error(codes.InvalidArgument, "volume Capabilities cannot be empty")
	}

	for _, cap := range reqCaps {
		if cap.GetBlock() != nil {
			return status.Error(codes.Unimplemented, "block volume not supported")
		}
	}

	return nil
}

func (cs *ControllerServer) validateDeleteVolumeRequest() error {
	if err := cs.Driver.ValidateControllerServiceRequest(csi.ControllerServiceCapability_RPC_CREATE_DELETE_VOLUME); err != nil {
		return fmt.Errorf("invalid DeleteVolumeRequest: %v", err)
	}

	return nil
}

// Controller expand volume request validation
func (cs *ControllerServer) validateExpandVolumeRequest(req *csi.ControllerExpandVolumeRequest) error {
	if err := cs.Driver.ValidateControllerServiceRequest(csi.ControllerServiceCapability_RPC_EXPAND_VOLUME); err != nil {
		return fmt.Errorf("invalid ExpandVolumeRequest: %v", err)
	}

	if req.GetVolumeId() == "" {
		return status.Error(codes.InvalidArgument, "Volume ID cannot be empty")
	}

	capRange := req.GetCapacityRange()
	if capRange == nil {
		return status.Error(codes.InvalidArgument, "CapacityRange cannot be empty")
	}

	return nil
}
WIP cephfs CSI plugin 2018-03-05 11:59:47 +00:00			`/*`
Replaces the references to the Kubernete Authors with the Ceph-CSI authors 2019-04-03 08:46:15 +00:00			`Copyright 2018 The Ceph-CSI Authors.`
WIP cephfs CSI plugin 2018-03-05 11:59:47 +00:00
			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`

			`http://www.apache.org/licenses/LICENSE-2.0`

			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
			`*/`

			`package cephfs`

			`import (`
cephfs/volume: create/delete-volume idempotency checks 2019-02-26 10:06:16 +00:00			`"bytes"`
switch to cephfs, utils, and csicommon to new loging system Signed-off-by: Daniel-Pivonka <dpivonka@redhat.com> 2019-08-22 17:19:06 +00:00			`"context"`
updated cephfs/util 2018-04-13 12:34:48 +00:00			`"encoding/json"`
cephfs/nodeserver: read credentials from Secret 2018-03-20 15:14:14 +00:00			`"fmt"`
Backward compatibility for deleting and mounting old volumes Signed-off-by: Poornima G <pgurusid@redhat.com> 2019-07-10 10:50:04 +00:00			`"os"`
WIP cephfs CSI plugin 2018-03-05 11:59:47 +00:00			`"os/exec"`

cleanup: move pkg/ to internal/ The internal/ directory in Go has a special meaning, and indicates that those packages are not meant for external consumption. Ceph-CSI does provide public APIs for other projects to consume. There is no plan to keep the API of the internally used packages stable. Closes: #903 Signed-off-by: Niels de Vos <ndevos@redhat.com> 2020-04-17 09:23:49 +00:00			`"github.com/ceph/ceph-csi/internal/util"`
Fix goimports issue in CI Fix below error in current codebase File is not `goimports`-ed with -local github.com/ceph/ceph-csi Signed-off-by: Madhu Rajanna <madhupr007@gmail.com> 2020-04-15 03:38:16 +00:00
			`"github.com/container-storage-interface/spec/lib/go/csi"`
WIP cephfs CSI plugin 2018-03-05 11:59:47 +00:00			`"google.golang.org/grpc/codes"`
			`"google.golang.org/grpc/status"`
rebase: update k8s.io/klog to v2.3.0 Update klog version to v2.3.0 Signed-off-by: Yug <yuggupta27@gmail.com> 2020-07-09 05:14:10 +00:00			`klog "k8s.io/klog/v2"`
WIP cephfs CSI plugin 2018-03-05 11:59:47 +00:00			`)`

cephfs: CSI 0.3.0; NodeStageVolume/NodeUnstageVolume; refactoring 2018-07-28 08:24:07 +00:00			`type volumeID string`

switch to cephfs, utils, and csicommon to new loging system Signed-off-by: Daniel-Pivonka <dpivonka@redhat.com> 2019-08-22 17:19:06 +00:00			`func execCommand(ctx context.Context, program string, args ...string) (stdout, stderr []byte, err error) {`
cephfs/volume: create/delete-volume idempotency checks 2019-02-26 10:06:16 +00:00			`var (`
Address security concerns reported by 'gosec' gosec reports several issues, none of them looks very critical. With this change the following concerns have been addressed: [pkg/cephfs/nodeserver.go:229] - G302: Expect file permissions to be 0600 or less (Confidence: HIGH, Severity: MEDIUM) > os.Chmod(targetPath, 0777) [pkg/cephfs/util.go:39] - G204: Subprocess launched with variable (Confidence: HIGH, Severity: MEDIUM) > exec.Command(program, args...) [pkg/rbd/nodeserver.go:156] - G302: Expect file permissions to be 0600 or less (Confidence: HIGH, Severity: MEDIUM) > os.Chmod(stagingTargetPath, 0777) [pkg/rbd/nodeserver.go:205] - G302: Expect file permissions to be 0600 or less (Confidence: HIGH, Severity: MEDIUM) > os.OpenFile(mountPath, os.O_CREATE\|os.O_RDWR, 0750) [pkg/rbd/rbd_util.go:797] - G304: Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM) > ioutil.ReadFile(fPath) [pkg/util/cephcmds.go:35] - G204: Subprocess launched with variable (Confidence: HIGH, Severity: MEDIUM) > exec.Command(program, args...) [pkg/util/credentials.go:47] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW) > os.Remove(tmpfile.Name()) [pkg/util/credentials.go:92] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW) > os.Remove(cr.KeyFile) [pkg/util/pidlimit.go:74] - G304: Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM) > os.Open(pidsMax) URL: https://github.com/securego/gosec Signed-off-by: Niels de Vos <ndevos@redhat.com> 2019-08-30 10:23:10 +00:00			`cmd = exec.Command(program, args...) // nolint: gosec, #nosec`
cephfs/volume: create/delete-volume idempotency checks 2019-02-26 10:06:16 +00:00			`sanitizedArgs = util.StripSecretInArgs(args)`
			`stdoutBuf bytes.Buffer`
			`stderrBuf bytes.Buffer`
			`)`
cephfs exec: read stdout and stderr separately 2019-02-14 10:39:07 +00:00
cephfs/volume: create/delete-volume idempotency checks 2019-02-26 10:06:16 +00:00			`cmd.Stdout = &stdoutBuf`
			`cmd.Stderr = &stderrBuf`
updated cephfs/util 2018-04-13 12:34:48 +00:00
switch to cephfs, utils, and csicommon to new loging system Signed-off-by: Daniel-Pivonka <dpivonka@redhat.com> 2019-08-22 17:19:06 +00:00			`klog.V(4).Infof(util.Log(ctx, "cephfs: EXEC %s %s"), program, sanitizedArgs)`
updated cephfs/util 2018-04-13 12:34:48 +00:00
cephfs/volume: create/delete-volume idempotency checks 2019-02-26 10:06:16 +00:00			`if err := cmd.Run(); err != nil {`
Add nil check for process Signed-off-by: Madhu Rajanna <madhupr007@gmail.com> 2019-07-03 03:53:11 +00:00			`if cmd.Process == nil {`
			`return nil, nil, fmt.Errorf("cannot get process pid while running %s %v: %v: %s",`
			`program, sanitizedArgs, err, stderrBuf.Bytes())`
			`}`
cephfs/volume: create/delete-volume idempotency checks 2019-02-26 10:06:16 +00:00			`return nil, nil, fmt.Errorf("an error occurred while running (%d) %s %v: %v: %s",`
			`cmd.Process.Pid, program, sanitizedArgs, err, stderrBuf.Bytes())`
updated cephfs/util 2018-04-13 12:34:48 +00:00			`}`

cephfs/volume: create/delete-volume idempotency checks 2019-02-26 10:06:16 +00:00			`return stdoutBuf.Bytes(), stderrBuf.Bytes(), nil`
WIP cephfs CSI plugin 2018-03-05 11:59:47 +00:00			`}`

switch to cephfs, utils, and csicommon to new loging system Signed-off-by: Daniel-Pivonka <dpivonka@redhat.com> 2019-08-22 17:19:06 +00:00			`func execCommandErr(ctx context.Context, program string, args ...string) error {`
			`_, _, err := execCommand(ctx, program, args...)`
skip redundant error check correct misspelled word Signed-off-by: Madhu Rajanna <mrajanna@redhat.com> 2019-02-18 11:46:59 +00:00			`return err`
cephfs exec: read stdout and stderr separately 2019-02-14 10:39:07 +00:00			`}`

Make CephFS plugin stateless reusing RADOS based journal scheme This is a part of the stateless set of commits for CephCSI. This commit removes the dependency on config maps to store cephFS provisioned volumes, and instead relies on RADOS based objects and keys, and required CSI VolumeID encoding to detect the provisioned volumes. Changes: - Provide backward compatibility to provisioned volumes by older plugin versions (1.0.0 or older) - Remove Create/Delete support for statically provisioned volumes (fixes #382) - Added namespace support to RADOS OMaps and used the same to store RADOS CSI objects and keys in the CephFS metadata pool - Added support to mention fsname for CephFS provisioning (fixes #359) - Changed field name in CSI Identifier to 'location', to denote a pool or fscid - Updated mounter cache to use new scheme - Required Helm manifests are updated - Required documentation and other manifests are updated - Made driver option 'metadatastorage' as optional, as fresh installs do not need to specify the same Testing done: - Create/Mount/Delete PVC - Create/Delete 5 PVCs - Mount version 1.0.0 PVC - Delete version 1.0.0 PV - Mount Statically defined PV/PVC/Pod - Mount Statically defined version 1.0.0 PV/PVC/Pod - Delete Statically defined version 1.0.0 PV/PVC/Pod - Node restart when mounted to test mountcache - Use InstanceID other than 'default' - RBD basic round of tests, as namespace is added to OMaps - csitest against ceph-fs plugin - NOTE: CephFS plugin still does not detect and address already created volumes but of a different size - Test not providing any value to the metadata storage parameter Signed-off-by: ShyamsundarR <srangana@redhat.com> 2019-05-28 19:03:18 +00:00			`//nolint: unparam`
switch to cephfs, utils, and csicommon to new loging system Signed-off-by: Daniel-Pivonka <dpivonka@redhat.com> 2019-08-22 17:19:06 +00:00			`func execCommandJSON(ctx context.Context, v interface{}, program string, args ...string) error {`
			`stdout, _, err := execCommand(ctx, program, args...)`
cephfs exec: read stdout and stderr separately 2019-02-14 10:39:07 +00:00			`if err != nil {`
updated cephfs/util 2018-04-13 12:34:48 +00:00			`return err`
			`}`
cephfs: code cleaning 2018-03-26 13:00:28 +00:00
cephfs exec: read stdout and stderr separately 2019-02-14 10:39:07 +00:00			`if err = json.Unmarshal(stdout, v); err != nil {`
remove secret and key from logging Signed-off-by: Madhu Rajanna <madhupr007@gmail.com> 2019-02-21 11:35:24 +00:00			`return fmt.Errorf("failed to unmarshal JSON for %s %v: %s: %v", program, util.StripSecretInArgs(args), stdout, err)`
updated cephfs/util 2018-04-13 12:34:48 +00:00			`}`
cephfs: code cleaning 2018-03-26 13:00:28 +00:00
cephfs exec: read stdout and stderr separately 2019-02-14 10:39:07 +00:00			`return nil`
			`}`

Backward compatibility for deleting and mounting old volumes Signed-off-by: Poornima G <pgurusid@redhat.com> 2019-07-10 10:50:04 +00:00			`func pathExists(p string) bool {`
			`_, err := os.Stat(p)`
			`return err == nil`
			`}`

cephfs: CSI 0.3.0; NodeStageVolume/NodeUnstageVolume; refactoring 2018-07-28 08:24:07 +00:00			`// Controller service request validation`
Fix golint issue pkg/rbd/rbd.go:67:65:warning: exported func NewNodeServer returns unexported type *rbd.nodeServer, which can be annoying to use (golint) Signed-off-by: Madhu Rajanna <mrajanna@redhat.com> 2019-01-17 07:51:06 +00:00			`func (cs ControllerServer) validateCreateVolumeRequest(req csi.CreateVolumeRequest) error {`
cephfs: CSI 0.3.0; NodeStageVolume/NodeUnstageVolume; refactoring 2018-07-28 08:24:07 +00:00			`if err := cs.Driver.ValidateControllerServiceRequest(csi.ControllerServiceCapability_RPC_CREATE_DELETE_VOLUME); err != nil {`
			`return fmt.Errorf("invalid CreateVolumeRequest: %v", err)`
			`}`

			`if req.GetName() == "" {`
Fix error string as per golang standard Error string should not be capatalized https://github.com/golang/go/wiki/CodeReviewComments#error-strings Signed-off-by: Madhu Rajanna <madhupr007@gmail.com> 2019-05-13 04:47:17 +00:00			`return status.Error(codes.InvalidArgument, "volume Name cannot be empty")`
cephfs: CSI 0.3.0; NodeStageVolume/NodeUnstageVolume; refactoring 2018-07-28 08:24:07 +00:00			`}`

reject block volume creation in cephfs Signed-off-by: Madhu Rajanna <mrajanna@redhat.com> 2019-01-16 12:47:14 +00:00			`reqCaps := req.GetVolumeCapabilities()`
			`if reqCaps == nil {`
Fix error string as per golang standard Error string should not be capatalized https://github.com/golang/go/wiki/CodeReviewComments#error-strings Signed-off-by: Madhu Rajanna <madhupr007@gmail.com> 2019-05-13 04:47:17 +00:00			`return status.Error(codes.InvalidArgument, "volume Capabilities cannot be empty")`
cephfs: CSI 0.3.0; NodeStageVolume/NodeUnstageVolume; refactoring 2018-07-28 08:24:07 +00:00			`}`

reject block volume creation in cephfs Signed-off-by: Madhu Rajanna <mrajanna@redhat.com> 2019-01-16 12:47:14 +00:00			`for _, cap := range reqCaps {`
			`if cap.GetBlock() != nil {`
			`return status.Error(codes.Unimplemented, "block volume not supported")`
			`}`
			`}`

cephfs: CSI 0.3.0; NodeStageVolume/NodeUnstageVolume; refactoring 2018-07-28 08:24:07 +00:00			`return nil`
			`}`

Fix unparam issues Signed-off-by: Madhu Rajanna <mrajanna@redhat.com> 2019-01-17 07:59:29 +00:00			`func (cs *ControllerServer) validateDeleteVolumeRequest() error {`
cephfs: CSI 0.3.0; NodeStageVolume/NodeUnstageVolume; refactoring 2018-07-28 08:24:07 +00:00			`if err := cs.Driver.ValidateControllerServiceRequest(csi.ControllerServiceCapability_RPC_CREATE_DELETE_VOLUME); err != nil {`
			`return fmt.Errorf("invalid DeleteVolumeRequest: %v", err)`
			`}`

			`return nil`
			`}`
Resize CephFS Volumes This feature enables CephFS Volume expansion on demand based on the CO resizer request. Signed-off-by: Humble Chirammal <hchiramm@redhat.com> 2019-10-07 06:41:33 +00:00
			`// Controller expand volume request validation`
			`func (cs ControllerServer) validateExpandVolumeRequest(req csi.ControllerExpandVolumeRequest) error {`
			`if err := cs.Driver.ValidateControllerServiceRequest(csi.ControllerServiceCapability_RPC_EXPAND_VOLUME); err != nil {`
			`return fmt.Errorf("invalid ExpandVolumeRequest: %v", err)`
			`}`

			`if req.GetVolumeId() == "" {`
			`return status.Error(codes.InvalidArgument, "Volume ID cannot be empty")`
			`}`

			`capRange := req.GetCapacityRange()`
			`if capRange == nil {`
			`return status.Error(codes.InvalidArgument, "CapacityRange cannot be empty")`
			`}`

			`return nil`
			`}`