e2e: add podsecuritycontext fsgroup for normal user validation

considering the pod has run as normal user, the fsgroup has also
set to the same.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
This commit is contained in:
Humble Chirammal 2022-01-24 11:59:14 +05:30 committed by mergify[bot]
parent bf4ba0ec84
commit 7ff048bf1e
2 changed files with 6 additions and 5 deletions

View File

@ -333,6 +333,7 @@ func validateNormalUserPVCAccess(pvcPath string, f *framework.Framework) error {
}, },
}, },
Spec: v1.PodSpec{ Spec: v1.PodSpec{
SecurityContext: &v1.PodSecurityContext{FSGroup: &user},
Containers: []v1.Container{ Containers: []v1.Container{
{ {
Name: "write-pod", Name: "write-pod",

View File

@ -420,7 +420,7 @@ func (ns *NodeServer) stageTransaction(
transaction.isStagePathCreated = true transaction.isStagePathCreated = true
// nodeStage Path // nodeStage Path
_, err = ns.mountVolumeToStagePath(ctx, req, staticVol, stagingTargetPath, devicePath) err = ns.mountVolumeToStagePath(ctx, req, staticVol, stagingTargetPath, devicePath)
if err != nil { if err != nil {
return transaction, err return transaction, err
} }
@ -678,7 +678,7 @@ func (ns *NodeServer) mountVolumeToStagePath(
ctx context.Context, ctx context.Context,
req *csi.NodeStageVolumeRequest, req *csi.NodeStageVolumeRequest,
staticVol bool, staticVol bool,
stagingPath, devicePath string) (bool, error) { stagingPath, devicePath string) error {
readOnly := false readOnly := false
fsType := req.GetVolumeCapability().GetMount().GetFsType() fsType := req.GetVolumeCapability().GetMount().GetFsType()
diskMounter := &mount.SafeFormatAndMount{Interface: ns.Mounter, Exec: utilexec.New()} diskMounter := &mount.SafeFormatAndMount{Interface: ns.Mounter, Exec: utilexec.New()}
@ -696,7 +696,7 @@ func (ns *NodeServer) mountVolumeToStagePath(
if err != nil { if err != nil {
log.ErrorLog(ctx, "failed to get disk format for path %s, error: %v", devicePath, err) log.ErrorLog(ctx, "failed to get disk format for path %s, error: %v", devicePath, err)
return readOnly, err return err
} }
opt := []string{"_netdev"} opt := []string{"_netdev"}
@ -736,7 +736,7 @@ func (ns *NodeServer) mountVolumeToStagePath(
if cmdErr != nil { if cmdErr != nil {
log.ErrorLog(ctx, "failed to run mkfs error: %v, output: %v", cmdErr, string(cmdOut)) log.ErrorLog(ctx, "failed to run mkfs error: %v, output: %v", cmdErr, string(cmdOut))
return readOnly, cmdErr return cmdErr
} }
} }
} }
@ -757,7 +757,7 @@ func (ns *NodeServer) mountVolumeToStagePath(
err) err)
} }
return readOnly, err return err
} }
func (ns *NodeServer) mountVolume(ctx context.Context, stagingPath string, req *csi.NodePublishVolumeRequest) error { func (ns *NodeServer) mountVolume(ctx context.Context, stagingPath string, req *csi.NodePublishVolumeRequest) error {