e2e: Add E2E for app readonly options

If the mount option is readonly in app
pod, the pod should not get the write
access to the mounted cephfs subvolume.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>

e2e/cephfs.go

@@ -2,8 +2,10 @@ package e2e
 
 import (
 	"fmt"
+	"strings"
 
 	. "github.com/onsi/ginkgo" // nolint
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	clientset "k8s.io/client-go/kubernetes"
 	"k8s.io/kubernetes/test/e2e/framework"
 	e2elog "k8s.io/kubernetes/test/e2e/framework/log"
@@ -308,6 +310,49 @@ var _ = Describe("cephfs", func() {
 
 				})
 
+				By("Mount pvc as readonly in pod", func() {
+					// create pvc and bind it to an app
+					pvc, err := loadPVC(pvcPath)
+					if err != nil {
+						Fail(err.Error())
+					}
+
+					pvc.Namespace = f.UniqueName
+
+					app, err := loadApp(appPath)
+					if err != nil {
+						Fail(err.Error())
+					}
+
+					app.Namespace = f.UniqueName
+					label := map[string]string{
+						"app": app.Name,
+					}
+					app.Labels = label
+					app.Spec.Volumes[0].PersistentVolumeClaim.ClaimName = pvc.Name
+					app.Spec.Volumes[0].PersistentVolumeClaim.ReadOnly = true
+					err = createPVCAndApp("", f, pvc, app, deployTimeout)
+					if err != nil {
+						Fail(err.Error())
+					}
+
+					opt := metav1.ListOptions{
+						LabelSelector: fmt.Sprintf("app=%s", app.Name),
+					}
+
+					filePath := app.Spec.Containers[0].VolumeMounts[0].MountPath + "/test"
+					_, stdErr := execCommandInPodAndAllowFail(f, fmt.Sprintf("echo 'Hello World' > %s", filePath), app.Namespace, &opt)
+					readOnlyErr := fmt.Sprintf("cannot create %s: Read-only file system", filePath)
+					if !strings.Contains(stdErr, readOnlyErr) {
+						Fail(stdErr)
+					}
+
+					// delete pvc and app
+					err = deletePVCAndApp("", f, pvc, app)
+					if err != nil {
+						Fail(err.Error())
+					}
+				})
 				// Make sure this should be last testcase in this file, because
 				// it deletes pool
 				By("Create a PVC and Delete PVC when backend pool deleted", func() {